Security Archives - Ryan Kienstra

WordPress VIP Similarities

By: Ryan Kienstra on: January 4, 2015  in: Security, WordPress VIP

Some of the coding standards for the WordPress VIP platform are similar to the normal WP standards. Developers with plugins and themes on will know them. But these become more important in the high-volume VIP multi-sites. These practices can improve security and performance of any WordPress site. Remote Requests Use the WordPress APIs, like […] Read more

escaping WordPress output icon

Escaping WordPress Output

By: Ryan Kienstra on: January 3, 2015  in: Security, WordPress VIP

Never assume anything. That’s a core principle of the WordPress VIP Standards. Don’t assume that data is secure. Even if it was validated on input. Even if an administrator entered it. Almost all PHP values should be escaped when they’re echoed. This will guard against malicious scripts. And ensure that the display isn’t broken by the […] Read more

securing input shield

Securing WordPress Input

By: Ryan Kienstra on: December 31, 2014  in: Security, WordPress VIP

Lessons From The VIP Standards All data entered on a site should be checked, no mattter who entered it. Even the administrator could click a malicious link. There are two methods of securing WordPress input: validation and sanitization. As with any security issue, use the most restrictive measure you can. Therefore, Prefer Validation to Sanitization Validation […] Read more

WordPress Security (For Programmers)

By: Ryan Kienstra on: October 13, 2014  in: Plugins, Programming, Security

WordPress recommends adding this line to the top of every theme file to prevent direct access: <?php defined( 'ABSPATH' ) or die( 'No direct access!' ) ; ?> Adam Onishi’s book Pro WordPress Theme Development recommends adding this to the functions.php file: remove_action( 'wp_head', 'wp_generator' ) ; remove_action( 'wp_head', 'rsd_link' ) ; remove_action( 'wp_head', 'wlwmanifest_link' ) […] Read more

WordPress Security Icon

Website Security

By: Ryan Kienstra on: October 12, 2014  in: Plugins, Security

There are probably more threats to your site than you think. But some simple steps can make it safer. Limit Login Attempts Installing the WordPress plugin Limit Login Attempts is a great first step. The hosting company installs this in every site. Obscure Username When you’re setting up your site, try to make your […] Read more