Nowadays hackers will try to inject code though frontend form fields. But we can overcome that if we learn and do with wordpress that will be prevent site form hackers.
Escaping with Localization #Escaping with Localization
Rather than using echo to output data, it’s common to use the WordPress localization functions, such as _e() or __().
These functions simply wrap a localization function inside an escaping function:
1
esc_html_e( 'Hello World', 'text_domain' );
// same as
echo esc_html( __( 'Hello World', 'text_domain' ) );
These helper functions combine localization and escaping:
esc_html__()
esc_html_e()
esc_html_x()
esc_attr__()
esc_attr_e()
esc_attr_x()The sanitize_*() series of helper functions provide an effective way to ensure you’re ending up with safe data, and they require minimal effort on your part:
sanitize_email()
sanitize_file_name()
sanitize_html_class()
sanitize_key()
sanitize_meta()
sanitize_mime_type()
sanitize_option()
sanitize_sql_orderby()
sanitize_text_field()
sanitize_title()
sanitize_title_for_query()
sanitize_title_with_dashes()
sanitize_user()
esc_url_raw()
wp_filter_post_kses()
wp_filter_nohtml_kses()