check_admin_referer

Home » Hooks » check_admin_referer

The check_admin_referer hook in WordPress is used to verify that a nonce (number used once) passed with the request is valid and was generated by the current user. Nonces are used as a security measure to protect against unauthorized actions, such as forged requests or CSRF (Cross-Site Request Forgery) attacks.

This hook is commonly used in WordPress backend functions to ensure that the action being performed is legitimate and authorized by the user. If the nonce check fails, the action will not be executed.

Example Usage:

if ( isset( $_POST['_wpnonce'] ) && wp_verify_nonce( $_POST['_wpnonce'], 'my_action' ) ) {
    // Nonce is valid, proceed with the action
    // Your code here
} else {
    // Nonce is invalid, display an error message or take appropriate action
    echo 'Invalid nonce detected.';
}

Learn More on WordPress.org

WordPress snippets using the check_admin_referer hook

Register an account to save your snippets or go Pro to get more features.