4Security and Performance

CODE DOWNLOADS FOR THIS CHAPTER

The code downloads for this chapter are found at www.wiley.com/go/prowordpressdev2e on the Downloads tab.

At this point, you've probably written some code and built at least one working plugin. However, is your plugin secure? Is it vulnerable to attacks? Is it optimized so that a user's site doesn't get taken down when they suddenly get a traffic boost? There are many points where security and optimization could break down on a site. Your job as a plugin developer is to make sure the code you write doesn't have vulnerabilities and isn’t a bottleneck with resource usage.

WordPress has all the tools you need in place. What you must learn is when to use a particular function or feature. This chapter will walk you through the methods you need to know when securing and optimizing your plugin.

SECURITY OVERVIEW

When building a secure plugin, you must take steps to protect against cross‐site scripting (XSS), cross‐site request forgery (CSRF), SQL injection, privilege escalation, and other vulnerabilities. Unless you're a security expert, this is enough to scare anyone away from programming. While these terms may seem a bit scary, they don't need to be if you follow ...

Get Professional WordPress Plugin Development, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Professional WordPress Plugin Development, 2nd Edition by Brad Williams, Justin Tadlock, John James Jacoby

4Security and Performance

SECURITY OVERVIEW

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly