Hi nextstep. This post should answer your question.
Hi BD, thanks for this.
Could you explain why was it changed?
Thanks for that but I’m not a coder so it doesn’t really make a lot of sense to me. I will assume it was changed because it was a security issue. I’m still not sure why I can add it in some parts of a theme and not others. Why it was OK one day and then not the next?
Can you advise with that code adjustment, is my site at risk? Should I revert back to the original code?
My disclaimer here, before I answer your questions, is that the only way to make absolutely sure that your site doesn’t have any security risks is take it off the web. There are many steps that you can take to secure your site, but none of them are guaranteed to eliminate all risks.
I will assume it was changed because it was a security issue
I don’t know that it was any specific issue. The previous developer may have decided it was “best practice” to filter the contents before it went to the browser just to help ensure there wasn’t any injected code added to the text.
I’m still not sure why I can add it in some parts of a theme and not others.
Some filtering of user-generated data is done by WP; other areas are left up the the developer’s discretion.
Why it was OK one day and then not the next?
The change to the theme was based on whatever criteria the developer used to decide he wanted to implement the additional data filtering.
is my site at risk?
Well, the short answer is, every site on the web is at risk, some more than others. If you’re following the WP security best practices then the level of risk to your site should be substantially reduced.
Should I revert back to the original code?
Since you’re the one entering the data, and if you’re following the recommended security measures, I wouldn’t expect that you’d have any problems without the filter.
