Articles of verification

WordPress Phone Verification

Is there a way to check verified members phone numbers by sending code to their mobile phones just like Facebook does? This would be very handy to stop spammers and allows only one user per phone number.

wp_verify_nonce always returns false when logged in as admin

I’ve implemented some AJAX functionality for my plugin and it works fine as long as I’m not logged in as admin – then wp_verify_nonce fails. It works for unauthorized users and authorized regular users too. Here’s my PHP class (I removed everything that is not relevant to the issue): class My_Ajax { function __construct() { […]

Nonce actions and names available via open source

I am using a plugin which makes its code publicly available. Therefore, anyone can see the $action and $name parameters used to generate the nonces. Does this make my site more vulnerable since this reduces the added security provided by these parameters? Should I thus replace these parameters with my own values for them? Thanks.

Scanning Database for malicious Data

After a site of a friend has been hacked I told him he should just clean up the mess and restart from scratch so he know that no file has been altered. I could scan the site for him with tools like grep an so on (For a start: Grep and Friends) but what I […]

Email verification for new users

I would like to implement a plugin that requires new users to reply to an email, to verify their email address, on registration. I am already doing extensive codex research, but I am very new and would appreciate some hints, especially regarding keeping the user inactive until they have verified their email. The rest I […]

How does nonce verification work?

I can see that wp_nonce_field generates a value in the hidden field. <input type=”hidden” id=”message-send” name=”message-send” value=”cabfd9e42d” /> But wp_verify_nonce isn’t using that value as far as I can tell, but I may be wrong. It looks like it’s using a session token for verification. $expected = substr( wp_hash( $i . ‘|’ . $action . […]