Hopefully this is a temporary fix for you. The idea is to override the nonce.
Add the following in a functions.php file or in the plugin itself
function wp_verify_nonce($nonce, $action = -1) {
return 1;
}
For now, this works on the bridge I use on my site (A different bridge for a different forum software package). I’d love to figure out how to use WP_Session_Tokens to set this up so the nonce is verified.
Maybe this reference will be helpful.
http://developer.wordpress.org/reference/classes/wp_session_tokens/get_instance/
as well as this ticket:
https://core.trac.wordpress.org/ticket/20276
IMHO: I disagree that the question is off-topic. It is very much on topic because external authentication has been changed in WordPress 4.0 and may cause many people issues. After all, the developers added the session file and that is probably the root to the problem.
Related Posts:
- What are the common security flaws I need to look for? [closed]
- WordPress Capabilities: edit_user vs edit_users
- Where should my plugin POST to?
- Should I use RIPS tool to test my themes and plugins?
- Set cookie then immediantly refresh the page
- Escape when echoed
- How to delete Passwrd Protected posts cookies when a user logged out from the site
- wp_create_nonce function doesn’t work inside a plugin?
- How to save generated JWT token to cookies on login?
- User Session and Stored Cookies not get removed
- Why can’t I access my Intranet LDAPS with NADI?
- I should enable automatic updates?
- Prevent direct access to WordPress plugin assets?
- How to prevent plugins from sniffing/stealing other plugins’ options?
- Security of a WordPress Plugin
- Help to Create a Simple Plugin to make a post
- Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
- How to store a secret for a plugin inside public_html
- Cookie value changes back to previous value after changing
- prevent anonymous access to WordPress site (non-admin site)
- Securing a plugin pop-up window
- Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
- wp_verify_nonce fails always
- Validating values using Settings API?
- How to resolve these findings from security audit
- How to delete Password Protected posts cookies when a user logged out from the site
- Stop the user if login from the cookies
- WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
- Disabled plugins are they security holes – rumor or reality?
- How to implement WordPress plugin update that modifies the database?
- wp.media update options and force render on uploader
- WordPress Plugin Development In MVC Architecture, How?
- Customize plugin update “new version is available” text
- “Donate to this plugin” for WordPress.org Plugin Authors
- What happens when two plugins have the same 3rd party class included into them?
- How to handel multiple checkbox field in the admin settings page with Settings API
- Update Multiple Post Meta for the Same Post In One call?
- Allowing Custom Capability to Manage Plugin Options
- wp_insert_user – how to send verification email before logging in
- How to show custom message once on plugin activation?
- How do I configure WordPress to talk to a Microsoft SQL Server database?
- Overrides Plugin Files on WordPress Themes
- Why is my ajax call refreshing the page?
- Localize Plugin Description
- Display future posts?
- Passing RichText attributes to function onChange
- Getting media library popup in custom plugin admin page
- What is the way to ship read-me strings like plugin-strings for internationalization?
- Variable from a plugin into a theme
- Upload file inside plugins options page
- How to automate wordpress plugin activate and deactivate by php logic?
- How to get variables from fucntion.php to my plugin files
- Is there any way to get all the name or slug of template parts used in a page?
- What function can I use consistently to escape possible HTML for editing and display?
- How can I make uploaded images in the editor load with HTTPS?
- Test files for plugin development
- Send Custom welcome email to specific user group
- WordPress Backend HA (Automatic failover)
- Is it necessary to auto delete my WP plugin database tables when users deactivate/delete my plugin?
- Custom post types – remove default post supports through empty array?
- How to insert and call new data in wordpress website database through a plugin
- How to be escape Variables and options when echo?
- Release the plugin in the WordPress repository where redux is used
- Dokan Marketplace store link in single product page
- YOAST Seo xmlsitemap menu item not showing in the dashboard [closed]
- Using meta_query in a WP_Query not working for numbers properly
- How do I reliably find a URL to a script or other file?
- How to add captcha to publish widget
- How to add logo to a WordPress Custom Plugin?
- Use a custom block in another block
- WordPress search shows protected content
- Fixed: Console.log twice in the edit function
- Using OR Condition with facetwp facets
- How to copy the all WordPress media items to another custom plugin folder?
- Personality quiz in wordpress using a plugin
- How can we get this dynamically as this folder may not be by the same name always → wp-admin
- Error on plugin activation and creating new page
- Child theme modifications not showing up
- Why is my shortcode not working?
- “Fire Secure” menu item
- wp_remote_post To external API multiple values with the same key
- Function settings_fields() not recognized (Uncaught Error: Call to undefined function settings_fields())
- what’s different between wpdb->prefix and table_prefix
- Can we rename a plugin directory for a already launched plugin?
- How to use custom footer template in a site-plugin?
- How to create a new database table whenever user changes options
- Am I correctly adding styles to plugin?
- How can I insert a record into a custom table from my custom form in my custom admin page?
- how to create table during plugin installation in side a class
- WP_Filesystem usage within a block of code
- Why function hooked using object are executing at all time?
- What is the Object for WP_Error Class?
- Ajax in Plugins: returns the whole page
- how to search through plugin in wordpress cimy-user-extra-fields?
- Any way to hook into WP after a page displays?
- How I can hide my wp folders from Inspect Element (Developer Tools)
- Social login authentication via wordpress rest api
- Is it possible to create post in wordpress using postman?
- wp_enqueue_script doesn’t load JS in plugin
- AI Code For OpenAI