0
0
Wordpressframework~10 mins

Plugin security (nonces, sanitization) in Wordpress - Interactive Code Practice

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallPerf
Practice - 5 Tasks
Answer the questions below
1fill in blank
easy

Complete the code to create a nonce field for security in a WordPress plugin form.

Wordpress
<?php wp_nonce_field([1], 'my_plugin_nonce'); ?>
Drag options to blanks, or click blank then click option'
A'my_plugin_action'
B'nonce_field'
C'my_plugin_nonce'
D'security_token'
Attempts:
3 left
💡 Hint
Common Mistakes
Using the nonce field name instead of the action name.
Leaving the first argument empty or incorrect.
2fill in blank
medium

Complete the code to verify the nonce in a WordPress plugin before processing form data.

Wordpress
if ( ! isset($_POST['my_plugin_nonce']) || ! wp_verify_nonce($_POST['my_plugin_nonce'], [1]) ) {
    die('Security check failed');
}
Drag options to blanks, or click blank then click option'
A'security_token'
B'my_plugin_nonce'
C'nonce_field'
D'my_plugin_action'
Attempts:
3 left
💡 Hint
Common Mistakes
Using the nonce field name instead of the action name.
Not checking if the nonce is set before verifying.
3fill in blank
hard

Fix the error in sanitizing a text input from a form in a WordPress plugin.

Wordpress
$user_input = [1]($_POST['user_text']);
Drag options to blanks, or click blank then click option'
Asanitize_text_field
Besc_html
Cwp_kses_post
Dsanitize_email
Attempts:
3 left
💡 Hint
Common Mistakes
Using esc_html which is for output escaping, not input sanitization.
Using sanitize_email for non-email inputs.
4fill in blank
hard

Fill both blanks to safely output a sanitized user input in a WordPress plugin.

Wordpress
echo [1]( [2] );
Drag options to blanks, or click blank then click option'
Aesc_html
B$user_input
Csanitize_text_field
Dwp_kses_post
Attempts:
3 left
💡 Hint
Common Mistakes
Not escaping output before echoing.
Trying to sanitize again at output instead of escaping.
5fill in blank
hard

Fill all three blanks to create a secure form handler in a WordPress plugin.

Wordpress
if ( isset($_POST['submit']) && wp_verify_nonce($_POST['[1]'], '[2]') ) {
    $safe_input = [3]($_POST['user_input']);
    // Process $safe_input
}
Drag options to blanks, or click blank then click option'
Amy_plugin_nonce
Bmy_plugin_action
Csanitize_text_field
Desc_html
Attempts:
3 left
💡 Hint
Common Mistakes
Mixing up nonce field name and action name.
Not sanitizing input before use.