1 Security-and-Maintenance
david edited this page 2026-06-16 08:49:38 -07:00

Security and Maintenance

WordPress Security Practices

The plugin should continue to:

  • Escape output with WordPress helpers.
  • Sanitize and validate request data.
  • Use nonces for admin actions.
  • Check capabilities for admin actions.
  • Keep REST output limited to intended public market data.

Routine Maintenance

  • Run scripts/check-release.sh before release.
  • Run scripts/security-audit.sh for focused security checks.
  • Verify admin pages after WordPress or PHP upgrades.
  • Verify WPML Spanish maps after translation changes.
  • Keep this wiki aligned when behavior changes.

Current Runtime Target

  • WordPress 7.0
  • PHP 8.3

Keep an eye on PHP 8.3 notices and deprecations during live-site debugging.