Almost every week, a new vulnerability is discovered in a popular plugin or theme, and developers have to scramble to fix it before it\u2019s widely exploited. Surprisingly, almost every one of the most common critical vulnerabilities boils down to one of a few mistakes that are easily avoidable. In this talk, we\u2019ll cover why the \u201cis_admin()\u201d and \u201cadmin_init()\u201d functions aren\u2019t a safe way to control access, how using \u201cupdate_option()\u201d can go disastrously wrong, how XSS (Cross-Site Scripting) can happen in the most unexpected places, why nonces are important, and more. Appropriate for beginner to advanced WordPress developers, this talk will cover currently accepted best practices for securing access control, sanitizing user input, and preventing unauthorized changes that can lead to a site takeover.<\/p>\n","protected":false},"excerpt":{"rendered":"
Almost every week, a new vulnerability is discovered in a popular plugin or theme, and developers have to scramble to fix it before it\u2019s widely exploited. Surprisingly, almost every one of the most common critical vulnerabilities boils down to one of a few mistakes that are easily avoidable. In this talk, we\u2019ll cover why the … Continue reading “Shut the front door! – How to avoid the most common critical vulnerabilities when developing your plugin”<\/span><\/a><\/p>\n","protected":false},"author":16581093,"featured_media":0,"template":"","meta":{"_crdt_document":"","jetpack_post_was_ever_published":false,"_wcpt_session_time":1581107400,"_wcpt_session_duration":3000,"_wcpt_session_type":"session","_wcpt_session_slides":"https:\/\/ramgall.com\/shutthefrontdoor.pdf","_wcpt_session_video":"","_wcpt_speaker_id":[1768],"footnotes":""},"session_track":[13411],"session_category":[],"class_list":["post-1916","wcb_session","type-wcb_session","status-publish","hentry","wcb_track-track-1"],"jetpack_sharing_enabled":true,"session_date_time":{"date":"February 7, 2020","time":"1:30 pm"},"session_speakers":[{"id":"1768","slug":"ramuel-gall","name":"Ramuel Gall","link":"https:\/\/phoenix.wordcamp.org\/2020\/speaker\/ramuel-gall\/"}],"session_cats_rendered":null,"_links":{"self":[{"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/sessions\/1916","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/sessions"}],"about":[{"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/types\/wcb_session"}],"version-history":[{"count":1,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/sessions\/1916\/revisions"}],"predecessor-version":[{"id":1917,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/sessions\/1916\/revisions\/1917"}],"speakers":[{"embeddable":true,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/speakers\/1768"}],"author":[{"embeddable":true,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wporg\/v1\/users\/ramuelgall"}],"wp:attachment":[{"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/media?parent=1916"}],"wp:term":[{"taxonomy":"wcb_track","embeddable":true,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/session_track?post=1916"},{"taxonomy":"wcb_session_category","embeddable":true,"href":"https:\/\/phoenix.wordcamp.org\/2020\/wp-json\/wp\/v2\/session_category?post=1916"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}