A friend of mine told me that my search form is vulnerable and you can run scripts through it. I know that it’s supposed not to accept characters like “< > =” etc and replace them with “\” or something. But I don’t know how to do that.
I don’t use the search widget, but the search form file in my theme’s directory. I can see the wp_specialchars in the file, wasn’t it supposed to do the thing I want?
Please help. Thanks in advance!
- The topic ‘How to secure the wordpress search form?’ is closed to new replies.