WordPress.org

Search WordPress.org for:

Showcase
Themes
Plugins
Mobile
Support
- Documentation
- Forums
Get Involved
About
Blog
Hosting
Get WordPress

Plugin Handbook

Skip to content

Search for:

Chapters

Introduction to Plugin Development
- What is a Plugin?
Plugin Basics
Plugin Security
Hooks
Privacy
Administration Menus
- Top-Level Menus
- Sub-Menus
Shortcodes
Settings
Metadata
Custom Post Types
- Registering Custom Post Types
- Working with Custom Post Types
Taxonomies
- Working with Custom Taxonomies
- Split Terms (WP 4.2+)
Users
HTTP API
JavaScript, Ajax, & jQuery
Cron
Internationalization
The Plugin Directory
Developer Tools
- Debug Bar and Add-Ons
- Helper Plugins
Credits

Browse: Home / Plugin Handbook / Plugin Security

Plugin Security

Topics

Quick Reference
External Resources

Congratulations, your code works! But is it safe? How will the plugin protect your users if their site gets hacked? The best plugins in the WordPress.org directory keep their users’ information safe.

Please keep in mind that your code may be running across hundreds, perhaps even millions, of websites, so security is of the utmost importance.

In this chapter we will cover how to check user capabilities, validate and sanitize input, sanitize output and create and validate nonces.

Quick Reference Quick Reference

See the complete example of security best practices for WordPress plugins and themes.

External Resources External Resources

How to fix the intentionally vulnerable plugin by Jon Cave
Theme and Plugin Security presentation by Mark Jaquith

Handbook navigation

← Plugin Handbook Checking User Capabilities →

About
Blog
Hosting
Donate

Support
Developers
Get Involved

Showcase
Plugins
Themes

WordCamp
WordPress.TV
BuddyPress
bbPress

WordPress.com
Matt
Privacy
Public Code

@WordPress
WordPress

Code is Poetry.

Skip to toolbar

About WordPress
- About WordPress

Search
Log In
Register