This is my first try to writing custom plugin in WordPress, Certainly there is a way to add CSRF tag to forms in WordPress and check form validity inside server. The question is how can I?
If you are using Wordpress 2.0.4 or above you can use wp_nonce_field
and wp_verify_nonce
field to verify. The Wordpress documentation has some examples (which I posted below).
In your form:
<form method="post">
<!-- some inputs here ... -->
<?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>
</form>
In your processing action:
<?php
if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') )
{
print 'Sorry, your nonce did not verify.';
exit;
}
else
{
// process form data
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With