If you want to add CSRF to manually created form in wordPress? If you are using WordPress 2.0.4 or above you can use wp_nonce_field and wp_verify_nonce field to verify. The WordPress documentation has some examples (which I posted below).
In your form:
1 2 3 4 | <form method="post"> <!-- some inputs here ... --> <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?> </form> |
In your processing action:
1 2 3 4 5 6 7 8 9 10 | <?php if ( empty($_POST) || !wp_verify_nonce($_POST['name_of_nonce_field'],'name_of_my_action') ) { print 'Sorry, your nonce did not verify.'; exit; } else { // process form data } |
If you like this question & answer and want to contribute, then write your question & answer and email to freewebmentor[@]gmail.com. Your question and answer will appear on FreeWebMentor.com and help other developers.
