Auth Nonce

  • Resolved superficial

    (@superficial)


    8 years ago

    Sorry, can you tell me what this &ip-geo-block-auth-nonce=xxx attribute actually does and why it is necessary (is it)?
    Thanks!

Viewing 1 replies (of 1 total)
  • Plugin Author tokkonopapa

    (@tokkonopapa)

    A nonce is a secret key which should be known only by the authenticated user who is on the certain page at the certain moment. It can block malicious requests posted by hackers who doesn’t know that secret key.

    WordPress core uses a nonce at every important end-point to protect site against CSRF by an unauthorized hacker. But sometimes plugin or theme author forget to use it for their product.

    This plugin’s nonce prevent not only this type of malicious exploit but also others such as SQLi posted to the important end-point.

    This method is smarter than the other type of firewall based on the attack patterns because the number of attack patterns is huge. For example, Wordfence takes a lot of time.

    The result of P3 (only on front-end)

    But unfortunately, this method is not a perfect solution. So I combine other methods such as country blocking, investigating of bad signatures and so on. The combination of these methods can drastically reduce the risk of infection. You can refer to this document.

    Thanks for your asking.

Viewing 1 replies (of 1 total)
  • The topic ‘Auth Nonce’ is closed to new replies.