Plugin Security
Congratulations, your code works! But is it safe? How will the plugin protect your users if their site gets hacked? The best plugins in the WordPress.org directory keep their users’ information safe.
Please keep in mind that your code may be running across hundreds, perhaps even millions, of websites, so security is of the utmost importance.
In this chapter we will cover how to check user capabilities, validate and sanitize input, sanitize output and create and validate nonces.
Quick Reference Quick Reference
See the complete example of security best practices for WordPress plugins and themes.
External Resources External Resources
- How to fix the intentionally vulnerable plugin by Jon Cave
- Theme and Plugin Security presentation by Mark Jaquith