Contact Form Security

You should use a nonce to protect yourself from CSRF attacks.

Even though you’re not sending anything to the database, I’d suggest using some of the built in data validation functions (there is even a is_email function for you to use!) to strip out any HTML from your email. esc_html( striptags( $your_email_content ) ), for instance.

You could also throttle contact form submissions from a single IP to prevent someone from submitting the same thing many times. I don’t know of any contact form plugins that do that, but the WordPress comment system show you an error page if you submit too many comments within a certain period of time.

Related Posts:

  1. How to sanitize select box values in post meta?
  2. What is the safe way to print tracking code / pixel code before tag or tag
  3. Worthwhile to restrict direct access of theme files?
  4. Should `get_template_directory_uri()` be escaped?
  5. What is the difference between esc_html and wp_filter_nohtml_kses?
  6. Can I create customizer setting that can handle plugin shortcode?
  7. Is it good to rename theme folder downloaded from WordPress.org?
  8. When to use esc_url, esc_html, esc_attr, and friends?
  9. Worthwhile to restrict direct access of theme files?
  10. Where i should not use if (!defined(‘ABSPATH’)) { exit; }?
  11. What is the difference between strip_tags and wp_filter_nohtml_kses?
  12. Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?
  13. Is it safe to enqueue a font style without putting http or https?
  14. Using esc_url with a hard coded url
  15. Underscore Based Theme File Permissions in Git
  16. correct tags for validating input types
  17. How to escape html generate by a loop
  18. How to escape multiple attribute at once in WordPress?
  19. How to allow certain PHP functions when using sanitize_callback in the word press customizer
  20. Do I need to escape get_the_post_thumbnail function?
  21. My contact form – I’ve changed the source code but the changes are not being applied
  22. Strict Folder and File Permissions for WordPress Themes Folder
  23. hide theme files for admin beneath root
  24. Data Validation & Sanitization for Big HTML Blocks
  25. Trouble creating custom sanitization function when uploading video files
  26. How to use esc_attr__() function properly to translate a variable that contains string?
  27. Should we escape the values of constants?
  28. If necessary, how should wp_get_attachment_image() and its parameters be escaped?
  29. How to assess whether a WP core (or other) function is escaped already or not?
  30. Add option for administrator to submit link
  31. Why am I getting posts back when I shouldnt
  32. Theme with Isoptope after activation in new install not working well [closed]
  33. customize functionality of share buttons under each blog post [closed]
  34. Display recent posts on front page
  35. Best practice to create required pages
  36. custom theme’s search not working
  37. A problem in loading index.php
  38. Permalinks problem with custom theme
  39. wordpress page as website
  40. How to create sub-menu in “Allure Real Estate Theme for Placester”?
  41. How to make admin theme option with image slide show?
  42. load src of images that attachs in wordpress’s post
  43. Purchased Theme to Custom Made Theme? [closed]
  44. Explanation of User Roles and Capabilities
  45. Add Field To All Pages
  46. How to make website with many template that active [closed]
  47. Creating custom function in wordpress to return data from database
  48. Custom Single Page Portfolio Theme [closed]
  49. Query for tag given slug
  50. How to add Dummy content when active wordpress theme without xml import?
  51. WP site makes mobile browser crash for high memory usage
  52. Image Size wrong during upload
  53. Next Post Link not working with parameters to restrict to same term
  54. Fatal error: Call to undefined function the_posts_navigation()
  55. How customizable is a self-hosted WordPress blog compared to a Blogger blog?
  56. Replacing static code in a template file with a sidebar and widgets?
  57. How to install Woocommerce without plugin?
  58. Why we do need wp_enqueue_script() function?
  59. Correct way to make a title a link
  60. Is there any reason that other theme elements (such as nav menus) shouldn’t be within the loop?
  61. Getting URL of Resized Image
  62. Is there a WordPress theme or plugin with built-in user management
  63. Detect custom font size
  64. Is it possible to use “wordpress.org Theme Handbook” look&feel as a theme in my own site? [closed]
  65. How can I add a single image from a gallery into the page header?
  66. Is there any way to show child theme in theme detectors?
  67. How to remove proudly created by WordPress in theme?
  68. Should I create a child theme for a parent custom theme? [closed]
  69. How to load custom php file in WordPress themes
  70. getting id of page
  71. Roll my own theme or customize an existing one [closed]
  72. How to create full header but keep content narrow
  73. How to make a sticky footer?
  74. Jquery Ui Tabs not working
  75. Recent posts with comment count in “Sidebar” template [closed]
  76. HTML to WORDPRESS [closed]
  77. How can i display a 4 diferent themplate for the archive page
  78. Adding a new layout for genesis
  79. Why do some sites show themes/”themename” as the only theme?
  80. How can i move my product name & price from below thumbnail to be the rollover content in Avada & Woocommerce?
  81. How to split the site’s layout without damaging this layout? [closed]
  82. posts stuck as drafts
  83. why my WordPress theme doesn’t support shortcode? [closed]
  84. I’m new in developing responsive WordPress Theme, so which framework to use or work from scratch? [closed]
  85. themeforce (happytables framework) implementation
  86. Which function(s) to build a paged HTML table
  87. Isotope overlapping .items because of featured images – HELP! [closed]
  88. white spaces on the all sides [closed]
  89. Twenty sixteen – full height
  90. Is there any open source WordPress Themes?
  91. How do I add new layout width options in WordPress editor?
  92. Theme.json: creating different sections of the color palette
  93. DIV containing iframe disappears below break point of 992 in Oxygen Builder
  94. Custom background not showing
  95. Correct way to make a custom block theme responsive
  96. Is there a way to prevent wp_head from outputting self-closing tags?
  97. WordPress Block Theme: Customize meta viewport
  98. Multiple content areas with Gutenberg – Transparent areas mid content
  99. Is it possible to have two templates in an article hirearchy?
  100. Develop theme with demo default content, programmatically create pages
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)