Title: php security
Last modified: November 11, 2021

---

# php security

 *  Resolved [nielshensen](https://wordpress.org/support/users/nielshensen/)
 * (@nielshensen)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/php-security/)
 * How is the security handled for the code snippets.
    Is my code safe for injections?

Viewing 2 replies - 1 through 2 (of 2 total)

 *  Plugin Author [Passionate Programmer Peter](https://wordpress.org/support/users/peterschulznl/)
 * (@peterschulznl)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/php-security/#post-15059349)
 * Hi Niels,
 * CLIENT SIDE
    Since PHP code is executed on the server, it is not possible to 
   inject code from a browser.
 * SERVER SIDE
    The Code Manager saves your PHP code in the database. From there,
   PHP code execution follows the same rules as PHP code execution from a PHP file.
   Access to a PHP file is needed to inject code. This is the same with the Code
   Manager. Access to the database is needed to inject code.
 * NETWORK
    Use HTTPS.
 * The plugin allows only admin users to save PHP code in the database. It checks
   the admins login and adds an additional token to validate the admins action. 
   This is the standard way to secure WordPress dashboard actions. It would of course
   be possible to change saved code using a tool like MyPhpAdmin. Like admin users,
   I presume MyPhpAdmin users are trusted users.
 * To inject code into a PHP file, ftp or WordPress dashboard access is needed. 
   To inject code into the database, WordPress dashboard or database access is needed.
   For both options you need to keep your accounts safe.
 * Does this answer your question?
 * Best regards,
    Peter
 *  Thread Starter [nielshensen](https://wordpress.org/support/users/nielshensen/)
 * (@nielshensen)
 * [4 years, 5 months ago](https://wordpress.org/support/topic/php-security/#post-15060016)
 * Hi Peter,
 * Thanks this definitely answers the question.
    Couldn’t find anything about this
   in de documentation and I wanted to know for sure.
 * Thanks again.
 * Best regards,
    Niels
    -  This reply was modified 4 years, 5 months ago by [nielshensen](https://wordpress.org/support/users/nielshensen/).

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘php security’ is closed to new replies.

 * ![](https://ps.w.org/code-manager/assets/icon-128x128.png?rev=2392773)
 * [Code Manager](https://wordpress.org/plugins/code-manager/)
 * [Support Threads](https://wordpress.org/support/plugin/code-manager/)
 * [Active Topics](https://wordpress.org/support/plugin/code-manager/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/code-manager/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/code-manager/reviews/)

 * 2 replies
 * 2 participants
 * Last reply from: [nielshensen](https://wordpress.org/support/users/nielshensen/)
 * Last activity: [4 years, 5 months ago](https://wordpress.org/support/topic/php-security/#post-15060016)
 * Status: resolved