(I’m a sucker for alternative login schemes)
Some nitpicking regarding DB escaping:
-
You use
mysql_real_escape_string()directly. The preferred method is using$wpdb->prepare()oresc_sql(). -
UPDATE queries are best handled by
$wpdb->update()
Related Posts:
- What security concerns should I have when setting FS_METHOD to “direct” in wp-config?
- I found this in a plugin. What does it do? is it dangerous?
- Disabled plugins are they security holes – rumor or reality?
- What could a hacker do with my wp-config.php
- Security and .htaccess
- Why “Contact Form 7” doesn’t update PHPmailer library?
- Are there procedures to prevent malicious plugin updates?
- Does WordPress contain “default” anti-SQL injection code that responds with a 404 error?
- What does a security risk in a plugin look like?
- WordPress Capabilities: edit_user vs edit_users
- Should we use plugins that aren’t available from the official WordPress site?
- Why allow overriding crucial pluggable functions wp_verify_nonce and wp_create_nonce?
- Where should my plugin POST to?
- Security error WP 4.0 + WP phpBB Bridge [closed]
- Should I install plugins to my WordPress installation from web sites having in URL “nulled” or, “null”?
- Disabled plugins are security holes – rumor or reality?
- Should I use RIPS tool to test my themes and plugins?
- Prevent Brute Force Attack
- How many security plugins are too many? [closed]
- Will WordPress username displayed somewhere in the site?
- Upgrading WordPress 4.0 asks for FTP password
- How Restrict access to admin dashboard by specific static ip?
- When is it useful to use wp_verify_nonce
- Protecting against malicious code in WordPress plugin updates
- How to expire all wordpress user passwords instantly?
- How to limit WordPress pages during updates?
- rms_unique_wp_mu_pl_fl_nm.php
- Weird problems after recovery from security breach
- How can we deal with unmaintained plugins with vulnerabilities?
- Security issues with WP sites
- Security checking in meta_box save is reluctant?
- Escape when echoed
- Should you escape hardcoded URLs?
- Preventing BFA in WordPress without using a plugin
- How can I make uploaded images in the editor load with HTTPS?
- How to stop xmlrpc attacks without disabling component to allow JetPack to work in WordPress?
- WordPress filter that hook after each action/filter hook
- How to delete Passwrd Protected posts cookies when a user logged out from the site
- The safest way to automate WordPress backups
- wp_create_nonce function doesn’t work inside a plugin?
- Does WordPress validate inputs to all functions? (such as get_user_meta and insert_user_meta)
- Headers Content-Security-Policy CSP Major Issue
- How to block plugin activations with no known user or coming from unknown IP address range?
- Nonce failing on form submission
- Check for security updates
- Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
- Why can’t I access my Intranet LDAPS with NADI?
- Malicious File Upload [closed]
- Stop Plugin Enumeration [closed]
- Hack-Proof OR Security in WordPress — is it real?
- Can some vulnerabilities in plugins be exploited even when the plugin is inactive?
- Security and Must Use Plugins
- Is Timthumb still broken? What security measures should be taken?
- Prevent direct access to WordPress plugin assets?
- Is it safe to use admin-ajax.php in the frontend?
- How to protect WordPress from security scanner [closed]
- Specific way to allow WordPress users to view their current password? And edit it?
- Too many login attempts
- Is there any pre-existing plugin to track and block IPs with suspicious activity on my site?
- How to prevent plugins from sniffing/stealing other plugins’ options?
- Custom API plugin to execute 3rd party API to retrieve data
- How to deal with Slow HTTP POST (slowloris) vulnerability
- Running multiple security plugins
- how do I secure my WP website from hackers? [closed]
- Webservice credential storage [duplicate]
- Regarding plugin security
- If I use an alternative login (e.g. CAS or other SSO) plugin, is my site protected from the recent brute force login attempts?
- Is this plugin safe to run?
- Is the Block Bad Queries Plugin Still Relevant?
- WP Insert Post If user refreshes override new post
- 404 errors when updating options in admin dashboard
- Website Captcha Error: The reCAPTCHA wasn’t entered correctly
- Hide plugins and theme from public
- WordPress search shows protected content
- Security of a WordPress Plugin
- Can I disable xml-rpc by setting it to false?
- Help to Create a Simple Plugin to make a post
- Content-Security-Policy implementation with WordPress W3Total Cache plugin installed
- prevent anonymous access to WordPress site (non-admin site)
- Bing/msn bots is heavily requesting random of my website
- “Fire Secure” menu item
- Securing a plugin pop-up window
- https rewrite not working for All in one security Brute force > rename login url
- Redux framework somehow added to my site, can’t locate in plugins
- wp_verify_nonce fails always
- How can i see/log all requests coming from a registration form (not from the UI)?
- Write mysql credentials in plugin
- Site is continuously accessing by several IPs
- Validating values using Settings API?
- using .htaccess only for wordpress security no plugins
- SWF in wordpress post
- Problem with permissions in wp-content/plugins
- My WP site and password was hacked, what to do? [closed]
- How to resolve these findings from security audit
- How I can hide my wp folders from Inspect Element (Developer Tools)
- How to Find WordPress site has backdoor login Codes
- How to delete Password Protected posts cookies when a user logged out from the site
- How to rename files during upload to a random string?
- WordPress User Registration/ Sign Up -> Able to take Paid Certification Courses & keep track of Completed Certificates
- Block Root REST API Route using custom &/or iThemes