Tag Archives: Security

PHP Filter_Var() – Sanitize Common Data Input

Filter_Var() is a PHP function intended to help validate and sanitize certain types of data. It can verify that an email address is in a correct format, remove harmful characters and tags, etc..

I discovered this interesting feature through Sanitize and Validate Data with PHP Filters over at NETTUTS.

The function validates and sanitizes, two things that are very much different but easily confused. Validation is the act of making sure that input is formatted correctly, while sanitization is the process of filtering out unwanted garbage that may be detrimental, such as exploitation attempts.

The following would return a string containing the validated email, or FALSE if it were malformed.

filter_var('nobody@example.org', FILTER_VALIDATE_EMAIL);

Defend Your Blog Against Intruders

Back in December, I wrote an article about recovering after your blog has been vandalized. Of course, you want to avoid having your blog trashed in the first place.

The Lost Art of Blogging has recently released an informative article on securing your WordPress-powered blog. “Fighting Blog Hacks: Preventing And Eliminating Intruders” covers several things you should do to help avoid having your blog vandalized. They’re mainly simple tweaks, and you should definitely consider implementing them.

A few weeks ago I had the unpleasant surprise of finding out that my blog [The Lost Art of Blogging] got automatically hacked by spam bots, due to a WordPress exploit, and in course also got infected with malware. Google, vigilant as always, was quick on scanning LOAB for any malicious software, found some corrupted code and immediately flagged the blog. What happened next was very predictable: who ever tried to search to for something on Google and found LOAB among the search results wasn’t able to access the blog, as it was “quarantined.” I lost hundreds of visitors daily during the course of two weeks, my rankings were shattered and of course the blog’s reputation was stained; as a side note I’d like to thank all the loyal readers that confidently continued to read my blog during that tough period.

Don’t let it happen to your blog.