Recapping Our Advice on WordPress Security
I’ve been writing about WordPress security solidly on WPShout for the last month or so, and today in place of your regular Tuesday post, I wanted to recap some of the posts, and give you another opportunity to give them a read:
- Principles of Secure WordPress Code. Back in June, this post focussed on what you, as a developer, should be thinking about when writing PHP for WordPress if you want to avoid the obvious errors and security blunders. This is expanded on greatly in the course.
- Security Through Obscurity is Not Security At All. Deliberately provocative, this post takes aim at the idea “security through obscurity” (ie hiding you’re running WordPress) is good practice.
- Preventing XSS WordPress Attacks Complete Guide to Validating, Sanitizing, and Escaping Data. This post explores how cross-site scripting is dangerous, and how to do validation, sanitization, and escaping in WordPress, in order to protect your site.
- What I Learned Interviewing 10 WordPress Security Experts. For the new course I talked to people like Aaron Campbell, Tony Perez, and Chris Weigman. This post rounds up the key lessons I took from each of these conversations, and makes for fascinating reading.
If you missed any of these, or need the opportunity to recap, really do take the opportunity. You can also take the opportunity to be inspired, and take your WordPress security knowledge to the next level, with WordPress Security with Confidence, my excellent new course. For further samples, you can read my complete guide to WordPress security, which runs through some basic beginner points that are essential for securing any WordPress site.