WordPress custom admin functions security

Read about “Nonces”.

Create one and append it to your URL:

$url="example.php?filename=whatever&nonce=" . wp_create_nonce('my_sensitive_action');

When your request is fulfilled check for it:

// here verify if the nonce was used before
if(wp_verify_nonce($_GET['nonce'], 'my_sensitive_action')){
  // it's ok, it wasn't used before
}

Also the validity of these nonces has a time limit, like one day or so.
If the nonce is not used within this period, it will expire…

Related Posts:

  1. wp_verify_nonce vs check_admin_referer
  2. How does admin-ajax.php work?
  3. This CSS Stuffing Works, But Is This A Good Practice?
  4. Securing Admin Accounts – Username Discovery
  5. Settings API – easiest way of validating checkboxes?
  6. WordPress Admin back-end – advanced options page?
  7. How To View Site from Non-Logged-In User’s Perspective
  8. wp_dropdown_pages() in theme admin page
  9. Assuming a theme is properly secured, how save is the WordPress admin?
  10. Don’t attribute content to admin users
  11. How can I show the contents of only a few users
  12. Settings API not saving values to database
  13. WordPress ACL (folder + permissions)
  14. Admin option sidebar count
  15. using rewrites to secure login page
  16. Problem with Settings API: changes are not saved after submit
  17. Add Custom Script in Other Plugin’s Options page
  18. Accessing variable from admin panel?
  19. How can I POST or GET to the same admin page from which I am POST-ing or GET-ing
  20. How do I diagnose a plugin resource 404?
  21. WordPress Brute Force Prevention
  22. Changing admin user id for database
  23. Does deleting the table users prevent all logins?
  24. Show global Message in User Profiles with admin only Input field in WordPress Backend
  25. [Multisite]How can I update custom blog option?
  26. Call require_once form admin page with checkbox
  27. Why does my admin email address keep changing to something random?
  28. Where to store publicly-accessible files
  29. Get Link of Page Selected through a Select Field in Custom Admin Page
  30. My code for creating an admin option doesn’t work
  31. I don’t have permission to save the theme options I created myself?
  32. Pull Random Images From Options Page [closed]
  33. Woo Commerce Settings for Check-out Form [closed]
  34. Unknown phantom user “wordpress” created with admin privileges
  35. What are the standard admin CSS id/class tags?
  36. Admin Ajax is returning 0
  37. Add custom column to Users admin panel
  38. Add a Separator to the Admin Menu?
  39. How to determine whether we are in add New page/post/CPT or in edit page/post/CPT in wordpress admin?
  40. how to know if admin is in edit page or post [duplicate]
  41. Modal window from within WordPress admin
  42. Where in WP can I check history or log of updates of plugins etc?
  43. Adding a custom admin page
  44. How to remove entire admin menu?
  45. How do I remove dashboard access from specific user roles?
  46. How can I speed up my WP admin section?
  47. How to pass parameters to admin_notices?
  48. From a security standpoint, should bloginfo() or get_bloginfo() be escaped?
  49. Where to securely store API keys and passwords in WordPress?
  50. Admin: very slow edit page caused by core meta query
  51. if admin is logged in
  52. Search posts by ID in admin
  53. How to Change the Default Home Page for the WordPress Dashboard?
  54. Setting admin edit panels & metaboxes positions and visibility for ALL users and admins
  55. Find out which moderator approved comment?
  56. The website cannot display the page
  57. How To Remove WordPress Version From The Admin Footer
  58. Sort pages in loop by admin’s page attributes order field?
  59. Edit “thank you for creating with WordPress” in version 3.3.1
  60. Hide other users’ posts in admin panel
  61. Set Default Admin Colour For All Users
  62. Editor Styles and Typekit
  63. WordPress admin stylesheet
  64. Is it possible to create a WordPress tour? V3.3.1
  65. is_admin() returns true when using admin-ajax.php from front end script
  66. How to save dismissable notice state in WP 4.2?
  67. How do I optimize a custom post type admin page with 25,000 posts?
  68. Settings API – adding setting fields dynamically?
  69. Disable Media Uploads to non Admin Users
  70. How do I load a CSS style into WordPress admin area only?
  71. Allowing admin-ajax.php to receive “application/json” instead of “x-www-form-urlencoded”
  72. Can an admin check passwords of registered users?
  73. How can I target WordPress 3.8 new interface MP6 with CSS?
  74. Notification that the admin is online
  75. Does wordpress create activity, update logs?
  76. sort child pages on admin
  77. How-to make the admin area mobile friendly [closed]
  78. How to remove list view from media library?
  79. How to disable the “Your site has updated to WordPress x.y.z” admin email?
  80. Load plugin scripts and styles only on plugin page
  81. Plugin to remove Admin menu items based on user role?
  82. How to obtain the user ID of the current profile being edited in WP-Admin?
  83. 3.3: How do you hide the new dashboard welcome panel?
  84. Add my own button next to “Screen options” and “Help” in the admin
  85. Is it safe to store a user setting you don’t want the user to ever modify as a user option?
  86. WP List Table custom quick edit box – post meta data missing and columns change on submit
  87. How to hide admin account in BuddyPress? (for security reasons)
  88. Are there any action like ‘init_frontend’
  89. Should I use is_admin() inside ‘admin_init’ hook callback
  90. Custom admin email for new user registration
  91. Send Admin Emails to Multiple Email Addresses
  92. How do I set up the defualt page icon for admin menu?
  93. Prevent author from changing their posts if admin has modified
  94. Cannot access admin panel
  95. Make A WordPress Page Accessible To Admins Only, Redirect Other User Roles
  96. Disable all https in WordPress
  97. localhost/wp-admin on my local redirects to production site’s /wp-admin
  98. How to remove administrator role in settings -> general -> New User Default Role?
  99. How do I create my own admin button and theme settings page?
  100. Is there a more efficient admin search function/plugin?
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)