CSRF Protection

This topic contains 1 reply, has 2 voices, and was last updated by Ernest Marcinko 3 years, 7 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)

Author
Posts
September 15, 2020 at 11:43 pm #29383

cofece07
Participant
Hi.
We have the Ajax Search Pro plugin for WordPress. I´m trying to implement a NONCE key inside every search form. I´m using “wp_nonce_field” inside the “asp.shortcode.settings.php” file, and validating the NONCE inside the “ajax_search.php” file.
Validation works fine, if the NONCE value is wrong, “wp_verify_nonce” detect this, and in this point I need to end (or exit, or terminate) the execution, I do not want to excecute the query (jquery.ajaxsearchpro.min.jx). If I use “exit()”, “die()” or “wp_safe_redirect()”, the code does not do that and the query is being excecuted.
I am attaching a Word file with some screens of the code and the results from excecution. I´m using a development server.
We need the CSRF protection, could you please send me information about how to implement this protection?
Thanks in advance.
Attachments:
You must be logged in to view attached files.
September 16, 2020 at 8:54 am #29389

Ernest Marcinko
Keymaster
Hi,
If you maintain all of your plugins to the latest version, you should be perfectly safe from CSRF or any other attacks. For a CSRF query to execute, there must be a vulnerability, and I don’t see how using the search request could be used for that. Every aspect of the query, the arguments, everything is validated multiple times, currently we are not aware of any CSRF related issues with the search. There is no difference on how the query is executed for privileged and non-privileged users, so there is basically no ground for a CSRF attack.
Even if you were to add a nonce to the ajax request (which I don’t recommend, because for each query it has to be regenerated on the fly, which basically makes it useless, an attacker can easily bypass that), all of the site back-end still needs to get protection. In CSRF attacks, the attacker tricks a privileged user (like an admin) to click a link or a submit form to execute a query on the back-end, and it is much more likely, that an attack will be aimed at your site back-end with a request to a vulnerable file.
Instead of altering everything in the core files on your whole site, I rather suggest using a plugin like WordFence or a firewall, that detects suspicius and known vulnerability attacks, and blocks them before it reaches execution. It is much more secure, and does not require core file modifications.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
Author
Posts

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Attachments: