Contact Form Security

You should use a nonce to protect yourself from CSRF attacks.

Even though you’re not sending anything to the database, I’d suggest using some of the built in data validation functions (there is even a is_email function for you to use!) to strip out any HTML from your email. esc_html( striptags( $your_email_content ) ), for instance.

You could also throttle contact form submissions from a single IP to prevent someone from submitting the same thing many times. I don’t know of any contact form plugins that do that, but the WordPress comment system show you an error page if you submit too many comments within a certain period of time.

Related Posts:

  1. How to sanitize select box values in post meta?
  2. What is the safe way to print tracking code / pixel code before tag or tag
  3. Worthwhile to restrict direct access of theme files?
  4. Should `get_template_directory_uri()` be escaped?
  5. What is the difference between esc_html and wp_filter_nohtml_kses?
  6. Can I create customizer setting that can handle plugin shortcode?
  7. Is it good to rename theme folder downloaded from WordPress.org?
  8. When to use esc_url, esc_html, esc_attr, and friends?
  9. Worthwhile to restrict direct access of theme files?
  10. Where i should not use if (!defined(‘ABSPATH’)) { exit; }?
  11. What is the difference between strip_tags and wp_filter_nohtml_kses?
  12. Whats the safest way to output custom JavaScript and Css code entered by the admin in the Theme Settings?
  13. Is it safe to enqueue a font style without putting http or https?
  14. Using esc_url with a hard coded url
  15. Underscore Based Theme File Permissions in Git
  16. correct tags for validating input types
  17. How to escape html generate by a loop
  18. How to escape multiple attribute at once in WordPress?
  19. How to allow certain PHP functions when using sanitize_callback in the word press customizer
  20. Do I need to escape get_the_post_thumbnail function?
  21. My contact form – I’ve changed the source code but the changes are not being applied
  22. Strict Folder and File Permissions for WordPress Themes Folder
  23. hide theme files for admin beneath root
  24. Data Validation & Sanitization for Big HTML Blocks
  25. Trouble creating custom sanitization function when uploading video files
  26. How to use esc_attr__() function properly to translate a variable that contains string?
  27. Should we escape the values of constants?
  28. If necessary, how should wp_get_attachment_image() and its parameters be escaped?
  29. In Which Contexts are Plugins Responsible for Data Validation/Sanitization?
  30. theme path in javascript file
  31. Minimum Template Files for Theme Development
  32. Theme Customizer : how to create multiple-level panel
  33. How to change get_custom_logo() url?
  34. How to execute conditional script when on new customize.php (Theme Customize) screen
  35. How to set the default value of a option in a theme?
  36. How to develop a multilingual theme?
  37. Run shortcode before filters
  38. Theme elements not translating
  39. why does twenty eleven theme mix up the css measurement units?
  40. How can i customize the comment list
  41. Is using eval() ok in this scenario
  42. Should I update my _s theme?
  43. Display site admin profile fields in header.php
  44. WordPress Genesis Child Theme Filter divs
  45. Displaying part of every child page?
  46. How do I obtain the post content via a custom meta box inside the editor?
  47. Displaying Remote Data inside of Theme admin
  48. WordPress 5.8 update problem custom theme styles are overridden by core styles common.min.css
  49. How to correctly add JQuery in a WP theme?
  50. how to change a theme slug
  51. Weekly background code not working
  52. How to add code in the content area in a WordPress theme?
  53. Can I show all the template files that are being used on my site?
  54. How can i add edit shortcut icon in wordpress customizer without using selective refresh?
  55. Unable to pass variable on theme cusomizer add_settings()
  56. Switching theme only changes style sheet being used
  57. How to add Bootstrap Tour JavaScript to WordPress Admin Panel Dashboard Widget
  58. get_theme_mod returning no output
  59. Can I have a widget and sidebars in custom theme?
  60. Select full Image Size on widget “Genesis – Featured Posts”
  61. Where to find the code that redirects requests on the static page URL to the home page
  62. How to change database values on theme update
  63. after renaming my wp-content folder, how do I upgrade my wordpress version?
  64. Issue on Adding A Class to Bootstrap Navbar Walker Dropdown
  65. Make custom CSS changes and use built in theme customizer later?
  66. How to Find the Page the Front Page is Using?
  67. My jQuery is enqueued properly. So why isn’t it working?
  68. Database Tables in WordPress Theme
  69. 3 Level Deep Navigation Menu Not Showing All Levels
  70. Broken theme, template is missing
  71. WordPress page/blog incorporated into static website
  72. wp_enqueue_script not working?
  73. Random white space before doctype
  74. WordPress Theme that returns all posts as a JSON object?
  75. HTML block gutenberg templates
  76. Use a filter on menu items that have children
  77. Password protect a custom template
  78. Reusable and site-wide content that can be used in a theme
  79. New to WordPress – Read the Codex, Other Docs; Still Confused
  80. Style first 3 posts differently with WP_Query [duplicate]
  81. is_front_page use in sidebar.php
  82. matisse theme show excerpts not whole content
  83. My custom taxonomies are not showing up in the admin menus
  84. Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
  85. How to add custom theme in hosting server?
  86. Infinite loop when nesting have_posts()
  87. WordPress Custom Theme : Theme Builder vs ACF vs Gutenberg
  88. Is_single not working properly in genesis
  89. Debugging slow WordPress Theme Customizer (Any option similar to Query Monitor)?
  90. How to show children pages as array
  91. How do I keep images in posts below a certain size without editing the post?
  92. Theme options not displaying correctly after theme update
  93. Is it possible to customize the layout of Gallery Shortcode?
  94. How can i use archive.php for indexing wordpress default posts?
  95. What to do when child theme is out of date with parent theme
  96. Image Size wrong during upload
  97. How can I add a single image from a gallery into the page header?
  98. WordPress Includes mejs 404 error
  99. How to add group-row to InnerBlock template?
  100. Checkboxes on custom `WP_List_Table` also check select all