Experiences with adding Nonces to the comment form

2 Views

I was wondering about the impact nonces would have on the default comment form a theme has. Because Nonces are a built-in feature of WordPress I thought about giving it a try.

Does somebody has already implemented nonces in the standard comment form? (can’t imagine that I’m the first one who thinks about that… !)

Read More

Can someone suggest an already existing plugin that does the job or provide a code snippet that integrates the WP Nonce Field into the themes comment form and checks for it when the form gets submitted?

Post Views: 2

Related posts

Leave a Reply

1 comment

  1. I haven’t done this personally, but it would be pretty easy. If you are building your comment form manually, just before the end of the </form> put:

    <?php wp_nonce_field( 'comment_nonce' ) ?>

    Then, just hook into the pre_comment_on_post action which fires when you submit a comment:

    add_action( 'pre_comment_on_post', 'my_verify_comment_nonce' );

function my_verify_comment_nonce() {

    check_admin_referer( 'comment_nonce' );

}

    If you want to just hook into the standard comment form that Twenty Ten uses (comment_form()) then you could instead hook into comment_form like so:

    add_action( 'comment_form', 'my_add_comment_nonce_to_form' );

function my_add_comment_nonce_to_form() {

    wp_nonce_field( 'comment_nonce' );

}

    Not tested, so let me know if you have any issues!