csrf

SameSite Cookies | Ayesh Karunaratne | cookies

SameSite Cookies | Ayesh Karunaratne | cookies,csrf,samesite,security

Description This plugin adds the “SameSite” cookie flag to WordPress’s authentication cookies. On supported browsers (all current IE, Edge, Chrome, and Firefox), this can effectively prevent all Cross-Site Request Forgery attacks throughout your WordPress site. SameSite cookie flag support was added to PHP on version 7.3, but this plugin ships with a workaround to support …

SameSite Cookies | Ayesh Karunaratne | cookies,csrf,samesite,security Read More »

Comment Form CSRF Protection

Comment Form CSRF Protection | Ayesh Karunaratne | comments,csrf,security,spam

Description WordPress has an 9 year old unfixed security vulnerability that it does not properly validate incoming comments. An attacker can trick both anonymous and logged in users to post comments on a victim site without them realizing, while using their own credentials. See this issue for more information: https://core.trac.wordpress.org/ticket/10931 This is a tiny (fewer …

Comment Form CSRF Protection | Ayesh Karunaratne | comments,csrf,security,spam Read More »