Support » Developing with WordPress » Strange or normal nonce behaviour?

  • Resolved Guido



    My contactform can list form submissions and therefore I use a nonce.

    When I inspect the source code of my contactpage I notice the nonce is added twice; before the page-content and on the expected location (where I added it in my form). Is this normal behaviour of a nonce?

    It now throws a duplicate ID error when I validate the page via HTML 5 checker.


    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Moderator bcworkz


    Hiya Guido!

    I would expect VSCF to already use its own nonce to verify the form data source, so you shouldn’t need to explicitly add your own nonce field for that purpose. If you need it for other purposes, use a different field ID/name and a different seed string to generate the nonce. Similar for the form handling code, VSCF should verify its nonce, you shouldn’t need to unless you’ve replaced the normal VSCF form handler.

    To be clear, I’m only speculating, I’ve no experience with the VSCF plugin. To be certain, you should inquire at the VSCF dedicated support forum.



    Hi BC!

    I’m the developer of the VSCF plugin… 😉

    Have added the nonce in my plugin because it can store form submissions in the database. And I want to do this safely, that’s why I’ve added the nonce.

    But if you inspect the source code of the webpage I’ve added you will notice the nonce is generated twice. Strange… or not?



    The problem is in this line. By default wp_nonce_field() echoes the fields, so when you assign it’s return to $nonce you’re also echoing it.

    $nonce = wp_nonce_field( 'vscf_nonce_action', 'vscf_nonce' );
    $nonce = wp_nonce_field( 'vscf_nonce_action', 'vscf_nonce', true, false );
    and it will probably just echo the fields in line #339, like you’ve planned 🙂



    Hi Felipe,

    Yes indeed, that does the trick 🙂 Thanks. Resolved.


Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.