[wp-hackers] Developer portal

Jordi Canals jordi at jcanals.cat
Sat Dec 12 22:35:47 UTC 2009

2009/12/12 Simon Blackbourn <piemanek at gmail.com>

A whole section on plugin security (using wp_nonce, avoiding xss, things to
> be aware of when handling user input, etc.).
> A lot of this is not specific to WordPress of course, but I think a lot of
> self-taught coders (myself included) really first got to grips with PHP
> through writing WordPress plugins and themes.
> An easy to follow security checklist, plus other WordPress-specific info,
> plus links to existing security resources online would have been very
> welcome.
Really a best practices for plugins and themes security is a must. Specially
when them allow input from anybody else than administrators.
The security checklist for nonces and sanitizes would be really appreciated.
Most of us have security on mind, but always can forget something, and
having it from the WordPress point of view would be useful.

Have more information about the best way to sanitize an option, an email or
a text string by using the core WP functions, will help to avoid releasing
any insecure plugin or theme.

Jordi Canals

More information about the wp-hackers mailing list