Thanks to a variety of posts on here I’ve managed to put together a front end submission form. After about 24 hours of tweaking I’ve finally got everything working including a redirect to a ‘success’ page after submission, but I have no idea what to do with the nonce. Here is the form page: http://pastebin.com/YWyXL3jY … Read more
This is probably a noob question BUT hear me out – isn’t the point of using Nonce to protect from things like scrappers (phpcurl scrappers etc.)? But my Nonce prints out in the head of the document like so: /* <![CDATA[ */ var nc_ajax_getpost = { …stuff… getpostNonce: “8a3318a44c” }; /* ]]> */ So if … Read more
For those that arrive from Google: You probably shouldn’t get the nonces from the REST API, unless you really know what you’re doing. Cookie-based authentication with the REST API is only meant for plugins and themes. For a single page application, you should probably use OAuth. This question exists because the documentation isn’t/wasn’t clear on … Read more
I’ve seen a couple of discussions about getting WordPress to regenerate a unique nonce for subsequent Ajax requests, but for the life of me I can’t actually get WordPress to do it– every time I request what I think should be a new nonce, I get the same nonce back from WordPress. I understand the … Read more
Or does this break the purpose of the nonce, which I admint I don’t quite understand it? 🙂 For example on two ajax requests that run on page load, or when something is clicked: $.ajax({ type: ‘post’, url: ‘admin-ajax.php’, data: { action: ‘foo’, _ajax_nonce: ‘<?php echo $nonce; ?>’ } }); $.ajax({ type: ‘post’, url: ‘admin-ajax.php’, … Read more
I can see that wp_nonce_field generates a value in the hidden field. <input type=”hidden” id=”message-send” name=”message-send” value=”cabfd9e42d” /> But wp_verify_nonce isn’t using that value as far as I can tell, but I may be wrong. It looks like it’s using a session token for verification. $expected = substr( wp_hash( $i . ‘|’ . $action . … Read more
I’m currently working on the admin page of my custom post type, and I got stuck on deciding whether to add a nonce field again for the second metabox or not. I’m very new to custom post types, and searching online about this doesn’t really yield that many results. Any thoughts? Thanks. 4 I would … Read more
What is the difference, which one should I use? I know that wp_verify_nonce checks the time limit, and check_admin_referer I think calls wp_verify_nonce as well as checking for an admin url segment, but I’m a bit confused on which one I should use and when. Thanks for the clarity. 2 I thought that check_admin_referer checked … Read more
