diff --git a/system/admin/views/add-page.html.php b/system/admin/views/add-page.html.php
index c0412cc..5875bee 100644
--- a/system/admin/views/add-page.html.php
+++ b/system/admin/views/add-page.html.php
@@ -13,6 +13,7 @@
 		<br><br>
 		<div id="wmd-button-bar" class="wmd-button-bar"></div>
 		<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php if (isset($postContent)) { echo $postContent;} ?></textarea><br/>
+		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 		<input type="submit" name="submit" class="submit" value="Publish"/>
 	</form>
 </div>
diff --git a/system/admin/views/add-post.html.php b/system/admin/views/add-post.html.php
index 4c62a1b..c0f9eae 100644
--- a/system/admin/views/add-post.html.php
+++ b/system/admin/views/add-post.html.php
@@ -14,6 +14,7 @@
 		<br><br>
 		<div id="wmd-button-bar" class="wmd-button-bar"></div>
 		<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php if (isset($postContent)) { echo $postContent;} ?></textarea><br/>
+		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 		<input type="submit" name="submit" class="submit" value="Publish"/>
 	</form>
 </div>
diff --git a/system/admin/views/delete-page.html.php b/system/admin/views/delete-page.html.php
index 5db0fd6..99aafa8 100644
--- a/system/admin/views/delete-page.html.php
+++ b/system/admin/views/delete-page.html.php
@@ -27,6 +27,7 @@
 <?php echo '<p>Are you sure want to delete <strong>' . $p->title . '</strong>?</p>';?>
 <form method="POST">
 	<input type="hidden" name="file" value="<?php echo $p->file ?>"/><br>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" value="Delete"/>
 	<span><a href="<?php echo $back ?>">Cancel</a></span>
 </form>
\ No newline at end of file
diff --git a/system/admin/views/delete-post.html.php b/system/admin/views/delete-post.html.php
index 13e16bf..63989cf 100644
--- a/system/admin/views/delete-post.html.php
+++ b/system/admin/views/delete-post.html.php
@@ -34,6 +34,7 @@
 <?php echo '<p>Are you sure want to delete <strong>' . $p->title . '</strong>?</p>';?>
 <form method="POST">
 	<input type="hidden" name="file" value="<?php echo $p->file ?>"/><br>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" value="Delete"/>
 	<span><a href="<?php echo $back ?>">Cancel</a></span>
 </form>
\ No newline at end of file
diff --git a/system/admin/views/edit-page.html.php b/system/admin/views/edit-page.html.php
index 9a4c17e..58a0009 100644
--- a/system/admin/views/edit-page.html.php
+++ b/system/admin/views/edit-page.html.php
@@ -45,6 +45,7 @@
 	<div id="wmd-button-bar" class="wmd-button-bar"></div>
 	<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
 	<input type="hidden" name="oldfile" class="text" value="<?php echo $url ?>"/>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" class="submit" value="Save"/> <a href="<?php echo $delete?>">Delete</a>
 </form>
 </div>
diff --git a/system/admin/views/edit-post.html.php b/system/admin/views/edit-post.html.php
index 6cc9eb5..8429d1f 100644
--- a/system/admin/views/edit-post.html.php
+++ b/system/admin/views/edit-post.html.php
@@ -60,6 +60,7 @@
 	<div id="wmd-button-bar" class="wmd-button-bar"></div>
 	<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
 	<input type="hidden" name="oldfile" class="text" value="<?php echo $url ?>"/>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" class="submit" value="Save"/> <a href="<?php echo $delete?>">Delete</a>
 </form>
 </div>
diff --git a/system/admin/views/edit-profile.html.php b/system/admin/views/edit-profile.html.php
index ef1971c..e995dc7 100644
--- a/system/admin/views/edit-profile.html.php
+++ b/system/admin/views/edit-profile.html.php
@@ -37,6 +37,7 @@
 	Title <span class="required">*</span> <br><input type="text" name="title" class="text <?php if (isset($postTitle)) { if (empty($postTitle)) { echo 'error';}} ?>" value="<?php echo $oldtitle?>"/><br><br>
 	<div id="wmd-button-bar" class="wmd-button-bar"></div>
 	<textarea id="wmd-input" class="wmd-input <?php if (isset($postContent)) { if (empty($postContent)) { echo 'error';}} ?>" name="content" cols="20" rows="10"><?php echo $oldcontent ?></textarea><br>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" class="submit" value="Save"/>
 </form>
 </div>
diff --git a/system/admin/views/import.html.php b/system/admin/views/import.html.php
index 28da33f..b402de1 100644
--- a/system/admin/views/import.html.php
+++ b/system/admin/views/import.html.php
@@ -6,5 +6,6 @@
 <form method="POST">
 	Feed Url <span class="required">*</span> <br><input type="url" class="text <?php if (isset($url)) { if (empty($url)) { echo 'error';}} ?>" name="url"/><br><br>
 	Add source link (optional) <input type="checkbox" class="checkbox" name="credit" value="yes"/><br><br>
+	<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 	<input type="submit" name="submit" class="submit" value="Import"/>
 </form>
\ No newline at end of file
diff --git a/system/admin/views/login.html.php b/system/admin/views/login.html.php
index e5d3d0b..cc97d9f 100644
--- a/system/admin/views/login.html.php
+++ b/system/admin/views/login.html.php
@@ -8,6 +8,7 @@
 		<input type="text" class="<?php if (isset($username)) { if (empty($username)) { echo 'error';}} ?>" name="user"/><br><br>
 		Password <span class="required">*</span> <br>
 		<input type="password" class="<?php if (isset($password)) { if (empty($password)) { echo 'error';}} ?>" name="password"/><br><br>
+		<input type="hidden" name="csrf_token" value="<?php echo get_csrf()?>">
 		<input type="submit" name="submit" value="Login"/>
 	</form>
 <?php } else {header('location: admin');} ?>
\ No newline at end of file
diff --git a/system/htmly.php b/system/htmly.php
index 2ceae1a..9720f68 100644
--- a/system/htmly.php
+++ b/system/htmly.php
@@ -58,9 +58,11 @@ get('/index', function () {
 // Get submitted login data
 post('/login', function() {
 	
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	
 	$user = from($_REQUEST, 'user');
 	$pass = from($_REQUEST, 'password');
-	if(!empty($user) && !empty($pass)) {
+	if($proper && !empty($user) && !empty($pass)) {
 	
 		session($user, $pass, null);		
 		$log = session($user, $pass, null);
@@ -85,6 +87,9 @@ post('/login', function() {
 		if (empty($pass)) {
 			$message['error'] .= '<li>Password field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		
 		config('views.root', 'system/admin/views');
 		
@@ -193,6 +198,8 @@ get('/:year/:month/:name/edit', function($year, $month, $name){
 
 // Get edited data for blog post
 post('/:year/:month/:name/edit', function() {
+
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
 	
 	$title = from($_REQUEST, 'title');
 	$tag = from($_REQUEST, 'tag');
@@ -200,7 +207,7 @@ post('/:year/:month/:name/edit', function() {
 	$content = from($_REQUEST, 'content');
 	$oldfile = from($_REQUEST, 'oldfile');
 	$destination = from($_GET, 'destination');
-	if(!empty($title) && !empty($tag) && !empty($content)) {
+	if($proper && !empty($title) && !empty($tag) && !empty($content)) {
 		if(!empty($url)) {
 			edit_post($title, $tag, $url, $content, $oldfile, $destination);
 		}
@@ -220,6 +227,9 @@ post('/:year/:month/:name/edit', function() {
 		if (empty($content)) {
 			$message['error'] .= '<li>Content field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		config('views.root', 'system/admin/views');
 		
 		render('edit-post',array(
@@ -280,10 +290,13 @@ get('/:year/:month/:name/delete', function($year, $month, $name){
 // Get deleted data for blog post
 post('/:year/:month/:name/delete', function() {
 
-	$file = from($_REQUEST, 'file');
-	$destination = from($_GET, 'destination');	
-	delete_post($file, $destination);
-	
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	if($proper)
+	{
+		$file = from($_REQUEST, 'file');
+		$destination = from($_GET, 'destination');	
+		delete_post($file, $destination);
+	}
 });
 
 // The author page
@@ -356,11 +369,13 @@ get('/edit/profile', function(){
 
 // Get edited data for static page
 post('/edit/profile', function() {
-
+	
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	
 	$user = $_SESSION[config("site.url")]['user'];
 	$title = from($_REQUEST, 'title');
 	$content = from($_REQUEST, 'content');
-	if(!empty($title) && !empty($content)) {
+	if($proper && !empty($title) && !empty($content)) {
 		edit_profile($title, $content, $user);
 	}
 	else {
@@ -371,6 +386,9 @@ post('/edit/profile', function() {
 		if (empty($content)) {
 			$message['error'] .= '<li>Content field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		config('views.root', 'system/admin/views');
 		
 		render('edit-profile',array(
@@ -627,13 +645,14 @@ get('/:static/edit', function($static){
 
 // Get edited data for static page
 post('/:static/edit', function() {
-
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	
 	$title = from($_REQUEST, 'title');
 	$url = from($_REQUEST, 'url');
 	$content = from($_REQUEST, 'content');
 	$oldfile = from($_REQUEST, 'oldfile');
 	$destination = from($_GET, 'destination');
-	if(!empty($title) && !empty($content)) {
+	if($proper && !empty($title) && !empty($content)) {
 		if(!empty($url)) {
 			edit_page($title, $url, $content, $oldfile, $destination);
 		}
@@ -650,6 +669,9 @@ post('/:static/edit', function() {
 		if (empty($content)) {
 			$message['error'] .= '<li>Content field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		config('views.root', 'system/admin/views');
 		
 		render('edit-page',array(
@@ -697,10 +719,13 @@ get('/:static/delete', function($static){
 // Get deleted data for static page
 post('/:static/delete', function() {
 
-	$file = from($_REQUEST, 'file');
-	$destination = from($_GET, 'destination');
-	delete_page($file, $destination);
-	
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	if($proper)
+	{
+		$file = from($_REQUEST, 'file');
+		$destination = from($_GET, 'destination');
+		delete_page($file, $destination);
+	}
 });
 
 // Add blog post
@@ -725,12 +750,14 @@ get('/add/post', function(){
 // Get submitted blog post data
 post('/add/post', function(){
 
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+
 	$title = from($_REQUEST, 'title');
 	$tag = from($_REQUEST, 'tag');
 	$url = from($_REQUEST, 'url');
 	$content = from($_REQUEST, 'content');
 	$user = $_SESSION[config("site.url")]['user'];
-	if(!empty($title) && !empty($tag) && !empty($content)) {
+	if($proper && !empty($title) && !empty($tag) && !empty($content)) {
 		if(!empty($url)) {
 			add_post($title, $tag, $url, $content, $user);
 		}
@@ -750,6 +777,9 @@ post('/add/post', function(){
 		if (empty($content)) {
 			$message['error'] .= '<li>Content field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		config('views.root', 'system/admin/views');
 		render('add-post',array(
 			'head_contents' => head_contents('Add post - ' . blog_title(), blog_description(), site_url()),
@@ -787,10 +817,12 @@ get('/add/page', function(){
 // Get submitted static page data
 post('/add/page', function(){
 
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
+	
 	$title = from($_REQUEST, 'title');
 	$url = from($_REQUEST, 'url');
 	$content = from($_REQUEST, 'content');
-	if(!empty($title) && !empty($content)) {
+	if($proper && !empty($title) && !empty($content)) {
 		if(!empty($url)) {
 			add_page($title, $url, $content);
 		}
@@ -807,6 +839,9 @@ post('/add/page', function(){
 		if (empty($content)) {
 			$message['error'] .= '<li>Content field is required.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		config('views.root', 'system/admin/views');
 		render('add-page',array(
 			'head_contents' => head_contents('Add page - ' . blog_title(), blog_description(), site_url()),
@@ -840,6 +875,8 @@ get('/admin/import',function(){
 
 // Get import post
 post('/admin/import', function() {
+
+	$proper = is_csrf_proper(from($_REQUEST, 'csrf_token'));
 	
 	$url = from($_REQUEST, 'url');
 	$credit = from($_REQUEST, 'credit');
@@ -865,6 +902,9 @@ post('/admin/import', function() {
 		if(empty($url)) {
 			$message['error'] .= '<li>You need to specify the feed url.</li>';
 		}
+		if(! $proper ) {
+			$message['error'] .= '<li>CSRF Token not correct.</li>';
+		}
 		
 		config('views.root', 'system/admin/views');
 		
diff --git a/system/includes/functions.php b/system/includes/functions.php
index f2fcccc..1644e78 100644
--- a/system/includes/functions.php
+++ b/system/includes/functions.php
@@ -1702,4 +1702,27 @@ function file_cache($request) {
 		readfile($cachefile);
 		die;
 	}
+}
+
+function generate_csrf_token()
+{
+	$_SESSION[config("site.url")]['csrf_token'] = sha1(microtime(true).mt_rand(10000,90000));
+}
+
+function get_csrf()
+{
+	if(! isset($_SESSION[config("site.url")]['csrf_token']) || empty($_SESSION[config("site.url")]['csrf_token']))
+	{
+		generate_csrf_token();
+	}
+	return $_SESSION[config("site.url")]['csrf_token'];
+}
+
+function is_csrf_proper($csrf_token)
+{
+	if($csrf_token == get_csrf())
+	{
+		return true;
+	}
+	return false;
 }
\ No newline at end of file