wp_verify_nonce Archives

WordPress wp_verify_nonce vs check_ajax_referer: How to Stop CSRF in Your WordPress Plugins

January 30, 2026

6 Min Read

January 30, 2026

6 Min Read

To avoid Cross-Site Request Forgery (CSRF) attacks, WordPress has two functions for plugin developers: wp_verify_nonce and check_ajax_referer. If you don’t use at least one of these functions, your plugin could…

Coding vulnerabilities Secure coding

jennifer