Add an action for when nonce verification fails
|Reported by:||dd32||Owned by:|
Currently when a plugin (or core) calls check_admin_referer() there is no way for auditing (or debugging) plugins to hook in and record an event that the nonce check failed.
Previously it was possible to use the explain_nonce_$nonce filter to do this, but that was removed in .
If a plugin wants to record an event for a failing nonce, it'll need to call wp_verify_nonce() manually itself, and die afterwards, or call check_admin_referer() after verifying the nonce itself for logging purposes.
I'd suggest either resurrecting the previous filter as an action (for back compat) or adding a new nonce failure hook.