Best practices to assert current_user_can() with guests
Best practices to assert current_user_can() with guests
security
Safety side of storing emoji into database
As with all user input, you will want to sanitize before storing the input, sanitize on display, and sanitize any user input used in queries. If you’re limiting it strictly to emojis, I would also recommend validating and restricting input to only emojis. PHP SQL Injection Use Prepared Statements for SQL Injection Prevention Use htmlspecialchars … Read more
Malware script in database post table only? [closed]
Malware script in database post table only? [closed]
my wordpress website is suspended [closed]
my wordpress website is suspended [closed]
How to get WordPress to send Password Reset Link Email instead of New Password?
Commentor was correct. A plugin had changed default behavior.
Local file inclusion critical security issue [closed]
Local file inclusion critical security issue [closed]
Client side HTTP parameter pollution (reflected)
Client side HTTP parameter pollution (reflected)
Should I disable directory listing for wp-includes?
Not especially, though I would disable it for your entire site if you have the option as a matter of general best practice. In a well maintained WordPress install, the contents of that directory aren’t a secret, even if the directory listing is hidden. This is because you should never modify that folder, so it … Read more
Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
Frequently getting attacks on admin-ajax.php, wp-cron.php, xmlrpc.php and wp-login.php
What may be causing failure of auto-install features in WordPress (v3.0.3)?
The Could not create directory. /public_html error message can be related to multiple issues. Most of them are related to your file-system. This includes the type of filesystem (e.g. NTFS under windows based servers) and the access settings for those. You have not named any in your question, so I assume some linux based host … Read more