In those cases focusing on security is IMHO the wrong thing. Those JS/HTML/CSS text boxes are user hostile as the developer basically expects user to be able to write code, where sometimes it is even hard for users to just copy & paste code. In the worst case when the customizer is not used, some … Read more
iTheme Security always lockout my account [closed]
How can I display nickname instead username in links
XMLRPC slow and weird websites/services
wordpress website host price and security [closed]
How to change permissions of WordPress and/or apache on macOS securely?
How can I safely hide the fact that my website runs on WordPress? [closed]
No idea what happened, but the end user was having issues with his computer and somehow it was hanging on to those cookies. Since they weren’t expired, nothing we did to remove them did a lot of good but getting the end user to clear cookies/cache resolved the issue. I’d love to know more about … Read more
Have you identified the exploit vector? If not, you may be leaving yourself open to future exploit. Other things to consider: Change WordPress admin user passwords – done Change Hosting account user password Change FTP passwords Change MySQL db user password – done Change the db table prefix Update your wp-config nonces/salt Check your directory/file … Read more
Is wp_kses the right approach in sanitizing this string?