WordPress, use esc_html_e() instead of _e()
For maximum security, use esc_html_e() instead of _e() (and esc_html__()/__()), to ensure any unwanted HTML snuck into a translation file is neutralised.
For strings that have HTML in them, use wp_…
Hackers have set a target of defacing thousands of websites using the latest WordPress REST API exploit. Within 24 hours only, more than 10,000 random websites have been hacked and defaced. The hack includes Government, Education and Personal websites bei...Read more »