Matt Fiddles

Life's so vast, there's just so much to do...

User Tools

Site Tools


Sidebar

"And well you should not. For my ally in the Force. And a powerful ally it is. Life creates it, makes it grow. It's energy surrounds us and binds us. Luminous beings are we...(Yoda pinches Luke's shoulder)...not this crude matter. (a sweeping gesture) You must feel the Force around you. (gesturing) Here, between you...me...the tree...the rock...everywhere! Yes, even between this land and that ship!

- Yoda



Where will you go today?

Emperor Palpatine: "Take your Jedi weapon! Use it. Strike me down with all of your hatred and your journey towards the dark side will be complete!"
computers:websites:wordpress:nonce-security

Wordpress nonce

These help to give security to WordPress.

wp_nonce_field( $action, $name, $referer, $echo )

Like this:

  <form method="post">
    <!-- some inputs here ... -->
    <?php wp_nonce_field( 'name_of_my_action', 'name_of_nonce_field' ); ?>
  </form>

Then we can verify it:

if ( 
    ! isset( $_POST['name_of_nonce_field'] ) 
    || ! wp_verify_nonce( $_POST['name_of_nonce_field'], 'name_of_my_action' ) 
) {
 
   print 'Sorry, your nonce did not verify.';
   exit;
 
} else {
 
   // process form data
}

Also, try using wp referer field() and wp_get_referer() to verify where the submission came from.

And for admin pages, use check_admin_referer();

WordPress Front End Security: CSRF and Nonces https://css-tricks.com/wordpress-front-end-security-csrf-and-nonces/

computers/websites/wordpress/nonce-security.txt · Last modified: Apr 5, 2015 (3 years ago) by Matt Bagley