http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces A blog by Prelovac Media CEO Vladimir Prelovac Tue, 14 Feb 2012 08:37:58 +0000 hourly 1 http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-2#comment-24586 joomlaserviceprovide http://www.prelovac.com/vladimir/?p=803#comment-24586 Greetings. We are pleased to announce the release of wSecure. wSecure hides your Wordpress admin URL with a special key so that only you can access. The problem with Wordpress is that anyone can tell if your site is Wordpress by simply typing in the default URL to the administration area (i.e. www.yoursite.com/wp-admin). wSecure helps you hide the fact that your website is built with Worpdress from prying eyes. Greetings. We are pleased to announce the release of wSecure. wSecure hides your WordPress admin URL with a special key so that only you can access. The problem with WordPress is that anyone can tell if your site is WordPress by simply typing in the default URL to the administration area (i.e. http://www.yoursite.com/wp-admin). wSecure helps you hide the fact that your website is built with Worpdress from prying eyes.

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-2#comment-23911 Securing Your WordPress Website | TunerLabs Blog http://www.prelovac.com/vladimir/?p=803#comment-23911 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-2#comment-23897 Securing Your WordPress Website | Web Design Course Brisbane: Next Course Sat 10th Dec 2011 http://www.prelovac.com/vladimir/?p=803#comment-23897 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-2#comment-23896 Securing Your WordPress Website | Wordpress Training Course Brisbane: Next Course Thur 24th Nov 2011 http://www.prelovac.com/vladimir/?p=803#comment-23896 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23893 Securing Your WordPress Website | Remake Wordpress Theme http://www.prelovac.com/vladimir/?p=803#comment-23893 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23892 Securing Your WordPress Website | Appenheimer http://www.prelovac.com/vladimir/?p=803#comment-23892 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23885 level. graphic design boutique agency based in weymouth dorset http://www.prelovac.com/vladimir/?p=803#comment-23885 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23884 Free and Premium wordpress plugins | Securing Your WordPress Website http://www.prelovac.com/vladimir/?p=803#comment-23884 [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...] [...] “Improving Security in WordPress Plugins Using Nonces,” Vladimir Prelovac [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23601 GB http://www.prelovac.com/vladimir/?p=803#comment-23601 Using this - Does the action variable need to match the name of the action in the form, or can it be anything? Using this - Does the action variable need to match the name of the action in the form, or can it be anything?

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23308 WordPress Meta Box Tutorial - Advanced | WP Roots http://www.prelovac.com/vladimir/?p=803#comment-23308 [...] HTML. If you are unfamiliar with the built-in WordPress nonce functions, I would recommend reading about them in order to harden and secure your WordPress [...] [...] HTML. If you are unfamiliar with the built-in WordPress nonce functions, I would recommend reading about them in order to harden and secure your WordPress [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-23193 5 tips for using AJAX in WordPress | WPsharing http://www.prelovac.com/vladimir/?p=803#comment-23193 [...] Jaquith and Vladimir Prelovac also covered Nonces and how to use them generally. Make sure you read those articles because [...] [...] Jaquith and Vladimir Prelovac also covered Nonces and how to use them generally. Make sure you read those articles because [...]

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-22411 Rumpelstintskin http://www.prelovac.com/vladimir/?p=803#comment-22411 All reserves expressed about the mechanism proposed by Vladimir have to do with nonces being valid for 24 hours. Is that imperative by design? Why not real nonces, that is, once a request is received in the server with that token, is never to be used nor seen again? Furthermore, is never to be valid again in combination with the session where it was produced, regardless of wheter it was consumed or not. I am probably being naive here, since I just jumped on the topic, but I need to understand if this approach might work, then I would adapt it to Java. All reserves expressed about the mechanism proposed by Vladimir have to do with nonces being valid for 24 hours. Is that imperative by design? Why not real nonces, that is, once a request is received in the server with that token, is never to be used nor seen again? Furthermore, is never to be valid again in combination with the session where it was produced, regardless of wheter it was consumed or not. I am probably being naive here, since I just jumped on the topic, but I need to understand if this approach might work, then I would adapt it to Java.

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-22122 nierdz http://www.prelovac.com/vladimir/?p=803#comment-22122 Hi, I tried to implement this in an ajax plugin but i get Call to undefined function wp_create_nonce(). Is there a way to deal with that ? More precision, the plugin is just an ajax widget and I use OO by extending the WP_Widget class. Hi,
I tried to implement this in an ajax plugin but i get Call to undefined function wp_create_nonce().
Is there a way to deal with that ?
More precision, the plugin is just an ajax widget and I use OO by extending the WP_Widget class.

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-21798 Dallas http://www.prelovac.com/vladimir/?p=803#comment-21798 Like naomi asked, I am using wp 3.01 or whatever. Does this apply to my site? Like naomi asked, I am using wp 3.01 or whatever. Does this apply to my site?

]]> http://www.prelovac.com/vladimir/improving-security-in-wordpress-plugins-using-nonces/comment-page-1#comment-21640 WordPress. Le guide definitive agli Hacks e ai Tutorial — Studio404 Web Agency http://www.prelovac.com/vladimir/?p=803#comment-21640 [...] Improving security in WordPress plugins using Nonces [...] [...] Improving security in WordPress plugins using Nonces [...]

]]>