WordPress Plugin Security
Download as PPTX, PDF0 likes101 views
The document outlines a coding session on WordPress plugin security led by Jonathan Bossenger, who provides instructions for setting up a local development environment. Key learning outcomes include sanitizing and validating data, preventing unauthorized access, and securing admin actions. Participants are encouraged to engage, ask questions, and utilize provided resources during the session.
WordPress Plugin Security
- 1. Jonathan Bossenger Let’s Code Learn.WordPress.org WordPress plugin security
- 2. 2 👋🏽 Welcome! As you join, please make sure you have your local development environment ready: • A local WordPress installation • A code editor like VSCode or Sublime • An insecure plugin • https://github.com/jonathanbossenger/wp- learn-plugin- security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip Then, let everyone know in the chat where you’re joining us from… Hello! ○ My name is Jonathan Bossenger ○ From Cape Town, South Africa ○ Ex-developer turned code instructor ○ Sponsored contributor at Automattic ○ @jon_bossenger in Twitter
- 4. Announcements ○ Welcome, and Happy New Year! ○ Thanks to Thelma for co-hosting! ○ We are presenting in focus mode, but please feel free to enable your video. ○ You are welcome to ask questions. ○ You are welcome to post questions in the chat, or unmute to ask questions.
- 5. Announcements ○ Make sure your local install is ready ○ https://github.com/jonathanbossenger/wp-learn-plugin- security/releases/download/1.0.0/wp-learn-plugin-security.1.0.0.zip ○ If I am going too fast, please let me know! ○ We will be posting this session to https://wordpress.tv/ afterwards ○ For more WordPress focused content please visit https://learn.wordpress.org/
- 6. Learning Outcomes 1. All about plugin security • Sanitizing inputs • Data validation • Escaping outputs • Preventing invalid requests • Preventing unauthenticated users
- 7. Objectives 1 1. Setup and review the insecure plugin 2. Sanitize any incoming data 3. Validate any incoming data 4. Escape any data being rendered to the browser 5. Secure any form submissions or Ajax requests 6. Ensure any admin actions can only be performed by an admin 7
- 9. Resources ○ https://github.com/jonathanbossenger/wp-learn-plugin-security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip ○ https://developer.wordpress.org/plugins/security/ ○ https://developer.wordpress.org/apis/security/
Editor's Notes
- #2: TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.