Avoid to be easily the target of the HTTPS BREACH vulnerability.
You can (and i encourage you to do it) define 2 constant in wp-config.php file :
BBA_REPEATER : used by this plugin to add a new secret srting in each nonces (e number used once to create a secure token and avoid CSRF flaws), default is 2, min is 1, no max, just change it.
BBA_NONCE_LENGTH : From 4 to 32 with 10 for default value, you can modify the length the each nonces in WordPress, the longer, the better
Also, WordPress includes a "nonce_life" filter hook. Its default value is 4 hours (DAY_IN_SECONDS), i suggest you to low this value, like 12 hours or 6 hours (HOUR_IN_SECONDS /2 or /4)