How secure is your WordPress theme or plugin? Are you confident that you have protected yourself, your clients or your users against the most common hacks? Validating, sanitizing and escaping are techniques that are foundational to the security of your website, application or software product. Learn how WordPress makes it easy for you to secure your code and start writing better code today!
Tips
- Check your escaping by running a search for
echo $
orecho get_
- Use VIP Scanner if you are creating a theme.
Glossary
- Sanitization — Cleaning user input. Any data that has been sanitized can be stored.
- Validation — Checking user input. It is important that invalid data is rejected.
- Escaping — Securing output. Properly securing output depends on the context.
Resources
- Tuts+ – Data Sanitization and Validation with WordPress
- WordPress VIP – Validating, Sanitizing and Escaping
- WordPress.org – Validating, Sanitizing and Escaping User Data
- Mike Jolley – Keeping your shit secure
Presented at:
- WordCamp Birmingham 2014
- WordCamp Jacksonville 2016