When creating a WordPress theme or plugin, AJAX is often used in order to enhance the user experience. In order to ensure security and protect your site against several types of attacks including CSRF, WordPress provides security tokens called nonces. In this article, I’ll show you how to use nonces to protect AJAX requests on a WordPress site.
What Are WordPress Nonces?
According to the codex, a nonce is a "number used once" to help protect URLs and forms from certain types of misuse, malicious or otherwise.