security

Passing form data on submit

First check that it’s not empty, then typecast to a string value as a security precaution, because it’s always possible for this to be submitted as an array; e.g., by an attacker. Then unslash, sanitize, and continue by checking length and anything else that you’d like to validate. if ( ! empty( $_POST[‘contact_msg’] ) ){ … Read more

Where to store publicly-accessible files

I think that would depend how you’ve made your site private? I’ve used this plugin to set sites to private https://wordpress.org/plugins/jonradio-private-site/ It also has settings to exclude any URLs from being set to private. There are a bunch of other plugins that do similar thins.

DISABLE wordpress upgrade page

You can actually do this on the web host without actually any PHP code. Using the same procedure as is recommended to deny access to wp-config.php, you can also deny access to upgrade.php. All you need to do is create a file named .htaccess in wp-admin and put the following in it: <files upgrade.php> order … Read more

Advice On How to Backup WordPress

Personally, I back up my site with a plugin and don’t rely on my web host provider to create backups. ManageWP is a good option for website backups. However, if you need to upload your backups to own cloud storage (like Amazon S3, Dropbox) from ManageWP, you have to pay the extra fee for that … Read more

+ More
Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)