Security is a very important topic. To secure WordPress, you must have responsible users making use of an instance of WordPress that is only executing secure code (maybe helped by some extra “hardening”) on a secured server. But a compromise of any part of that can invalidate on all your work on any other part. There is no single solution to having a secure WordPress site. What we’re going to focus on in this article is what you, as a developer, should be thinking about when writing PHP for WordPress if you want to avoid the obvious errors and security blunders. We will not be talking about securing servers (for 90% of WordPress sites, the host takes care of that) or about using WordPress securely. (In short: use good passwords, keep updated.) This is also not an in-depth exploration of these topics. If you already recognize the top three threats: SQL injection, XSS, CSRF, you may not get a lot from this article. But if you don’t recognize them, we’ll give a thorough explanation of each—what they mean, what they are, and how to prevent them—and a few more common mistakes. Let’s get to it! Understand the Threats In this article, we’re
Share This