Using a nonce with your forms validates that the contents of the form came from the location on the current site and not somewhere else.
Using with a form
Create the nonce HTML
$OurNonceField = wp_nonce_field( 'MySiteSomeUniqueNonceName', 'my_site_request_nonce', true, false ); //Used to validate that the contents of the form request came from the current site and not somewhere elseInclude it in the form contents
<form method="POST">
$OurNonceField
</form>Verifying the nonce when receiving the form submission
if (isset( $_POST['my_site_request_nonce'])) //Ignore forms that are not ours
{
//-------------------------------------
//----- A FORM HAS BEEN SUBMITTED -----
//-------------------------------------
//CHECK THE FORM NONCE FIELD IS VALID
if (
(!isset( $_POST['my_site_request_nonce'])) ||
(wp_verify_nonce($_POST['my_site_request_nonce'], 'MySiteSomeUniqueNonceName') !== 1) //1=nonce created within last 12 hours
)
{
wp_redirect( home_url( '/' ) );
die;
}
}
USEFUL?
We benefit hugely from resources on the web so we decided we should try and give back some of our knowledge and resources to the community by opening up many of our company’s internal notes and libraries through mini sites like this. We hope you find the site helpful.
Please feel free to comment if you can add help to this page or point out issues and solutions you have found, but please note that we do not provide support on this site. If you need help with a problem please use one of the many online forums.