This plugin is outdated and might not be supported anymore
Back
Comment Form CSRF Protection

Comment Form CSRF Protection

By Ayesh Karunaratne
Details
View on WordPress
Back

WordPress has a 12-year-old unfixed security vulnerability that it does not properly validate incoming comments.

An attacker can trick both anonymous and logged-in users to post comments on a victim site without them realizing, while using their own credentials.

See this issue for more information: https://core.trac.wordpress.org/ticket/10931

This is a tiny (fewer than 40 effect lines of code) module that adds a secure token to the comment form and validate it before accepting any comment, thus making your comment forms secure as they should\’ve been for all these years!

It provides no UI – just install it, and you are all set!

  1. This plugin adds a secret cryptographically-secure token to the comment form. This is a unique value and is computationally impractical to guess it.
  2. Upon comment submission, the comment is rejected if the secret tokens are not present or computationally invalid.

Details

Plugin code:
comment-form-csrf-protection
Plugin version:
1.4
Author:
Ayesh Karunaratne
Outdated:
Yes
WP version:
4.2 or higher
PHP version:
7.1 or higher
Test up to WP version:
6.3.5
Total installations:
500
Last updated:
2023-07-23
Rating:
Times rated:
2
comments
csrf
security
spam

Related plugins

Plugins that also contain the tag comments

Akismet Anti-spam: Spam Protection
Akismet Anti-spam: Spam Protection
Antispam Bee
Antispam Bee
Disable Comments
Disable Comments
Gravatar Enhanced – Avatars, Profiles, and Privacy
Gravatar Enhanced – Avatars, Profiles, and Privacy
Comments – wpDiscuz
Comments – wpDiscuz
Disqus Comment System
Disqus Comment System
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
gutenberg
custom
media
block
social-media
ai
automation
facebook
newsletter
payment-gateway
shipping
links
category
post
feed
reviews
theme
admin
button
contact-form-7
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology