How to check plugins for malicious code?
Our new hosting company ran a security check on our installation and I was very surprised to hear that a premium plugin we had purchased (Easy Media Gallery Pro) contained malicious code.
security
What is the difference between esc_html filter vs attribute_escape filter?
What is the exact difference between esc_html and attribute_escape filter?
How can I lock down an old wordpress install I don’t intend to update?
I am starting a new wordpress blog, and no longer updating an old one.
The old one still gets 400-500 hits a day, so I would like to keep it up for archival purposes, as people still link to its posts.
Obviously there is the problem that wordpress and plugins will be updated, and I have no desire to maintain it.
How can I lock the installation of wordpress down so I don’t need to maintain it?
I have seen someone suggest making a static version, which sounds like alot of work. A more reasonable solution I thought of was to disable write access to the database at the database user level. I’m fine with disabling comments from now on.
Should I escape wordpress functions like the_title, the_excerpt, the_content
I had look at the code but I couldnt see any escaping on funcions like the_title the_content the_excerptetc. I might not be reading it right. Do I need to escape these functions in theme development like:
Is there a way to force ssl on certain pages
I want to force a secure connection on some of my pages (ones with forms), but I don’t want the whole site to work with ssl (slows it down)
Understanding SVG vulnerabilities in WordPress related to a specific fix
I have enabled SVG uploading for my WordPress logo using the answer provided on this stack link, despite having read, in numerous places, that SVG support in a WordPress site opens it up to scripting attacks. Here is just one such source:
Which ways can be used to log in to WordPress?
FYI: This has been also posted here since I’m fairly new to this website and didn’t know that the WordPress part existed. Sorry for the repost.
Should I remove install.php and install-helper.php?
Is keeping wp-admin/install.php and wp-admin/install-helper.php a security leak on the newer versions of wordpress? By default file permission on those files are 644.