woo-security
Installation
SKILL.md
WooCommerce Security
Before writing code
Fetch live docs:
- Web-search
site:developer.wordpress.org plugins securityfor WordPress security handbook - Web-search
site:developer.woocommerce.com security best practicesfor WooCommerce security - Web-search
wordpress security hardening latestfor current hardening guidance
Nonces (CSRF Protection)
How Nonces Work
WordPress nonces prevent Cross-Site Request Forgery:
- Generate:
wp_create_nonce( 'my_action' )orwp_nonce_field( 'my_action', 'my_nonce' )(for forms) - Verify:
wp_verify_nonce( $_POST['my_nonce'], 'my_action' )orcheck_admin_referer( 'my_action', 'my_nonce' ) - Valid for 24 hours (two 12-hour ticks)