When I enter url :
http://www.example.com/wp-login.php?action=logout
it asks if you want to log out or not ?
why does it happen where I am not logged in as a admin?
If I run this url on any website like
http://www.example.com/wp-login.php?action=logout
The admin of that site comes to know that somebody logged out, when I just used this url, without admin username and password.
2 Answers
This happens because of a missing nonce parameter in the URL.
Every WordPress action, including login/logout, validates the nonce first, to make sure the request comes from a known source.