Writing Secure WordPress Code

Brad Williams is here to talk about writing secure WordPress code, more specifically, data validation, sanitization, escaping, and nonces. He will give examples of what to do and most importantly, what not to do when writing code. Brad lives by the golden rule of writing code for themes and plugins: “Consider all data invalid unless it can be proven valid. ”

After learning about the many different types of vulnerabilities and attack styles, Brad will teach you how to protect against them in your code. By using proper sanitization and escaping of data you’ll be able to stop a would-be attacker from using your code as a point of attack.

What You’ll Learn

  • The big three exploits
    • SQL injection – SQLi
    • Cross-site scripting – XSS
    • Cross-site requests forgery – CSRF
  • Protecting against the big three
  • Data validation and sanitization
  • User capabilities
  • Resources