WordPress

WordPress Plugin Security: Sanitizing Output

Sanitizing output for plugin security is the process of stripping unwanted data which will be rendered to users. The unwanted data can be incorrect HTML or script tags. This process usually called escaping data. Escaping data can help in preventing Cross-Site Scripting. For the most common scenarios, these functions can be help securing WordPress: esc_html()…

Read More »

WordPress Plugin Security: Sanitazing Input

WordPress offer a variety of functions to sanitize input. Sanitizing is a process of formatting input into a standardized formats. This can help mitigate potentially unsafe data and convert them into safe ones. Functions which goes in sanitize_*() series can do many of sanitizing process. One example is the sanitize_email(). This functions will do validation on several things…

Read More »

WordPress Plugin Security: Data Validation

Data validation in WordPress plugin concern with the pattern of data processed by the plugin. Data with certain context should match the pattern generally acceptable. For example: Phone number only contain numerical content Postal code data contain valid postal code for designated country Required fields must be filled before processing The process of validation should…

Read More »

WordPress Plugin Security: User Capabilities

One aspect of plugin security which we need to take notice when developing WordPress plugin is the user roles and their capabilities. WordPress can have many user and they can have specific roles with different capabilities. The basic roles in WordPress area: Super Admin Administrator Editor Author Contributor Subscriber Each of this roles have different…

Read More »

WordPress Dev Environment: VSCode – Code Completion and Debugging

In the past, I have used various tools to edit codes, from full-featured IDE (Integrated Development Environment) to simple text editors. Around this past 5 months, I have been using Visual Studio Code (shorten to VSCode) for my programming and text editing. The applications suited my needs in working with a variety of programming languages and also…

Read More »

WordPress Dev Environment: Xdebug

One essential process in development is debugging. One tool which can help this process tremendously is Xdebug which allow us to add breakpoints in codes and see what variables are passing and the contents of the variables when the application running. This allows us to debug the codes if we see mistakes in the variables.…

Read More »

WordPress Dev Environment:​ Local Server

WordPress is PHP based so we need a local server for our development. There are numerous alternatives for this purpose such as XAMPP, MAMP, DesktopServer, etc. I myself prefer to use XAMPP for development. You can get it in XAMPP Download Page. In Mac version, you can choose regular XAMPP version or the VM (Virtual Machine).…

Read More »