Book Image

WordPress Plugin Development: Beginner's Guide

Book Image

WordPress Plugin Development: Beginner's Guide

Overview of this book

If you can write WordPress plug-ins, you can make WordPress do just about anything. From making the site easier to administer, to adding the odd tweak or new feature, to completely changing the way your blog works, plug-ins are the method WordPress offers to customize and extend its functionality. This book will show you how to build all sorts of WordPress plug-ins: admin plug-ins, Widgets, plug-ins that alter your post output, present custom "views" of your blog, and more. WordPress Plug-in Development (Beginner's Guide) focuses on teaching you all aspects of modern WordPress development. The book uses real and published WordPress plug-ins and follows their creation from the idea to the finishing touches, in a series of carefully picked, easy-to-follow tutorials. You will discover how to use the WordPress API in all typical situations, from displaying output on the site in the beginning to turning WordPress into a CMS in the last chapter. In Chapters 2 to 7 you will develop six concrete plug-ins and conquer all aspects of WordPress development. Each new chapter and each new plug-in introduces different features of WordPress and how to put them to good use, allowing you to gradually advance your knowledge. This book is written as a guide to take your WordPress skills from the very beginning to the level where you are able to completely understand how WordPress works and how you can use it to your advantage.
Table of Contents (14 chapters)
WordPress Plugin Development
Credits
About the Author
About the Reviewer
Preface
Index

Ajax security


Finally, we want to add a layer of security to our plugin. We will use nonces similar to those in the Live Blogroll plugin.

Time for action — Display the comments

  1. Edit the wp-wall-widget.php file and add a nonce to the form using wp_nonce_field:

    <form action="<?php echo $wp_wall_plugin_url.'/wp-wall-ajax.php'; ?>" method="post" id="wallform">
    <?php wp_nonce_field('wp-wall'); ?>
    <?php if ( $user_ID ) : ?>
    
  2. Add the check for nonce in the wp-wall-ajax.php file:

if ($_POST['submit_wall_post'])
{
// security check
check_ajax_referer('wp-wall');
$options = get_option('wp_wall');

What just happened?

Adding nonces is a sure way to secure our plugins against CSRF attacks.

We can use the wp_nonce_field() function to automatically generate a nonce in forms. You can then use check_ajax_referer() to check for nonce in the Ajax response script. The function will automatically abort the execution of the script if there is a security threat.

Have a go Hero

The plugin has...