CSRF Protection

This topic contains 1 reply, has 2 voices, and was last updated by Ernest Marcinko Ernest Marcinko 1 year, 11 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #29383


    We have the Ajax Search Pro plugin for WordPress. I´m trying to implement a NONCE key inside every search form. I´m using “wp_nonce_field” inside the “asp.shortcode.settings.php” file, and validating the NONCE inside the “ajax_search.php” file.

    Validation works fine, if the NONCE value is wrong, “wp_verify_nonce” detect this, and in this point I need to end (or exit, or terminate) the execution, I do not want to excecute the query (jquery.ajaxsearchpro.min.jx). If I use “exit()”, “die()” or “wp_safe_redirect()”, the code does not do that and the query is being excecuted.

    I am attaching a Word file with some screens of the code and the results from excecution. I´m using a development server.

    We need the CSRF protection, could you please send me information about how to implement this protection?

    Thanks in advance.

    You must be logged in to view attached files.
    Ernest Marcinko
    Ernest Marcinko


    If you maintain all of your plugins to the latest version, you should be perfectly safe from CSRF or any other attacks. For a CSRF query to execute, there must be a vulnerability, and I don’t see how using the search request could be used for that. Every aspect of the query, the arguments, everything is validated multiple times, currently we are not aware of any CSRF related issues with the search. There is no difference on how the query is executed for privileged and non-privileged users, so there is basically no ground for a CSRF attack.
    Even if you were to add a nonce to the ajax request (which I don’t recommend, because for each query it has to be regenerated on the fly, which basically makes it useless, an attacker can easily bypass that), all of the site back-end still needs to get protection. In CSRF attacks, the attacker tricks a privileged user (like an admin) to click a link or a submit form to execute a query on the back-end, and it is much more likely, that an attack will be aimed at your site back-end with a request to a vulnerable file.
    Instead of altering everything in the core files on your whole site, I rather suggest using a plugin like WordFence or a firewall, that detects suspicius and known vulnerability attacks, and blocks them before it reaches execution. It is much more secure, and does not require core file modifications.

    Ernest Marcinko

    If you like my products, don't forget to rate them on codecanyon :)

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.