What is XSS and can it be dangerous for my wordpress website?

What is Cross-Site-Scripting?


Where do you need security features to avoid XSS?

Known cases


Are wordpress pages protected from XSS?

How to avoid XSS?

Don’t trust any user input

Sanitize Values

Set the HttpOnly flag

Update system and plugins

Web application firewall

Photo by Danielle MacInnes on Unsplash

What should be started with?

var app = document.querySelector(‘#app’);
app.innerHTML = ‘<img src=”x” onerror=”alert(1)”>’;
app.innerHTML = ‘&#60;img src&#61;&#34;x&#34;
var sanitizeHTML = function(str){
return str.replace(/[^\w. ]/gi, function (c ){
return ‘&#’ + c.charCodeAt(0) + ‘;’;
app.innerHTML = sanitizeHTML(‘<img src=”x” onerror=”alert(1)”>’);
Photo by Hack Capital on Unsplash


Business Management Information Systems Student at Flensburg University of Applied Sciences

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store