nonce - Read For Learn

Public posts – preventing duplicate form submissions

Don’t know if it’s best practice but i had a similar issue and I ended up checking by custom sql query to check if the title already exists in my post type and filtered duplicate posts and i hooked that to wp_insert_post_data filter hook. add_filter(‘wp_insert_post_data’,’prevente_duplicates’); function prevente_duplicates($data,$postarr){ $count = $wpdb->get_results($wpdb->prepare(“SELECT count(id) FROM $wpdb->posts WHERE post_type=”MY_POST_TYPE_NAME” … Read more

Saving custom data via ajax with nonces

I don’t see any is_admin conditional statement which is why you should include it in your snippet so we can properly assess what you are attempting to do outside of the obvious question. Either way a nonce should be mandatory. That function that receives and processes your AJAX request/response should also verify your nonce to … Read more

Nonce failing with second argument

PHP variables inside single quotes — ‘ — won’t be expanded. So in your first code snippet, unless you literally mean to pass the string $pluginmaker_nonce to the check_admin_referer() function as the action, you should probably rewrite your code as check_admin_referer( ‘action_name’, $pluginmaker_nonce );.

Nonce keeps failing

Why are you using the edit.php page for this export link? The edit.php code appears to be checking on the “bulk-posts” nonce, which is probably where your failure is, since you’re not using that nonce. You should probably be using post.php instead, or a more general hook with your action.

Nonce for Trashing Item

I found the answer – this contains sample code which helped me resolve the issue. https://codex.wordpress.org/WordPress_Nonces

Several nonces?

No, there isn’t any point in that. All docs relating to metaboxes are probably inspired from the wrong code at the codex which use a nonce. The problem which nonces in metabox inadvertently solve is avoiding data corruption when the quick edit feature of the posts list page is used (or thinking about it any … Read more

Using nonce when loading posts with AJAX

GET puts all your params on the URL like; http://example.com/thing?foo=bar&x=y For POST you could include all that information but it won’t show in the URL. http://example.com/thing Obviously if you’re thinking about security, using POST is more ideal because your params won’t show in access logs or accidentally picked up by search engines or whatever. Sending … Read more

Does this code indicate an exploit?

The _wp_http_referer field is generated by the wp_referer_field() function. I’m not familiar with the hidden send field – however, I’d wager it’s a nonce field. In all likelihood this pair of hidden inputs was generated by a call to the wp_nonce_field() function with ‘send’ as the $name argument and the $referer argument set to true. … Read more

How to add a WordPress Nonce for this form to avoid CSRF

Here is a Reference to a form field WP Nonce <form method=”post”> <!– some inputs here … –> <?php wp_nonce_field( ‘name_of_my_action’, ‘name_of_nonce_field’ ); ?> </form>

Stop WordPress nonces expiring

A nonce is a “number used once” to help protect URLs and forms from certain types of misuse, malicious or otherwise. WordPress nonces aren’t numbers, but are a hash made up of numbers and letters. Nor are they used only once, but have a limited “lifetime” after which they expire. During that time period the … Read more

+ More