Validating, sanitizing, and escaping
When writing theme and plugin code, it is important to be mindful of how data coming into WordPress is handled and how it is presented to the end user.
Tag: tech-ref
Showing page 23 of 26
Security best practices for all users
All users on the VIP Platform should follow best practices when it comes to securing their devices, accounts, and access to VIP tools.
JavaScript security recommendations
A best practice in PHP for WordPress is to use escaping functions to prevent Cross Site Scripting (XSS).
Enforce Two-Factor Authentication
Two-factor authentication (also known as 2FA) is a method for securely granting users access to a site or application. This method requires a user to know something (e.g. a password), and requires a user to possess an object (e.g. their mobile device or a hardware security key) or a unique biological trait (e.g. a fingerprint). Requiring multiple forms of verification is a basic way to protect a site against security compromises due to leaked or guessed passwords.
Control Jetpack content distribution
By default, Jetpack is enabled on all WordPress sites hosted on the VIP Platform. Jetpack adds a suite of powerful security, performance, and marketing features. Jetpack features that aid in content consumption, distribution, and syndication are collectively referred to as “content distribution tools“.
VIP-CLI
VIP-CLI is the command-line interface for VIP Go for interacting with VIP applications and performing actions like syncing data between VIP environments.
Data sync from production to non-production environments
Data syncs between VIP Platform environments facilitate testing and quality assurance (QA) of new features and allows teams to accurately reproduce and examine errors in a non-production environment. After a data sync from a production environment to a non-production environment is completed, the target environment will automatically load shared media files that were uploaded to production. This eliminates the need to copy media between environments.
Retrieving remote data
Fetching data from other servers (e.g., fetching information from external APIs or resources) can be a relatively slow process, and issues relating to timeouts can occur. Remote calls such as wp_remote_get(), wp_safe_remote_get() and wp_oembed_get() should rely on the WordPress HTTP API (not cURL) and should be cached.
Query cache
The Query Cache provides light-weight and transparent in-memory caching of many database queries (such as post lookups) which reduces the overall load on the database and results in a faster, more-scalable site.
Version updates for WordPress
Upgrades for major release versions of WordPress can be managed for an environment in the Software Versions panel of the VIP Dashboard.