wpsms_unsubscribe_csrf_enabled
Disable CSRF checking for URL-based unsubscribe.
This filter allows you to disable CSRF (Cross-Site Request Forgery) protection for the URL-based unsubscribe functionality.
Default Behavior
By default, WP SMS includes CSRF security verification for unsubscribe requests. This protects against malicious unsubscribe attempts.
Disable CSRF Check
To allow users to unsubscribe via URL without CSRF verification:
add_filter('wpsms_unsubscribe_csrf_enabled', '__return_false');Unsubscribe URL Format
After disabling CSRF, users can unsubscribe using:
https://yoursite.com/?wpsms_unsubscribe=1xxxxxxxxxxxWhere 1xxxxxxxxxxx is the subscriber’s phone number.
WARNING
Disabling CSRF protection reduces security for unsubscribe operations. Only use this if you need seamless URL-based unsubscribes.
Use Cases
- Email campaigns with unsubscribe links
- SMS messages with unsubscribe URLs
- Third-party integrations requiring direct unsubscribe
Related
- Newsletter Settings - Configure newsletter options
- Manage Subscribers - View and manage subscribers
Last updated: December 28, 2025