Skip to content
Read For Learn
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP
Read For Learn
  • Database
    • Oracle
    • SQL
  • C
  • C++
  • Java
  • Java Script
  • jQuery
  • PHP

Input sanitation

wp-login.php should not require additional effort from you to secure. However, I don’t think that’s what you client is asking for.

My question therefore is does WordPress require further development to
stop SQL injections etc on login forms? And do I need to apply input
sanitation to the login fields?

To wp-login.php, no, you don’t. Not for security reasons, anyway, but that’s not what your client asked for. They just asked to make “@,&,-,+,% are not allowed”, which sounds like a business logic decision, and not related to security.

It seems odd to not allow special characters when special characters
are better for passwords so should I do this? Bare in mind that the
site doesn’t have public registration. It has a login feature for
partners which the admin would create the login for.

From what you’ve said, your client didn’t mention the password field. They just mentioned the “login” field, which I would interpret as the username field.

Related Posts:

  1. Is there any way to rename or hide wp-login.php?
  2. Increase of failed login attempts, brute force attacks? [closed]
  3. How to fake a WordPress login?
  4. Brute force attack?
  5. Receiving “This content cannot be displayed in a frame” error on login page
  6. Websites defaced by uploading script using theme editor
  7. Make wordpress admin failed login attempt return 401
  8. WordPress login urls
  9. Store brute-force IP addresses
  10. How to create a private login page for admin.?
  11. WordPress Security – How to block alternative WordPress access
  12. Protecting WordPress login page
  13. wp-admin folder, brute force, and password protection
  14. Sniffing wordpress user’s credentials
  15. disable site_url redirect in wp-login.php
  16. Does WordPress (or a plugin) reveal login credentials to admin?
  17. Is wp_login_form secure on a non secure page?
  18. WordPress login security
  19. Why isn’t the login page rate limited by default?
  20. Invalidate username if it contains @ symbol
  21. How can I password protect a WordPress site without requiring users to log in?
  22. How to Prevent Brute Force Attack on WordPress
  23. Advice on redirect to lock site from unauthorized users
  24. Where is the php file, that does the checks for login information?
  25. Error on WordPress Login
  26. Access log “POST /wp-login.php HTTP/1.0” 400
  27. force login loophole
  28. I need to find which is the file that checks the DB for correct login (username, password)
  29. How to create separate login for authors/moderators/subscribers?
  30. How to invalidate `password reset key` after being used
  31. Site is not loading after relogin attempts on SSL
  32. Some crawlers/bots attempting to login with very good guesses. How?
  33. Hide wp-login.php but not the widget
  34. How login is possible, if I deny login page via nginx?
  35. How to login with email only no username?
  36. Email address or username used to login in wordpress
  37. Block Logged-Out User Access to Directory Outside of WordPress using .htaccess and PHP file
  38. Auto login user with link from Mail
  39. How do I Create Forums with bbpress Plugin that can only be Viewed by Logged in Users
  40. Possible to display a button only if user are login?
  41. Disable all other page except index,register,login till user login
  42. Which modification to login only certain role?
  43. Auto login after reset password
  44. Require login for specific templates
  45. Is there anyway to get the inputted password string from the login form?
  46. WordPress Login and Register Link
  47. Login and Forgot password in Lightbox
  48. Contact Form Security
  49. WordPress Login redirection according to user role
  50. Getting a person’s username from a wordpress cookie
  51. Prevent Subscriber Role to login
  52. How to check if user is logged into wordpress on non-wordpress pages
  53. How to authenticate a user with an external webservice
  54. Login user using wp_signon and WP_User object
  55. Login failed after cloning live wordpress site to local wampserver
  56. Log in with email but no password
  57. Remove a message in login page
  58. Login form not saving values when login incorrect
  59. Moving from one host to another – cannot access the dashboard
  60. Abnormal activity at url /my-account/add-payment-method/
  61. Login Based on ip
  62. Blacklist and Whitelist on login
  63. URL Restrictions? Need only people who are logged in AND have a specific role (or roles) to access all pages for a site
  64. How to add custom authentication to wordpress login and register
  65. WordPress new version Version 5.3.2, user login not working after upgrade
  66. How the wordpress login and signup in react native app
  67. Link Users to external login db
  68. WordPress password reset not working
  69. Change WordPress Login URL to External URL
  70. User does not exist
  71. WordPress login is now working, it just refresh the page and nothing happens.
  72. New user password confirmation sending wrong URL
  73. is_logged_in not working after login
  74. wp_signon() does not authenticate user guidance needed
  75. How to login to wordpress via Cpanel
  76. Redirect to previous page after login
  77. How to password protect pages in WordPress
  78. User account activation links are lacking query strings
  79. Creating login for client / customer that will take them to customized part of site
  80. wp-login.php just refreshes the form fields
  81. Login just resets/reset password link also does not work
  82. WP login pages redirect to homepage (cannot login)
  83. How to place wp-login.php in page or page template?
  84. Is there any reason why there’s no “login_header” action at the login page?
  85. How to get rid of the username of registration form in theme my login wp plugin?
  86. Register and Connect links: where are they located?
  87. Adding A Login Fail Notice
  88. Give user some feedback when they land on custom login page
  89. Trouble logging in and/or changing password
  90. redirect not logged in users to specific page and redirect them back where they come from
  91. How to find out what’s causing (broken) ajax login
  92. How to put Login, Register and newsletter widget on the same page?
  93. Creating Custom Login Form Where Password Field is Dropdown Menu
  94. Unable to login my subdirectory WordPress site
  95. Cannot login into an old wp site. Fatal Error: Cannot create references to/from string offsets
  96. Browser Caching for Logged in Users
  97. how to login admin by using ip address
  98. Login form- no feedback
  99. Profile Builder Plugiin – how to add customize Login form fields?
  100. Can’t access wordpress mgt dashboard until propogation finished?
Categories login Tags login, sanitization, security
WordPress query undefined offset in loop
Add a counter beside menu item label

Recommended Hostings

Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

Recent Added Topics

  • Bug in translation system: load_theme_textdomain() returns true, files are available and accessible but the language defaults to english
  • Custom Elementor controls not appearing in the widget Advanced tab using injection hooks
  • Get the name of the template/*html file used
  • Trying to Add Paging to Single Post Page
  • Sharing media files between live and staging servers
  • How to display the description of a custom post type in the dashboard?
  • Critical error on image display
  • Copying WP data and files into new install?
  • How to determine the DirectAdmin WordPress backup date?
  • How to get list of ALL tables in the database?
© 2026 Read For Learn
  • Database
    • Oracle
    • SQL
  • algorithm
  • asp.net
  • assembly
  • binary
  • c#
  • Git
  • hex
  • HTML
  • iOS
  • language angnostic
  • math
  • matlab
  • Tips & Trick
  • Tools
  • windows
  • C
  • C++
  • Java
  • javascript
  • Python
  • R
  • Java Script
  • jQuery
  • PHP
  • WordPress