WordPress Development Best Security Practices
Today’s post will cover WordPress security.
Most of our clients at my current company use WordPress. While it’s a great platform for building websites, it’s also a popular target for hackers. Here are some best practices I follow to keep WordPress sites secure:
- Update WordPress, themes, and plugins regularly, please.
- Use strong passwords, please.
- Avoid using a popular pagebuilder like Elementor, Divi, or WPBakery. I’ve seen sites get hacked because of these plugins. I think the built-in editor is good enough. Of course unless you’re building a more complex site.
- Any output should be escaped.
esc_url()
all the things. - When there’s a WordPress function, use it. Don’t reinvent the wheel.
- Always use
$wpdb
functions - Use
$wpdb->prepare()
to escape SQL queries. - Use nonces to protect forms.
Additional Resources
- WordPress Security Your bible if you’re taking WordPress security seriously.
- Theme Handbook Security If you’re a theme developer, this is a must-read, (which my post covers all of it).