Security error WP 4.0 + WP phpBB Bridge [closed]

Hopefully this is a temporary fix for you. The idea is to override the nonce.

Add the following in a functions.php file or in the plugin itself

function wp_verify_nonce($nonce, $action = -1) {
return 1;
}

For now, this works on the bridge I use on my site (A different bridge for a different forum software package). I’d love to figure out how to use WP_Session_Tokens to set this up so the nonce is verified.

Maybe this reference will be helpful.

http://developer.wordpress.org/reference/classes/wp_session_tokens/get_instance/

as well as this ticket:

https://core.trac.wordpress.org/ticket/20276

IMHO: I disagree that the question is off-topic. It is very much on topic because external authentication has been changed in WordPress 4.0 and may cause many people issues. After all, the developers added the session file and that is probably the root to the problem.

Related Posts:

  1. What are the common security flaws I need to look for? [closed]
  2. WordPress Capabilities: edit_user vs edit_users
  3. Where should my plugin POST to?
  4. Should I use RIPS tool to test my themes and plugins?
  5. Set cookie then immediantly refresh the page
  6. Escape when echoed
  7. How to delete Passwrd Protected posts cookies when a user logged out from the site
  8. wp_create_nonce function doesn’t work inside a plugin?
  9. How to save generated JWT token to cookies on login?
  10. User Session and Stored Cookies not get removed
  11. Why can’t I access my Intranet LDAPS with NADI?
  12. I should enable automatic updates?
  13. Prevent direct access to WordPress plugin assets?
  14. How to prevent plugins from sniffing/stealing other plugins’ options?
  15. Security of a WordPress Plugin
  16. Help to Create a Simple Plugin to make a post
  17. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  18. How to store a secret for a plugin inside public_html
  19. Cookie value changes back to previous value after changing
  20. prevent anonymous access to WordPress site (non-admin site)
  21. Securing a plugin pop-up window
  22. Why does WordPress use cookies for /wp-admin and /wp-content/plugins for non-admin users [duplicate]
  23. wp_verify_nonce fails always
  24. Validating values using Settings API?
  25. How to resolve these findings from security audit
  26. How to delete Password Protected posts cookies when a user logged out from the site
  27. Stop the user if login from the cookies
  28. WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
  29. Disabled plugins are they security holes – rumor or reality?
  30. How to implement WordPress plugin update that modifies the database?
  31. wp.media update options and force render on uploader
  32. WordPress Plugin Development In MVC Architecture, How?
  33. Customize plugin update “new version is available” text
  34. “Donate to this plugin” for WordPress.org Plugin Authors
  35. What happens when two plugins have the same 3rd party class included into them?
  36. How to handel multiple checkbox field in the admin settings page with Settings API
  37. Update Multiple Post Meta for the Same Post In One call?
  38. Allowing Custom Capability to Manage Plugin Options
  39. wp_insert_user – how to send verification email before logging in
  40. How to show custom message once on plugin activation?
  41. How do I configure WordPress to talk to a Microsoft SQL Server database?
  42. Overrides Plugin Files on WordPress Themes
  43. Why is my ajax call refreshing the page?
  44. Localize Plugin Description
  45. Display future posts?
  46. Passing RichText attributes to function onChange
  47. Getting media library popup in custom plugin admin page
  48. What is the way to ship read-me strings like plugin-strings for internationalization?
  49. Variable from a plugin into a theme
  50. Upload file inside plugins options page
  51. How to automate wordpress plugin activate and deactivate by php logic?
  52. How to get variables from fucntion.php to my plugin files
  53. Is there any way to get all the name or slug of template parts used in a page?
  54. What function can I use consistently to escape possible HTML for editing and display?
  55. How can I make uploaded images in the editor load with HTTPS?
  56. Test files for plugin development
  57. Send Custom welcome email to specific user group
  58. WordPress Backend HA (Automatic failover)
  59. Is it necessary to auto delete my WP plugin database tables when users deactivate/delete my plugin?
  60. Custom post types – remove default post supports through empty array?
  61. How to insert and call new data in wordpress website database through a plugin
  62. How to be escape Variables and options when echo?
  63. Release the plugin in the WordPress repository where redux is used
  64. Dokan Marketplace store link in single product page
  65. YOAST Seo xmlsitemap menu item not showing in the dashboard [closed]
  66. Using meta_query in a WP_Query not working for numbers properly
  67. How do I reliably find a URL to a script or other file?
  68. How to add captcha to publish widget
  69. How to add logo to a WordPress Custom Plugin?
  70. Use a custom block in another block
  71. WordPress search shows protected content
  72. Fixed: Console.log twice in the edit function
  73. Using OR Condition with facetwp facets
  74. How to copy the all WordPress media items to another custom plugin folder?
  75. Personality quiz in wordpress using a plugin
  76. How can we get this dynamically as this folder may not be by the same name always → wp-admin
  77. Error on plugin activation and creating new page
  78. Child theme modifications not showing up
  79. Why is my shortcode not working?
  80. “Fire Secure” menu item
  81. wp_remote_post To external API multiple values with the same key
  82. Function settings_fields() not recognized (Uncaught Error: Call to undefined function settings_fields())
  83. what’s different between wpdb->prefix and table_prefix
  84. Can we rename a plugin directory for a already launched plugin?
  85. How to use custom footer template in a site-plugin?
  86. How to create a new database table whenever user changes options
  87. Am I correctly adding styles to plugin?
  88. How can I insert a record into a custom table from my custom form in my custom admin page?
  89. how to create table during plugin installation in side a class
  90. WP_Filesystem usage within a block of code
  91. Why function hooked using object are executing at all time?
  92. What is the Object for WP_Error Class?
  93. Ajax in Plugins: returns the whole page
  94. how to search through plugin in wordpress cimy-user-extra-fields?
  95. Any way to hook into WP after a page displays?
  96. How I can hide my wp folders from Inspect Element (Developer Tools)
  97. Social login authentication via wordpress rest api
  98. Is it possible to create post in wordpress using postman?
  99. wp_enqueue_script doesn’t load JS in plugin
  100. AI Code For OpenAI

Leave a Comment