WordPress ACL (folder + permissions)
WordPress ACL (folder + permissions)
security
Generating an nonce for Content Security Policy and all scripts – How to make it match/persist for each page load?
WP’s nonces aren’t true nonces as they are valid for about 24 hours. So, if you use the same string in wp_create_nonce( $action ) then WP will always generate the same nonce for a 24 hour period.
Should I check for privileges before hooking into `wp_ajax_$handle` or after?
Should I check for privileges before hooking into `wp_ajax_$handle` or after?
Best practices to assert current_user_can() with guests
Best practices to assert current_user_can() with guests
Good way to block users within a multisite setup without deleting them?
Good way to block users within a multisite setup without deleting them?
Safety side of storing emoji into database
As with all user input, you will want to sanitize before storing the input, sanitize on display, and sanitize any user input used in queries. If you’re limiting it strictly to emojis, I would also recommend validating and restricting input to only emojis. PHP SQL Injection Use Prepared Statements for SQL Injection Prevention Use htmlspecialchars … Read more
disable site_url redirect in wp-login.php
disable site_url redirect in wp-login.php
Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
Standard Fail2Ban vs. WP Fail2ban vs. WP Fail2Ban Redux
Malware script in database post table only? [closed]
Malware script in database post table only? [closed]
Are there mutiple ways to get usernames (as a hacker)
Are there mutiple ways to get usernames (as a hacker)