Prevent Cross-Site Request Forgery attacks on your comments form.
WordPress has a 12-year-old unfixed security vulnerability that it does not properly validate incoming comments.
An attacker can trick both anonymous and logged-in users to post comments on a victim site without them realizing, while using their own credentials.
See this issue for more information: https://core.trac.wordpress.org/ticket/10931
This is a tiny (fewer than 40 effect lines of code) module that adds a secure token to the comment form and validate it before accepting any comment, thus making your comment forms secure as they should\’ve been for all these years!
It provides no UI – just install it, and you are all set!
/wp-content/plugins/
directory, or install the plugin through the WordPress plugins screen directly.This is a minor release that contains minimal changes.
composer.json
file that it required PHP^7.2 instead of intended ^7.1Minor release that contains several typo fixes and WordPress 6.3 compatibility