Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

“The great thing in the world is not so much where we stand, as in what direction we are moving.”



Where will you go today?

"Concentrate...feel the Force flow. Yes. Good. Calm, yes. Through the Force, things you will see. Other places. The future...the past. Old friends long gone."

- Yoda
computers:websites:wordpress:nonce-security

Wordpress nonce

These help to give security to WordPress.

wp_nonce_field( $action, $name, $referer, $echo )

Like this:

  <form method="post">
    <!-- some inputs here ... -->
    <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
  </form>

Then we can verify it:

if ( 
    ! isset( $_POST['name_of_nonce_field'] ) 
    || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
) {
 
   print 'Sorry, your nonce did not verify.';
   exit;
 
} else {
 
   // process form data
}

Also, try using wp referer field() and wp_get_referer() to verify where the submission came from.

And for admin pages, use check_admin_referer();

WordPress Front End Security: CSRF and Nonces https://css-tricks.com/wordpress-front-end-security-csrf-and-nonces/

computers/websites/wordpress/nonce-security.txt · Last modified: Apr 5, 2015 (4 years ago) by Matt Bagley