-1

Title: How to Securely Handle AJAX Authentication in a Custom WordPress Template?

Question:

Hi everyone,

I'm designing a custom template in WordPress that includes a form. When a user submits the form, a follow-up code for a service needs to be submitted. The process involves two AJAX requests:

1.The first AJAX request obtains a user & password to another server using authentication. The second AJAX request uses this token and the follow-up code to get a response from the server, which is then displayed to the user.

2.The issue is that I need to include the authentication username and password in the AJAX request to obtain the token from the server.

Is there a secure way to handle this in WordPress without exposing the credentials in the client-side JavaScript? Does WordPress provide a solution for securely embedding authentication details in AJAX requests?

I try enqueue the auth as an array in wordpress. but when I see the codes of page I can see the data in front page.

Thanks for your help!

Improve this question
1

1 Answer 1

Reset to default
0

For this I suggest you to use the WordPress nonce which helps you in making the form secure.

The process for sending secure Ajax requests for WordPress follows the given procure:

  1. First we need to enqueue your JavaScript file and use wp_localize_script.
  2. Then, we need to ensure JavaScript is sending the security nonce.
  3. After this we need to check the security value in our callback and handle it appropriately.

Please find the link which broadly shows it's implementation.

https://tommcfarlin.com/secure-ajax-requests-in-wordpress/

Improve this answer

Not the answer you're looking for? Browse other questions tagged or ask your own question.