[wp-hackers] A plugin to disable the Referer check and add nonces

Brian Layman Brian at TheCodeCave.com
Wed Apr 26 16:08:47 GMT 2006

I wrote my first WordPress plugin yesterday.  I called it "SN4WP: Simple
Nonces 4 WordPress".  Everyone was talking about creating a plugin to
disable the admin referer check, so I thought I'd take a whack at it.  It
isn't as good as what you can do with nonces outside of the plugin
restrictions, but it should help the situation.

Primary Features:
* Enables/Disables Referer check (Disabled by default) 
* Adds an optional "One IP per Admin Session" check (Disabled by default) 
* Times out sessions after inactivity (10 Minutes by default) 
* Posting - which takes longer - has a different time out period (30 Minutes
by default) 
* All features are configurable on a plugin options tab 

Since you all are familiar with the whole nonce/referer issue, would any of
you care to do some testing for me and tell me if I missed anything or did
anything wrong as far as WP plug in is concerned?  Like I said, this was my
first attempt at a plugin - but it seemed to be straight forward.  That
said, if you aren't comfortable with testing an alpha plugin on your own
board, who could blame ya.  The plug in should have zero effect outside of
the admin windows, if that's a comfort.  

It's available (with more info) here:

More information about the wp-hackers mailing list