Skills
.Work. You
Rest

wp-security-audit

Community

Security-focused WordPress code audits.

Software Engineering#sanitization#wordpress#security-audit#rest-api#capability#escaping#nonce
AuthorLonsdale201
Version1.0.0
Installs0

System Documentation

What problem does it solve?

Audits WordPress plugin or theme PHP code for the most common security mistakes — missing nonce checks, capability checks, input sanitization, output escaping, unslashing, SQL preparation, AJAX nopriv exposure, file/path traversal, and unsafe redirects. Use when reviewing pull requests, before releasing a plugin, when the user asks "is this secure", or when handling code that touches $_GET / $_POST / $_REQUEST / $_COOKIE / $_FILES / $_SERVER, admin-ajax / admin-post, REST endpoints, options, user meta, custom DB queries, or file uploads.

Core Features & Use Cases

  • Nonce and capability checks to prevent unauthorized writes.
  • Input handling, sanitization, and output escaping to defend against XSS and data corruption.
  • Safe file and redirect patterns, REST and AJAX best practices, and error handling.
  • Real-world use: security reviews during PRs, releases, or ad-hoc security questions.

Quick Start

Provide a security-focused code review for a given WP plugin file and return a prioritized findings report.

Dependency Matrix

Required Modules

None required

Components

Standard package

💻 Claude Code Installation

Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.

Please help me install this Skill:
Name: wp-security-audit
Download link: https://github.com/Lonsdale201/wp-agent-skills/archive/main.zip#wp-security-audit

Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
View Source Repository

Agent Skills Search Helper

Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.