Okay, not sure what was wrong with my original code, but this post put me on the right path. To generate the nonce, use: wp_nonce_field( plugin_basename( __FILE__ ), ‘my_reset_nonce’,true,false); To verify, use: if ( ! isset( $_POST[‘my_reset_nonce’] ) || ! wp_verify_nonce( ( $_POST[‘my_reset_nonce’] ), plugin_basename( __FILE__ ) ) ) { die; } else { // … Read more
How to block plugin activations with no known user or coming from unknown IP address range?
Try it like this: RewriteCond %{HTTP_USER_AGENT} (ADmantX|Proximic|Barkrowler|X-Middleton) [NC] RewriteRule ^ – [F] This will block any request where the User-Agent string contains either ADmantX, Proximic, Barkrowler or X-Middleton. The NC flag makes this a case-insensitive match – whether this is strictly required or not in this example I don’t know, but generally this should be … Read more
You’re not doing anything unusual or unsafe. You are just defining functions, which is a perfectly normal and reasonable thing to do with JavaScript. If there’s a malicious script running on your page then sure, it could redefine those methods, but it could also do other things that much worse. This is why you need … Read more
Not especially, though I would disable it for your entire site if you have the option as a matter of general best practice. In a well maintained WordPress install, the contents of that directory aren’t a secret, even if the directory listing is hidden. This is because you should never modify that folder, so it … Read more
SQL Injection blocked by firewall
Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
Securing/Escaping Output of file content – reading via fread() in PHP
Is it possible to access the wp-admin from one instance while keeping WP_HOME pointing to the balancing url?
How to Change The WordPress Login URL Without Plugin