what to do after instlling cyberpanel on VPS
what to do after instlling cyberpanel on VPS
security
WordPress – tracking options
WordPress – tracking options
Can you alter the default wordpress strong password requirements?
See the answer here https://wordpress.stackexchange.com/a/356727/29416 , which states Currently it’s not possible to change the strength requirements of the password. You can only deactivate it the functionality completely by dequeueing the password script: add_action( ‘wp_print_scripts’, ‘DisableStrongPW’, 100 ); function DisableStrongPW() { if ( wp_script_is( ‘user-profile’, ‘enqueued’ ) ) { wp_dequeue_script( ‘user-profile’ ); } } For … Read more
is exposed wp-admin site a serious security vulnerability
is exposed wp-admin site a serious security vulnerability
Should we escape the values of constants?
If the values of the constants defined in constants.php are hardcoded strings, then there is no need to escape them when they are used in PHP code. Escaping functions like esc_html__ are typically used for dynamic user input that could contain potentially malicious content like HTML tags, JavaScript code, etc. However, if your constants are … Read more
Is wp-cron.php vulnerable to external attacks and how to protect it?
In wp-includes/default-filters.php we can find a callback registration: // WP Cron if ( !defined( ‘DOING_CRON’ ) ) add_action( ‘init’, ‘wp_cron’ ); If we go the function wp_cron() now, we see this: $schedules = wp_get_schedules(); foreach ( $crons as $timestamp => $cronhooks ) { if ( $timestamp > $gmt_time ) break; foreach ( (array) $cronhooks as … Read more
esc_url, esc_url_raw or sanitize_url?
This might be a more useful demonstration: <a href=”<?php echo esc_url( $url ); ?>>I’m printing a URL to the frontend</a> $url = sanitize_url( $_GET[‘user_inputted_data’] ); update_post_meta( $post_id, ‘that_url’, $url ); esc_url is an escaping function, sanitize_url is a sanitising function. Sanitising functions clean incoming data, e.g. removing letters from phone numbers, stripping trailing space etc. … Read more
Impossible to update jQuery version from 3.1.0
Impossible to update jQuery version from 3.1.0
How to securely set dynamic HTML content with JavaScript?
Using wp_kses_post to escape the texts before setting them in wp_add_inline_script is a good approach to prevent malicious content from being added to the page. This will ensure that the text is properly sanitized and only contains allowed HTML tags and attributes. If you want to allow certain HTML tags and attributes, you can use … Read more
How to find source of these strange SQL queries?
They’re from WordPress. They come from the wp_old_slug_redirect() function which is run whenever there is a 404. The purpose is to check if the requested URL was the old URL for a post so that it can redirect to the new URL. If you’re seeing a lot of these then it means you’re getting a … Read more