If you develop WordPress or ClassicPress plugins professionally or as a side hustle, it is important to recognize security issues. With WordPress powering large swaths of the internet, code security should be a vital part of your development. In this light, I wanted to share several key areas of security
that every WordPress and ClassicPress developer should be mindful of during their development of code projects.
Don’t Let Direct Access Occur
While many web hosts are built around allowing access to files that reside on the server, we shouldn’t allow our plugin files to be accessed directly. We need to make sure that its only “WordPress itself” that is accessing the plugin files. The best way to handle this is to perform a conditional check at the top of the plugin files that makes sure the file isn’t being accessed from outside WordPress or ClassicPress.
<?php if ( ! defined('ABSPATH') ) exit;
Escape the Data Anytime Output Happens
It is very important that any time we are fetching data out of the WordPress database that the data is clean and valid and isn’t going to cause harm due to unexpected output results. This security aspect goes hand-in-hand with input sanitization (talked…