Writing a secure plugin and theme
-
As I become more familiar with plugin development, I am learning more about WordPress security. It seems that most WordPress security breaches occur because of plugins, so I want to gain a better grasp of how to prevent security issues in a plugin before I publish some plugins I’m writing.
This video of Joseph Scott’s Writing Secure Plugins talk was a great introduction, but it left some lingering questions.
Most of his talk emphasizes the importance of not trusting external data and escaping values.
But are there other things we need to be aware of? Some plugins I’m developing have no user interface and only provide developers with tools to code into a theme. Others have a user interface in the dashboard for site administrators, but not for anyone else. What security issues do I need to be aware of for these plugins that won’t be doing anything with outside data?
- The topic ‘Writing a secure plugin and theme’ is closed to new replies.