I want to increase the nonce lifespan from the default 12-24h, to 36-48h.
I found the following code in the codex, but don’t know where to put it.
add_filter( 'nonce_life', function () { return 172800; } );
can i put this line in the functions.php to change the nonce lifespan sitewide?
Is there an easy way to check the sitewide default lifespan of nonces?
Are there any security issues with increasing the nonce lifetime by 24h?
1 Answer
-
Yes
-
Not really, but you can verify your change by login to admin and go to your profile. Wait 18 hours and try to submit. It should fail.
-
The longer the nonce expiration time is the longer an attacker might be able to trick you into performing unintended operation (but there is actually very slim chance for that unless you have an http site and like to use it in public wifi/networks, but then nonce is not your biggest problem).
