Theme Check is a tool published by the WP.org Themes team to scan your theme against the wp.org security standards. There’s also one for plugins.
Any default functionality like comment forms will already be escaped/sanitized.
Related Posts:
- What are the common security flaws I need to look for? [closed]
- Where should my plugin POST to?
- When is it useful to use wp_verify_nonce
- Retrieving a Value from a wp-database
- wp_create_nonce function doesn’t work inside a plugin?
- WordPress WPforms customization
- Using AJAX to run SQL statement and populate dropdown
- Custom Formdata matching with user table
- How can i see/log all requests coming from a registration form (not from the UI)?
- Making my plugin multi-site compatible
- How Can I Securely Implement a Password-less Login Feature?
- Security and .htaccess
- Are there procedures to prevent malicious plugin updates?
- Let readers suggest edits from the frontend
- How to check plugins for malicious code?
- How to properly secure my WordPress installation?
- Plugin development: how to create a form and get custom data?
- Security error WP 4.0 + WP phpBB Bridge [closed]
- WordPress widget / plugin….fields not appearing in my widget
- Multi step form, custom plugin
- Contact Form 7 plugin refreshing page on submit [closed]
- Plugin form unable to process
- Prevent Brute Force Attack
- add function to saving change on Options Pages
- Questions about brute force attacks on the admin username, coming from amazon IP addresses
- How to expire all wordpress user passwords instantly?
- WordPress plugin form not saving data
- jQuery Plugin to use WordPress functions in AJAX request
- Should you escape hardcoded URLs?
- How to trigger $_GET request within admin plugin page?
- Form doesn’t submit on second submit call
- How to delete Passwrd Protected posts cookies when a user logged out from the site
- When using Simple Fields plugin, how do I pull the information out of the database to display on a page?
- Upgraded to latest version – 3.0.3 and Now I get a “sufficient permissions to access this page” error
- Can I use custom CSS and js plugin to put JavaScript in to validate my forms
- How to block plugin activations with no known user or coming from unknown IP address range?
- Check for security updates
- auto populate list of questions if user select a category xyz
- Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
- Adapt PHP form action for WordPress?
- Malicious File Upload [closed]
- How do I make a child theme I made POST through a 3rd party plugin?
- Malware installation during plugin update?
- How to create multiple database tables on plugin activation?
- Does deleting a Plugin via the WordPress admin ‘completely’ remove the code?
- Security and Must Use Plugins
- How to protect WordPress from security scanner [closed]
- Plugin that will output submitted form data for user? [closed]
- How do I add the same contact form to multiple wordpress sites and capture the response in one place or database?
- Vulnerability Concern From the Plugin or From Not Updating the Plugin?
- coding a WordPress AJAX Form using PHP to check if User is Logged Out and Show error
- Gravity Forms returns to odd position
- WordPress Multi-Step Product Search
- add_meta_box creating default form field types
- How do I determine if the user who registered is not spam?
- Storing Form data in a different database
- Contact Form 7 “non-selectable” options in a drop down [closed]
- How to append new form elements in “Add New” form of Users in WordPress admin panel?
- Looking for a simple checkout plugin [closed]
- Redirect plugin after form submit or show errors
- 404 errors when updating options in admin dashboard
- Can I disable xml-rpc by setting it to false?
- How to get specific column data conditionally in database in WordPress?
- WordPress – send digital product with custom email
- How can I disable new plugin and theme install, but allow updates?
- Validating ajax search
- How to get database connection details without longing to cpanel in WordPress?
- WordPress disable direct access of files in WordPress installation path
- Asking help regarding potential malware
- How can I implement radio buttons with icons in Contact form 7?
- How To Toggle User_Meta in frontend in a form using PHP
- Get and Update Most Meta Value as an array in HTML form
- Plugin to manage form submissions on admin panel
- Page takes on two different formats
- get/show Last ID
- Being hacked. Is there a list of WordPress security holes I can check against?
- wp_verify_nonce fails always
- Is there a function to search for a wildcard value when calling a shortcode?
- Create user assessment and use results in sql query
- Create plugin with form in post and submit it to specific form
- Link Forms on WordPress
- Capturing POST data
- Problem with permissions in wp-content/plugins
- Undefined variable _POST
- How to prevent page load on form submission
- correct validate inputs
- My WP site and password was hacked, what to do? [closed]
- How to resolve these findings from security audit
- Plugin Beauty Contact Popup Form with while loop
- How to rename files during upload to a random string?
- Redirecting to page on form submit – Revue plugin
- WP Donation Form with custom payment API
- Display file contents within Plugin
- Is it a good idea to restrict the REST API
- i need to resive data external api and show user
- WordPress.Security.NonceVerification.Recommended
- add to cart linking to add to cart page
- WP Form Date Field – Remove Day option
- Change comments ordering by custom value
- Code Snippets security when selecting “only run on front end”