WordPress.org

Ready to get started?Download WordPress

Forums

iThemes Security (formerly Better WP Security)
[Plugin: Better WP Security] Are you sure you want to do this? message (2 posts)

  1. acurran
    Member
    Posted 1 year ago #

    Hello,
    I'm the author of a plugin, flexi-quote-rotator. I love your Better WP Security plugin. After having a few websites hacked I've been looking for the ultimate security plugin and I think this is it.

    I seem to be having a bit of a conflict when using Better WP Security with my flexi-quote-rotator. More than likely it is something on my end but I'm a bit stumped so I'm turning here to see if anyoneone has any ideas that could point me in the right direction. When Better WP Security is enabled and I try to delete a quote I get unhelpfull WordPress error message 'Are you sure you want to do this?'. But when I disable Better WP Security the delete works ok. My delete action uses query string parameters, it looks like this:
    .../wp-admin/edit.php?page=flexi-quote-rotator.php&action=delete-quote&id=1&_wpnonce=07c5ec3b55

    I thought it might have something to do with the settings such as:
    Filter Request Methods
    Filter Suspicious Query Strings
    Prevent long URL strings

    so I disabled all of these but that didn't do it.

    I think it possibly might be something do do with the nonce key validation because you will also get this 'Are you sure you want to do this?' message if you submit a request with a bad nonce key. My code that processes the delete request is:

    if($_GET['action']=="delete-quote" && check_admin_referer('fqr-nonce'))
       	{
       		$management->deleteQuote($_GET['id']);
       	}

    my code that generates the delete action url is:

    $delURL = wp_nonce_url(get_settings('siteurl') . "/wp-admin/edit.php?page=flexi-quote-rotator.php&action=delete-quote&id=" . $result->id, 'fqr-nonce');

    Is there any way that Better WP Security could be changing how the nonce works?

    Or any other ideas what could be causing this conflict?

    Thanks,
    Aidan

    http://wordpress.org/extend/plugins/better-wp-security/

  2. acurran
    Member
    Posted 1 year ago #

    another interesting observation to add:

    if Better WP Security is not enabled, delete works. If I enable Better WP Security, delete still works until I log out and in again, then it fails.

    Similar the other way round: Better WP Security is enabled and delete doesn't work. If I disable Better WP Security, delete still does not work until I log out and in again.

Topic Closed

This topic has been closed to new replies.

About this Plugin

About this Topic

Tags