説明
The core functions’ documentation states that nonces, small validity tokens used throughout WordPress core and other plugins, have a lifespan of 1 day, however they can last as little as half that time. For common usage that may not be a problem, but if that lifespan is relied upon in any meaningful way, inexplicable failures can occur. For example, filters that shorten the lifespan may randomly make it difficult to complete some tasks before their nonce expires. Very long lifespans, such as those set by many caching and SEO optimization plugins, can result in forms and other actions suddenly breaking before the cached content expires and new nonces get generated. Imagine a contact form that’s cached for a week but stops working after 4 days, then starts working again if that cache is cleared. A cursory search for terms like caching nonce expired wordpress yields many results for relevant problems.
This plugin guarantees a nonce will last at least as long as it’s intended to, but up to ⅛ of a lifepsan more. By default, this means a nonce will last from 24 up to 27 hours, rather than anywhere from 12 to 24 hours. It was created because changing the behaviour of such old code was deemed inappropriate (in ticket #53236), given the functions are pluggable.
Hourglass icon by mavadee.
インストール
- Install the plugin in the usual way, through the admin interface by uploading manually or searching on the Plugins page.
- Clear all caching plugins’ content.
- Test that forms, etc. on your site are still working. You may need to force-reload affected pages first, and clear your browser’s cache.
評価
このプラグインにはレビューがありません。
貢献者と開発者
変更履歴
1.2.0
Make the NONCENSIBLE_TICKS_PER_NONCE_LIFE constant overridable in config, in case you want lower or higher resolution than 8, but still need the guaranteed lifespan.
1.1.0
Compatibility with WP v6.1: passing wp_verify_nonce()‘s $action parameter to wp_nonce_tick().