A true security nonce is one time use only, that is it is deleted once checked.
WordPress creates a nonce that will remain valid for 12-24 hours (at least 12 hours, can be up to 24 hours) by default. While this means they can be used an unlimited amount of times within that valid period, which is a security weakness, they are tied to the logged in user ID so protect against attacks where the action is user_id based.
USEFUL?
We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.