woo-security
WooCommerce Security
Before writing code
Fetch live docs:
- Web-search
site:developer.wordpress.org plugins securityfor WordPress security handbook - Web-search
site:developer.woocommerce.com security best practicesfor WooCommerce security - Web-search
wordpress security hardening latestfor current hardening guidance
Nonces (CSRF Protection)
How Nonces Work
WordPress nonces prevent Cross-Site Request Forgery:
- Generate:
wp_create_nonce( 'my_action' )orwp_nonce_field( 'my_action', 'my_nonce' )(for forms) - Verify:
wp_verify_nonce( $_POST['my_nonce'], 'my_action' )orcheck_admin_referer( 'my_action', 'my_nonce' ) - Valid for 24 hours (two 12-hour ticks)
AJAX Nonces
More from orcaqubits/agentic-commerce-skills-plugins
magento-performance
Optimize Magento 2 performance — full page cache (Varnish), Redis, indexer tuning, JavaScript/CSS optimization, database optimization, and profiling. Use when diagnosing slow pages, optimizing load times, or configuring caching.
4js-modern
Write modern JavaScript and TypeScript — ES6+ features, async/await, modules, destructuring, optional chaining, TypeScript types, and modern tooling. Use when writing JavaScript/TypeScript for BigCommerce themes, apps, or headless storefronts.
4graphql-dev
Write GraphQL queries, mutations, and subscriptions — fragments, code generation, TypedDocumentNode, variables, error handling, and client setup. Use when writing GraphQL code for Saleor.
4node-backend
Build Node.js backends for BigCommerce apps — Express/Fastify servers, OAuth handling, JWT verification, API proxy, webhook processing, session management, and deployment. Use when building the server-side component of BigCommerce apps.
4magento-service-contracts
Implement Magento 2 service contracts — repository interfaces, data interfaces, SearchCriteria, and the repository pattern. Use when building module APIs, data access layers, or integrating with Magento's Web API.
3magento-plugins-interceptors
Implement Magento 2 plugins (interceptors) — before, after, and around methods for modifying class behavior without inheritance. Use when extending core or third-party module functionality.
3