diff --git a/includes/class-paybutton-admin.php b/includes/class-paybutton-admin.php
index 965b750..60a180a 100644
--- a/includes/class-paybutton-admin.php
+++ b/includes/class-paybutton-admin.php
@@ -301,9 +301,13 @@ public function customers_page() {
         if ( ! current_user_can( 'manage_options' ) ) {
             return;
         }
-        if ( isset( $_GET['paybutton_customers_nonce'] ) &&
-             ! wp_verify_nonce( $_GET['paybutton_customers_nonce'], 'paybutton_customers_sort' ) ) {
-            wp_die( 'Security check failed' );
+        // Only require nonce when sorting is requested
+        if ( isset( $_GET['orderby'] ) ) {
+            if ( ! isset( $_GET['paybutton_customers_nonce'] )
+            || ! wp_verify_nonce( sanitize_text_field(wp_unslash( $_GET['paybutton_customers_nonce'] )), 'paybutton_customers_sort' )
+            ) {
+                wp_die( 'Security check failed' );
+            }
         }
         global $wpdb;
         $table_name = $wpdb->prefix . 'paybutton_paywall_unlocked';
@@ -389,9 +393,13 @@ public function content_page() {
         if ( ! current_user_can( 'manage_options' ) ) {
             return;
         }
-        if ( isset( $_GET['paybutton_content_nonce'] ) &&
-             ! wp_verify_nonce( $_GET['paybutton_content_nonce'], 'paybutton_content_sort' ) ) {
-            wp_die( 'Security check failed' );
+        // Only require nonce when sorting is requested
+        if ( isset( $_GET['orderby'] ) ) {
+            if ( ! isset( $_GET['paybutton_content_nonce'] )
+            || ! wp_verify_nonce( sanitize_text_field(wp_unslash( $_GET['paybutton_content_nonce'] )), 'paybutton_content_sort' )
+            ) {
+                wp_die( 'Security check failed' );
+            }
         }
         global $wpdb;
         $table_name = $wpdb->prefix . 'paybutton_paywall_unlocked';