Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

“I find the great thing in this world is not so much where we stand, as in what direction we are moving: To reach the port of heaven, we must sail sometimes with the wind and sometimes against it, but we must sail, and not drift, nor lie at anchor”
- Oliver Wendell Holmes



Where will you go today?

"And finally, " said Max, quieting the audience down and putting on his solemn face, "finally I believe we have with us here tonight, a party of believers, very devout
believers, from the Church of the Second Coming of the Great Prophet Zarquon. " ... "There they are, " said Max, "sitting there, patiently. He said he'd come again, and
he's kept you waiting a long time, so let's hope he's hurrying fellas, because he's only got eight minutes left! "
computers:websites:wordpress:nonce-security

Wordpress nonce

These help to give security to WordPress.

wp_nonce_field( $action, $name, $referer, $echo )

Like this:

  <form method="post">
    <!-- some inputs here ... -->
    <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
  </form>

Then we can verify it:

if ( 
    ! isset( $_POST['name_of_nonce_field'] ) 
    || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
) {
 
   print 'Sorry, your nonce did not verify.';
   exit;
 
} else {
 
   // process form data
}

Also, try using wp referer field() and wp_get_referer() to verify where the submission came from.

And for admin pages, use check_admin_referer();

WordPress Front End Security: CSRF and Nonces https://css-tricks.com/wordpress-front-end-security-csrf-and-nonces/

computers/websites/wordpress/nonce-security.txt · Last modified: Apr 5, 2015 (4 years ago) by Matt Bagley