Tag Archives: Replay attack

Securing your WordPress plugin AJAX calls using nonces

AJAX Logo In my last article on this topic I wrote about proper way of implementing AJAX with jQuery in your WordPress plugins. In this article I will show you how to implementing AJAX with jQuery in your WordPress plugins in more secure way by using WordPress nonces. Cryptographic nonce is number passed during communication whose purpose is to prevent someone sniffing authenticated communication to commit replay attack

by replaying captured communication request. Nonces protect you because every request has its own unique nonce, this way both sides can detect replay attack attempts. Now lets take a look at how WordPress implements nonce security. Continue reading