Look this code: if ( isset( $_POST[‘cartflows-action-nonce’] ) && ! wp_verify_nonce( sanitize_text_field( wp_unslash( $_POST[‘cartflows-action-nonce’] ) ), ‘cartflows-action-nonce’ ) ) { return; } This code was taken from a WordPress plugin with more than 100,000 active downloads, Cartflows (https://wordpress.org/plugins/cartflows/). This condition is a security validation to block CSRF, it works to …
Introduction: At the end of November I noticed a file-handling function in PHP that was going unnoticed by developers, perhaps because it seemed harmless. The function in question is unlink, which, for those who do not know, works to delete a file in the filesystem. It is common to worry …
Introduction: Some time ago I have dedicated to researching about security and vulnerabilities of WordPress plugins. And the result as we can see below is very satisfactory. I have posted and helped the community to stay a bit more secure. WpVull, site that lists vulnerabilities with a focus on WordPress. …
Esse é o primeiro post da série, fazendo mágica no wp-config. Para quem não conhece ou não esta familiarizado com o WordPress, o wp-config.php é o arquivo de configuração de do cms, que contém diversos defines para configuração da aplicação. A ideia de escrever uma sequencia de artigos relacionado a …
