Form nonce

Using a nonce with your forms validates that the contents of the form came from the location on the current site and not somewhere else.

Using with a form

Create the nonce HTML
$OurNonceField = wp_nonce_field( 'MySiteSomeUniqueNonceName', 'my_site_request_nonce', true, false );   //Used to validate that the contents of the form request came from the current site and not somewhere else
Include it in the form contents
<form method="POST">

  $OurNonceField

</form>
Verifying the nonce when receiving the form submission
if (isset( $_POST['my_site_request_nonce']))       //Ignore forms that are not ours
{
  //-------------------------------------
  //----- A FORM HAS BEEN SUBMITTED -----
  //-------------------------------------

  //CHECK THE FORM NONCE FIELD IS VALID
  if (
    (!isset( $_POST['my_site_request_nonce'])) ||
    (wp_verify_nonce($_POST['my_site_request_nonce'], 'MySiteSomeUniqueNonceName') !== 1)       //1=nonce created within last 12 hours
  )
  {
    wp_redirect( home_url( '/' ) );
    die;
  }

}
Feel free to comment if you can add help to this page or point out issues and solutions you have found. I do not provide support on this site, if you need help with a problem head over to stack overflow.

Comments

Your email address will not be published. Required fields are marked *