Enable Nonce
HTML Forms has an optional Enable Nonce setting to add the WordPress nonce field to each of your forms. The WordPress nonce provides an extra security and anti-spam layer to your forms. The nonce field helps HTML Forms confirm that a form submission is coming from your site. This is a simple way to add extra security to your form without relying on third-party solutions like hCaptcha or Google reCAPTCHA on your site.
To turn the nonce on, go to the HTML Forms settings screen and select the “Yes” option on the Enable Nonce setting. Save your settings, and the nonce field will automatically appear and be checked on all the forms you’ve created with the plugin. Select the “No” option to immediately remove the nonce field and nonce check from your forms.
Enabling Nonce on Cached Websites
A word of warning: the nonce field might conflict with your site’s caching plugins or third-party implementations. Many caching solutions have a cache lifetime beyond the expiration time of the WordPress nonce. When this happens, form submissions can become inconsistent.
By default, the value of the Enable Nonce setting is “No” to help prevent these issues. If you do not use caching on your site, you can freely enable the nonce. If you do have caching enabled on your website, check with the caching solution’s settings to determine whether the caching will conflict with the nonce and prevent your forms from submitting reliably.
Related Posts from Our Knowledge Base
Creating your first form with the HTML Forms WordPress plugin is quick and simple. You’ll be up and running in seconds.
HTML Forms Premium adds an action to let you connect your form data to an external service using a webhook. This feature helps unlock the base plugin in an incredible number of ways. You can send data from your visitors to third-party applications or your own internal software tools. How to Create a Webhook Action […]
