Reducing user input for security

  • I disabled all comments on my wordpress site but there is still the search box. and also of course the login page which is a must have for all sites. so disabling comments means nothing because i have these where users can make inputs anyway? so as far as security, as long as there is a field a user can make input , such as a search box, or login page or comment section or something else, it doesnt matter which of these I have and as long as there is one it is a vulnerability? so then, how about in addition to removing search box, also changing the default file name of wp-login? so there will be nowhere to make input? does it make sense? what is the best approach otherwise? just use wordfence etc.. and it protects all kinds of user input fields (and not just login box)?

Viewing 6 replies - 1 through 6 (of 6 total)

  • Having user inputs is not in itself a vulnerability. Vulnerabilities happen when the user input isn’t handled correctly. With that in mind, having a standard WordPress search field and logins on your site is probably one of the most secure things that you can have as the code for these has been viewed and verified to a lot of people.

    Thread Starter ketanco

    (@ketanco)

    ahh ok.

    but the search box is displayed on my theme. And i think the team that made my theme went out of business because i am not seeing any updates since years. So that seachbox code exists in theme which is not updated since years and this poses risk ? I have wordfence. Will wordfence still protect my seach box ? ( i know it protects login box)

    You are seriously over-thinking this.

    If the search box is the standard WordPress one, then it will only work with the standard WordPress search functions, which are secure.

    As far as the theme being secure still if it hasn’t been updated for a while, that’s a different story. The only answer that anyone could give to that is “maybe”. If you’re concerned, then switch to a different theme that gets regular updates.

    Thread Starter ketanco

    (@ketanco)

    ok thanks. And for my learning, what does it mean search function is secure? How?

    I mean that there’s been 100’s, if not 1,000’s of people that have reviewed the code for the search functionality. If there was any problems, they would have found it. Of course, that’s not to say that it’s 100% secure, but so far it’s one of the more secure things out there.

    I will say one thing. As much as security is very important, you should not get caught up in trying to be 100% secure. You never will be. No matter what. And that’s not anything to do with any code that you write. It’s all about other plugins that are installed, anything that’s exploited in WordPress core, and anything that’s vulnerable in your hosting environment. All I’m trying to say is.. do your best, but don’t let your security goals override your learning. While you do need to know about security, it it something that you will learn, so don’t focus 100% on that now.

    Thread Starter ketanco

    (@ketanco)

    Ok Thanks a lot for the answers

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘Reducing user input for security’ is closed to new replies.