diff --git a/includes/class-main.php b/includes/class-main.php
index b9500e5939f10737b4712f6c5bd327451361b8bb..fa714e0b5a9dce05e0bc0bb5215f2aeacb72dfef 100644
--- a/includes/class-main.php
+++ b/includes/class-main.php
@@ -19,7 +19,8 @@ class Main {
 			return;
 		}
 
-		// TODO: nonce/referrer checks
+		// Validate request
+		check_admin_referer( 'bulk-posts' );
 
 		// Parse request to determine what to do
 		$vars = self::capture_vars();