How to add CSRF to manually created form in wordpress?

Question

This is my first try to writing custom plugin in WordPress, Certainly there is a way to add CSRF tag to forms in WordPress and check form validity inside server. The question is how can I?

Answer 1

If you are using Wordpress 2.0.4 or above you can use wp_nonce_field and wp_verify_nonce field to verify. The Wordpress documentation has some examples (which I posted below).

In your form:

<form method="post">
   <!-- some inputs here ... -->
   <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>
</form>

In your processing action:

<?php
if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') )
{
   print 'Sorry, your nonce did not verify.';
   exit;
}
else
{
   // process form data
}