wordpress-security-validation
WordPress Security & Data Validation
Version: 1.0.0 Target: WordPress 6.7+ | PHP 8.3+ Skill Level: Intermediate to Advanced
Overview
Security is not optional in WordPress development—it's fundamental. This skill teaches the three-layer security model that prevents XSS, CSRF, SQL injection, and other common web vulnerabilities through proper input sanitization, business logic validation, and output escaping.
The Golden Rule: "Sanitize on input, validate for logic, escape on output."
Why This Matters
Every year, thousands of WordPress sites are compromised due to security vulnerabilities in plugins and themes. Most of these attacks exploit one of three weaknesses:
- XSS (Cross-Site Scripting): Malicious JavaScript injected through unsanitized output
- CSRF (Cross-Site Request Forgery): Unauthorized actions performed on behalf of authenticated users
- SQL Injection: Database manipulation through unsanitized database queries
More from bobmatnyc/claude-mpm-skills
drizzle-orm
Type-safe SQL ORM for TypeScript with zero runtime overhead
4.3Kplaywright-e2e-testing
Playwright modern end-to-end testing framework with cross-browser automation, auto-wait, and built-in test runner
2.7Kpydantic
Python data validation using type hints and runtime type checking with Pydantic v2's Rust-powered core for high-performance validation in FastAPI, Django, and configuration management.
2.2Ktailwind-css
Tailwind CSS utility-first framework for rapid UI development with responsive design and dark mode
1.2Ktrpc-type-safety
tRPC end-to-end type-safe APIs for TypeScript with React Query integration and full-stack type safety
1.1Kpytest
pytest - Python's most powerful testing framework with fixtures, parametrization, plugins, and framework integration for FastAPI, Django, Flask
899