In WordPress, a nonce (Number used Once) is a unique cryptographic token used to verify that a request was sent intentionally by an authorized user. Nonces are crucial for preventing Cross-Site Request Forgery (CSRF) attacks, where an attacker might trick a site administrator into clicking a malicious link that performs an action (like deleting a post) without their knowledge. WP nonces aren't strictly used "once," but they do expire, providing a secure window of verification for forms and AJAX requests.
Glossary entry