[wp-hackers] Developer portal
feeds at armeda.com
Sat Dec 12 22:42:47 UTC 2009
We should get all these great ideas up on a page.
Sent from my iPhone
On Dec 12, 2009, at 2:35 PM, Jordi Canals <jordi at jcanals.cat> wrote:
> 2009/12/12 Simon Blackbourn <piemanek at gmail.com>
> A whole section on plugin security (using wp_nonce, avoiding xss,
> things to
>> be aware of when handling user input, etc.).
>> A lot of this is not specific to WordPress of course, but I think a
>> lot of
>> self-taught coders (myself included) really first got to grips with
>> through writing WordPress plugins and themes.
>> An easy to follow security checklist, plus other WordPress-specific
>> plus links to existing security resources online would have been very
> Really a best practices for plugins and themes security is a must.
> when them allow input from anybody else than administrators.
> The security checklist for nonces and sanitizes would be really
> Most of us have security on mind, but always can forget something, and
> having it from the WordPress point of view would be useful.
> Have more information about the best way to sanitize an option, an
> email or
> a text string by using the core WP functions, will help to avoid
> any insecure plugin or theme.
> Jordi Canals
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
More information about the wp-hackers