[wp-trac] [WordPress Trac] #50510: Improve security of wp_nonce implementation
WordPress Trac
noreply at wordpress.org
Mon Jun 29 15:21:47 UTC 2020
#50510: Improve security of wp_nonce implementation
-------------------------+-----------------------------
Reporter: chaoix | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
The current wp_nonce implementation is a little out dated and should be
improved. While nonces aren't security, a strong nonce implementation can
provide some security against form field manipulation.
I have attached a mu-plugin I wrote to test a new nonce algorithm. I will
convert it to a patch if there is interest in improving this in core. I
have been running this mu-plugin on several high traffic sites I manage
with no issues for over 6 months now.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/50510>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list