resolved
Hi Byron,
I have Google Alerts set up to notify when new content is published with certain keywords for my site. I raised an eyebrow when the spiders found this page plugins/photosmash-galleries/ajax_rateimage.php with the words Security Check which is right at the start of that file -> `$nonce=$_REQUEST['_wpnonce'];
if (! wp_verify_nonce($nonce, 'bwbps-image-rating') ) die('Security check');`
What does that mean?
Zac
Hi Zac,
I'm not sure why the spiders would have crawled that page since it's tucked away in the Javascript that rates images, but I don't really know what all files they crawl. I wasn't aware that they would crawl urls in javascript, but I guess they do now.
At any rate, yes...if you try to access the url for the ajax_rateimage.php file without doing it from a rating, it will give you the Security Check warning and die. It is basically the standard WP nonce system that means it will not execute the rating action unless you can provide it with a valid nonce (which means "number used once").
Paste the full url into your browser and try to view the page...it should say "Security Check" and die. So, that is the behavior I would expect from the spider trying to access that page.
Cheers,
Byron