diff --git a/inc/class-wp-revisions-control-bulk-actions.php b/inc/class-wp-revisions-control-bulk-actions.php
index bad9890936faf267f0e815ac6fd77fbfaf84f970..14402e61c019535681d73f6efb1fc156523256d2 100644
--- a/inc/class-wp-revisions-control-bulk-actions.php
+++ b/inc/class-wp-revisions-control-bulk-actions.php
@@ -81,8 +81,15 @@ class WP_Revisions_Control_Bulk_Actions {
 	protected function register_actions() {
 		$actions = array();
 
-		$actions[ $this->action_base . 'purge_excess' ] = __( 'Purge excess revisions', 'wp_revisions_control' );
-		$actions[ $this->action_base . 'purge_all' ]    = __( 'Purge ALL revisions', 'wp_revisions_control' );
+		$actions[ $this->action_base . 'purge_excess' ] = __(
+			'Purge excess revisions',
+			'wp_revisions_control'
+		);
+
+		$actions[ $this->action_base . 'purge_all' ] = __(
+			'Purge ALL revisions',
+			'wp_revisions_control'
+		);
 
 		$this->actions = $actions;
 	}
@@ -104,9 +111,11 @@ class WP_Revisions_Control_Bulk_Actions {
 		}
 
 		$post_type_caps = get_post_type_object( $screen->post_type )->cap;
-		$user_can       = current_user_can( $post_type_caps->edit_posts ) &&
-						current_user_can( $post_type_caps->edit_published_posts ) &&
-						current_user_can( $post_type_caps->edit_others_posts );
+		$user_can       = (
+			current_user_can( $post_type_caps->edit_posts ) &&
+			current_user_can( $post_type_caps->edit_published_posts ) &&
+			current_user_can( $post_type_caps->edit_others_posts )
+		);
 		$user_can       = apply_filters(
 			'wp_revisions_control_current_user_can_bulk_actions',
 			$user_can,
@@ -144,6 +153,7 @@ class WP_Revisions_Control_Bulk_Actions {
 	protected function get_message_query_args() {
 		$args   = array_keys( $this->actions );
 		$args[] = $this->action_base . 'missing';
+		$args[] = $this->action_base . 'nonce';
 
 		return $args;
 	}
@@ -184,13 +194,17 @@ class WP_Revisions_Control_Bulk_Actions {
 				$response[ $action ] = 1;
 				break;
 
+			case 'nonce':
+				break;
+
 			default:
 				$response[ $this->action_base . 'missing' ] = 1;
 				break;
 		}
 
 		if ( is_array( $response ) ) {
-			$redirect_to = add_query_arg( $response, $redirect_to );
+			$response[ $this->action_base . 'nonce' ] = wp_create_nonce( $this->action_base );
+			$redirect_to                              = add_query_arg( $response, $redirect_to );
 		}
 
 		return $redirect_to;
@@ -202,8 +216,10 @@ class WP_Revisions_Control_Bulk_Actions {
 	 * @param array $ids Object IDs.
 	 */
 	protected function purge_all( $ids ) {
+		$plugin = WP_Revisions_Control::get_instance();
+
 		foreach ( $ids as $id ) {
-			WP_Revisions_Control::get_instance()->do_purge_all( $id );
+			$plugin->do_purge_all( $id );
 		}
 	}
 
@@ -213,8 +229,10 @@ class WP_Revisions_Control_Bulk_Actions {
 	 * @param array $ids Object IDs.
 	 */
 	protected function purge_excess( $ids ) {
+		$plugin = WP_Revisions_Control::get_instance();
+
 		foreach ( $ids as $id ) {
-			WP_Revisions_Control::get_instance()->do_purge_excess( $id );
+			$plugin->do_purge_excess( $id );
 		}
 	}
 
@@ -224,8 +242,16 @@ class WP_Revisions_Control_Bulk_Actions {
 	public function admin_notices() {
 		$message = null;
 
+		$nonce_key = $this->action_base . 'nonce';
+
+		if (
+			! isset( $_GET[ $nonce_key ] ) ||
+			! wp_verify_nonce( sanitize_text_field( $_GET[ $nonce_key ] ), $this->action_base )
+		) {
+			return;
+		}
+
 		foreach ( $this->get_message_query_args() as $arg ) {
-			// phpcs:ignore WordPress.Security.NonceVerification.NoNonceVerification
 			if ( isset( $_GET[ $arg ] ) && 1 === (int) $_GET[ $arg ] ) {
 				$message = $arg;
 				break;
@@ -253,6 +279,9 @@ class WP_Revisions_Control_Bulk_Actions {
 				);
 				break;
 
+			case 'nonce':
+				break;
+
 			default:
 			case 'missing':
 				$message = __(
@@ -263,6 +292,10 @@ class WP_Revisions_Control_Bulk_Actions {
 				break;
 		}
 
+		if ( ! isset( $message, $type ) ) {
+			return;
+		}
+
 		?>
 		<div class="notice is-dismissible <?php echo esc_attr( $type ); ?>">
 			<p><?php echo esc_html( $message ); ?></p>
diff --git a/languages/wp-revisions-control.pot b/languages/wp-revisions-control.pot
index 2fa55dc83dd9a45a3c1ede9250fb136d745546f2..8ecb67b5cb5041e470515a6a561bfc5a54a317ec 100644
--- a/languages/wp-revisions-control.pot
+++ b/languages/wp-revisions-control.pot
@@ -5,7 +5,7 @@ msgstr ""
 "Project-Id-Version: WP Revisions Control 1.3\n"
 "Report-Msgid-Bugs-To: "
 "https://wordpress.org/support/plugin/wp-revisions-control\n"
-"POT-Creation-Date: 2019-05-26 23:14:32+00:00\n"
+"POT-Creation-Date: 2019-05-26 23:37:00+00:00\n"
 "MIME-Version: 1.0\n"
 "Content-Type: text/plain; charset=utf-8\n"
 "Content-Transfer-Encoding: 8bit\n"
@@ -29,19 +29,19 @@ msgstr ""
 msgid "Purge excess revisions"
 msgstr ""
 
-#: inc/class-wp-revisions-control-bulk-actions.php:85
+#: inc/class-wp-revisions-control-bulk-actions.php:89
 msgid "Purge ALL revisions"
 msgstr ""
 
-#: inc/class-wp-revisions-control-bulk-actions.php:243
+#: inc/class-wp-revisions-control-bulk-actions.php:269
 msgid "Purged all revisions."
 msgstr ""
 
-#: inc/class-wp-revisions-control-bulk-actions.php:250
+#: inc/class-wp-revisions-control-bulk-actions.php:276
 msgid "Purged excess revisions."
 msgstr ""
 
-#: inc/class-wp-revisions-control-bulk-actions.php:258
+#: inc/class-wp-revisions-control-bulk-actions.php:287
 msgid "WP Revisions Control encountered an unspecified error."
 msgstr ""