This maybe just a personal distinction but I consider: data validation to mean is the data ‘correct’? Is it what we expect? data sanitisation to mean is the data *safe to use * Though there can be some blurring, typically data validation will only occur when a user-input is taken, or some data is obtained … Read more
No, but you can just run stripslashes on it.
Just to continue few important things on the excellent answer @MarkKaplun provided that should be accepted. disable-functions is PHP world. Here is the more broad list: exec, passthru, shell_exec, system, proc_open, popen, show_source, apache_child_terminate, apache_get_modules, apache_get_version, apache_getenv, apache_note, apache_setenv, posix_kill, posix_mkfifo, posix_setpgid, posix_setsid, posix_setuid, posix_getpwuid, posix_uname, pclose, dl, disk_free_space, diskfreespace, disk_total_space, pcntl_exec, proc_close, proc_get_status, proc_nice, … Read more
It’s not completely clear how your provider is handling the the resource overage, but the situation described in the question can be reproduced by setting up wp-config.php to connect to an empty database. From the looks of it, someone would be able to proceed with the WordPress installation. This solution will prevent WordPress from being … Read more
Does WordPress core has this function defined somewhere? While I haven’t used it, you are probably looking for wp_salt or wp_generate_password. wp_salt is located in wp-includes/pluggable.php. can these salts be generated randomly Yes, of course. are there any specific rules for creating them There is no specific rule. The generic rule is to create long, … Read more
You should be able to filter out some tests by using the filter site_status_tests Quoting the WordPress documentation: Usage: add_filter(‘site_status_tests’, function (array $test_type) { unset($test_type[‘direct’][‘theme_version’]); // remove warning about Twenty* themes unset($test_type[‘async’][‘background_updates’]); // remove warning about Automatic background updates return $test_type; }, 10, 1); You can get the list of tests from the WP_Site_Health->get_tests() method … Read more
Here is an untested suggestion for wp-cli approach: We can list post IDs of published posts with open comment status with: wp post list –post-status=publish –post_type=post comment_status=open –format=ids and update a post to a closed comment status with: wp post update 123 –comment_status=closed where 123 is a post id. We can then combine those two … Read more
In your specific case, I don’t think the answer is a technical one (see my comment on the question for more details). For everyone else, the answer to “How can I easily verify a core or plugin update has not broken anything?” is automated testing. That’s the whole purpose of automated testing, because it’s unreasonable … Read more
You do cite experience with WP going back farther than that of mine… Yet I do not see these issues as that major. What scale of sites are we talking about? It’s fairly slow I feel this is bit too much of generalization. Slow can be put in context of specific hardware, tasks and level … Read more
First: Remove those 777 permissions. You need this only in cases with conflicting ownership. Try to run PHP as FastCGI – for example per .htaccess: AddHandler php-cgi .php # or AddHandler php-fastcgi .php Set up a notification mail for every 404 request. You will be surprised how many attacks the average blog gets each day. … Read more