I’m creating a template for comments on my WordPress site. I noticed that a simple <script>alert(1);</script> slips through the default WP codex implementation of comments, using the comment_text() function to display my comments. No bueno.
I have a question regarding a wordpress site I have recently developed for a client. I have only until now developed a site for small clients that just require personal websites, however this client has asked me to redeveloped his site as the current one has alot of security issues. Anyway I have created the site and shown it to him and he has asked if I can ‘apply input sanitation so special characters like @,&,-,+,% are not allowed’ to the login field.
I’ve been tasked with managing a WordPress site that was developed and configured by some other team. During a basic security scan, I’ve realized that the following end-point https://www.mywordpress.com/wp-json does not restrict the Origin for some reason.
Pretty straight forward question, but I’ll provide any clarifications needed.
I want to do it as a security precaution. I’ve already taken other actions. But I want to be able to login only with my admin username. Is there a way to do that or even a plugin?
I have just made a WordPress plugin and I would like to scan it for OWASP Top 10 vulnerabilities, any resources on how to get started here? Thanks Answers: Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat … Read more
I would like to inform and request help from the community.
Is there any option to check all my plugins, core and themes on a website for security issues?
I’m working on a custom search page and I usually use wpdb->prepare when crafting custom queries. But this time I went with get_posts to create the below query. But I’m wondering if I have to worry about SQL Injection with it. Should I? Or does get_posts() have that security built in?
I’m using WordPress to host a few sites. Lately it includes this feature called Site Health Status. This information has in part been valuable, but it also itches me the wrong way somehow that I can’t get it to show “green” due to something I’d consider non-issues 😉