Prevent direct file access to your plugin files

Security should be one of the (if not the) most important aspects of your plugin. Ironically it’s also one of the most difficult parts to explain. There’s no ‘quick fix’ to writing a secure plugin. There are so many aspects to writing a secure plugin and on top of that it’s an ever changing game. Luckily there are some tips that can help make your plugin more secure and one of them is disabling direct file access to your plugin files. Please note that solely preventing direct access to your files doesn’t make your plugin secure but it does help in making it more secure.
Continue Reading…

The importance of WordPress coding standards

With the size of the WordPress project and the gigantic ecosystem created by it, it’s important we (as developers) do certain things the same. Following the WordPress coding standards makes us ‘format’ our code all in the same way, while still giving us all the room for our own creativity. In this post I want to highlight some PHP coding standards, if you’re interested in the full list you can view the Handbook page on WordPress PHP coding standards here.
Continue Reading…