sanitizing have nothing to do with escaping, and escaping is not a cure to everything. The role of escaping is to convert a string to a proper HTML. What is a proper HTML representation of a string might depend upon the context and that is the reason you have several escaping functions esc_html,esc_url and esc_attr. … Read more
I would first of all change the password for phpMyAdmin because I think they moust be getting though the DB next thing is if that doesn’t work , but the bullet and do a clean install but backup all the post and maybe the comments if you want ot.
One surprisingly useful solution to foil most spam-bots is to use a honeypot. Put an extra entry field into your comment forms, and then hide it with css. Normal users won’t fill it in because they won’t ever even see it. Based on that, you can safely assume that anytime an entry is made with … Read more
The answer is: of course they are not – otherwise you couldn’t use them to save them in DB. But… the answer to your question isn’t so easy. Sanitizing is a process of preparing data for storing in DB. So for example if you insert some illegal characters in post_name, then it will be removed, … Read more
If you have access to the PHPMyAdmin login and access: The wp_users table from the list of tables. Then locate your username under the user_login column and click edit. The user_pass is a long list of numbers and letters which is the MD5 hash encrypted version of your password. Select and delete the hash and … Read more
The save_post hook is called every time someone calls the function wp_insert_post(). Plugins do that, unfortunately some themes too, and WordPress itself on several places when … someone uses post per email or XML RPC an auto-draft is created the Quick Draft feature on the dashboard is used a navigation menu item is added a … Read more
Brute force attacks run with heavily automated scripts. These scripts focus on regular installations; most of them cannot handle changes to the normal login process (example). You cannot stop requests to the login page, but you can change the way the login process works, so the script has to take your specific situation into account. … Read more
I had a very similar situation, but I am using it for a family member with an illness to provide updates to the wider friends and family without relying on the primary caretaker to give these updates and a blog seemed the best way. We also wanted to allow people to add comments to the … Read more
How do I authenticate WP users from a chrome extension?
Nope, you don’t need to escape hard-coded URLs.