Validating, Sanitizing and Escaping in WordPress Themes and Plugins

How secure is your WordPress theme or plugin? Are you confident that you have protected yourself, your clients or your users against the most common hacks? Validating, sanitizing and escaping are techniques that are foundational to the security of your website, application or software product. Learn how WordPress makes it easy for you to secure your code and start writing better code today!

Tips

  • Check your escaping by running a search for echo $ or echo get_
  • Use VIP Scanner if you are creating a theme.

Glossary

  • Sanitization — Cleaning user input. Any data that has been sanitized can be stored.
  • Validation — Checking user input. It is important that invalid data is rejected.
  • Escaping — Securing output. Properly securing output depends on the context.

Resources

Presented at: