Security is a very important topic. To secure WordPress, you must have responsible users making use of an instance of WordPress that is only executing secure code (maybe helped by some extra “hardening”) on a secured server. But a compromise of any part of that can invalidate on all your work on any other part. There is no single solution to having a secure WordPress site. What we’re going to focus on in this article is what you, as a developer, should be thinking about when writing PHP for WordPress if you want to avoid the obvious errors and security blunders. We will not be talking about securing servers (for 90% of WordPress sites, the host takes care of that) or about using WordPress securely. (In short: use good passwords, keep updated.) This is also not an in-depth exploration of these topics. If you already recognize the top three threats: SQL injection, XSS, CSRF, you may not get a lot from this article. But if you don’t recognize them, we’ll give a thorough explanation of each—what they mean, what they are, and how to prevent them—and a few more common mistakes. Let’s get to it! Understand the Threats In this article, we’re
Share This

We are using cookies on our website

Please confirm, if you accept our tracking cookies. You can also decline the tracking, so you can continue to visit our website without any data sent to third party services.