WordPress Theme Development

17.

Security Best Practices

17.1.

Data Validation and Sanitization

17.1.1.

Input Validation

17.1.2.

Data Sanitization Functions

17.1.3.

Output Escaping

17.2.

Escaping Output

17.2.1.

esc_html() Function

17.2.2.

esc_attr() Function

17.2.3.

esc_url() Function

17.2.4.

wp_kses() Function

17.3.

17.3.1.

Creating Nonces

17.3.2.

Verifying Nonces

17.3.3.

17.4.

Preventing Code Injection

17.4.1.

SQL Injection Prevention

17.4.2.

Cross-Site Scripting Prevention

17.4.3.

Cross-Site Request Forgery Prevention

17.5.

17.5.1.

File Upload Security

17.5.2.

Directory Permissions

17.5.3.

Preventing Direct File Access

Previous

16. Accessibility in Theme Development

Go to top

Next

18. Internationalization and Localization