How to add CSRF to a manually created form in Wordpress?

Question

How to add CSRF to a manually created form in Wordpress?

This is my first attempt to write a custom WordPress plugin. Of course, there is a way to add the CSRF tag to forms in WordPress and check the validity of the form inside the server. The question is, how can I?

+5

wordpress csrf

Mohammad Ali Akbari Jul 25 '12 at 21:23

source share

1 answer

Chris mcknight · Accepted Answer · 2012-07-25T21:32:28+0000

If you are using Wordpress 2.0.4 or higher, you can use the field wp_nonce_fieldand wp_verify_nonceto test. There are several examples in the Wordpress documentation (which I posted below).

In your form:

<form method="post">
   <!-- some inputs here ... -->
   <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>
</form>

In process of treatment:

<?php
if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') )
{
   print 'Sorry, your nonce did not verify.';
   exit;
}
else
{
   // process form data
}

How to add CSRF to a manually created form in Wordpress?

More articles: