security

how to sanitizing $_POST with the correct way?

Instead of looping through the array, use this: map_deep( $form_data, ‘sanitize_text_field’ ); (see the User Notes in the function doc: https://developer.wordpress.org/reference/functions/sanitize_text_field/ ) The docs state that Checks for invalid UTF-8, Converts single < characters to entities Strips all tags Removes line breaks, tabs, and extra whitespace Strips percent-encoded characters So you could also use the … Read more

Block Root REST API Route using custom &/or iThemes

For all REST API routes, the rest_api_init action hook fires when preparing to serve a REST API request. The request URI ($_SERVER[‘REQUEST_URI’]) can be inspected with a regular expression to detect the root (e.g. wp-json) and the route (e.g. /wp/v2/posts) of the request. You can then decide what to return to the client (e.g. WP_Error, … Read more

Can you alter the default wordpress strong password requirements?

See the answer here https://wordpress.stackexchange.com/a/356727/29416 , which states Currently it’s not possible to change the strength requirements of the password. You can only deactivate it the functionality completely by dequeueing the password script: add_action( ‘wp_print_scripts’, ‘DisableStrongPW’, 100 ); function DisableStrongPW() { if ( wp_script_is( ‘user-profile’, ‘enqueued’ ) ) { wp_dequeue_script( ‘user-profile’ ); } } For … Read more

+ More