admin管理员组文章数量:1300069
I have a question regarding a wordpress site I have recently developed for a client. I have only until now developed a site for small clients that just require personal websites, however this client has asked me to redeveloped his site as the current one has alot of security issues. Anyway I have created the site and shown it to him and he has asked if I can 'apply input sanitation so special characters like @,&,-,+,% are not allowed' to the login field.
- My question therefore is does Wordpress require further development to stop SQL injections etc on login forms? And do I need to apply input sanitation to the login fields?
- It seems odd to not allow special characters when special characters are better for passwords so should I do this? Bare in mind that the site doesn't have public registration. It has a login feature for partners which the admin would create the login for.
Thanks
Ian
I have a question regarding a wordpress site I have recently developed for a client. I have only until now developed a site for small clients that just require personal websites, however this client has asked me to redeveloped his site as the current one has alot of security issues. Anyway I have created the site and shown it to him and he has asked if I can 'apply input sanitation so special characters like @,&,-,+,% are not allowed' to the login field.
- My question therefore is does Wordpress require further development to stop SQL injections etc on login forms? And do I need to apply input sanitation to the login fields?
- It seems odd to not allow special characters when special characters are better for passwords so should I do this? Bare in mind that the site doesn't have public registration. It has a login feature for partners which the admin would create the login for.
Thanks
Ian
Share Improve this question asked Mar 25, 2021 at 10:00 snookiansnookian 1551 silver badge7 bronze badges1 Answer
Reset to default 1wp-login.php should not require additional effort from you to secure. However, I don't think that's what you client is asking for.
My question therefore is does Wordpress require further development to stop SQL injections etc on login forms? And do I need to apply input sanitation to the login fields?
To wp-login.php, no, you don't. Not for security reasons, anyway, but that's not what your client asked for. They just asked to make "@,&,-,+,% are not allowed", which sounds like a business logic decision, and not related to security.
It seems odd to not allow special characters when special characters are better for passwords so should I do this? Bare in mind that the site doesn't have public registration. It has a login feature for partners which the admin would create the login for.
From what you've said, your client didn't mention the password field. They just mentioned the "login" field, which I would interpret as the username field.
本文标签: loginInput sanitation
版权声明:本文标题:login - Input sanitation 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1741655742a2390750.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。
发表评论