wordpress security

3   Articles
3
WordPress current_user_can Explained: How to Use WordPress Functions to Avoid Security Bugs

WordPress current_user_can Explained: How to Use WordPress Functions to Avoid Security Bugs

5 Min Read
0 15
5 Min Read
0 15

If you’re writing a WordPress plugin, you don’t want to write features that allow your users to be vulnerable to security bugs. The current_user_can function is a native WordPress security…

Coding vulnerabilitiesSecure coding
jennifer
Continue Reading
WordPress wp_verify_nonce vs check_ajax_referer: How to Stop CSRF in Your WordPress Plugins

WordPress wp_verify_nonce vs check_ajax_referer: How to Stop CSRF in Your WordPress Plugins

6 Min Read
0 10
6 Min Read
0 10

To avoid Cross-Site Request Forgery (CSRF) attacks, WordPress has two functions for plugin developers: wp_verify_nonce and check_ajax_referer. If you don’t use at least one of these functions, your plugin could…

Coding vulnerabilitiesSecure coding
jennifer
Continue Reading
Example of WordPress Programming with Security: Checking WordPress Permissions Before Function Execution (CVE-2025-14428)

Example of WordPress Programming with Security: Checking WordPress Permissions Before Function Execution (CVE-2025-14428)

4 Min Read
0 31
4 Min Read
0 31

The WordPress plugin All-In-One Sticky Floating Contact Form was found to have a vulnerability involving authorization bypasses. When you develop plugins for WordPress, it’s important to ensure that the user…

ProgrammingSecure coding
jennifer
Continue Reading
Page 1 of 1