Security Best Practices

Understand how to manage WordPress user roles and permissions to protect your site. Learn to safely handle user-generated content by using WordPress escape functions that prevent execution of harmful JavaScript and sanitize input to maintain site security.

We'll cover the following...

Posting unfiltered HTML
Escape functions
Saving basic HTML

Someone may come to the site and in the body field, instead of writing a note, they might write some JavaScript code like <script>alert("Hahaha")</script> to make an alert message pop up. Now an alert is not something malicious but the idea is that if we are able to execute any JavaScript code, that is a security gap. You can execute any malicious JavaScript too.

However, when we save this note, we see that the opening and closing tags are removed by WordPress which prevents this code from actually being executed as JS. By default, WordPress only allows admin accounts to post unfiltered HTML. ...

1.Getting Started

2.Introduction

3.Theme files

4.Customizing WordPress Theme

5.Basic Website Design

6.Custom Post Types

7.Custom Fields

8.Custom Queries

9.Relationships between Post Types

10.Working with Images

11.JavaScript for WordPress

12.WordPress REST API

13.Custom REST API

14.Non-JavaScript Search

15.CRUD Operations on the WordPress REST API

16.User Roles and Permissions

17.WordPress Block Editor

18.Plugin Development

19.Conclusion

20.Appendix

Security Best Practices