Be careful with these PHP and Wordpress functions

If you’re a budding Wordpress theme or plugin developer or just a do it yourself type, you should know that many functions are not safe to use straight out of the box. Smashing Magazine just wrote a lengthy article on the subject and it’s worth the read if you’re less experienced.

Many of the PHP functions listed in the article are well known but even intermediate developers stumble over some of these from time to time. The Wordpress function is_admin is really crazy, they name a function making you think the logged in user is admin but in reality all it does is show if you’re on an admin page or not.

My rule of thumb is that if you deal with any user input then always validate the data and fully understand the functions you use, else you risk malicious data to be passed into your system.

Read the full article to tigthen up your security skills.