Prevent XSS Vulnerability helps you to secure your site from the XSS Attacks. It Captures the URL and checks whether it contains any XSS Vulnerability code or not. If any vulnerability code is found which creates the issue then that URL would be redirected to the same URL by just encoding or/and removing the XSS Vulnerability code from it. This can be managed from the Settings Page of the plugin. You can easily exclude the characters which you are using on your site. You can learn more about Cross-site Scripting (XSS) from here: https://www.yasglobal.com/cross-site-scripting-xss/
Prevent XSS Vulnerability also shows a message to warn the user about Self-XSS attack. You can customize the message from the Self-XSS settings page if left empty then it uses the default message as shown below:
ENCODE PARAMETERS:
- Exclamation Mark
!
- Double Quotation
"
- Single Quotation
'
- Opening Round Bracket
(
- Closing Round Bracket
)
- Asterik Sign
*
- Less than Sign
<
- Greater than Sign
>
- Hyphen
`
- Cap Sign
^
- Opening Square Bracket
[
- Closing Square Bracket
]
- Opening Curly Bracket
{
- Mod Sign
|
- Closing Curly Bracket
}
REMOVE PARAMETERS:
- Opening Round Bracket
(
- Closing Round Bracket
)
- Less than Sign
<
- Greater than Sign
>
- Opening Square Bracket
[
- Closing Square Bracket
]
- Opening Curly Bracket
{
- Mod Sign
|
- Closing Curly Bracket
}
Escape HTML:
Prevent XSS Vulnerability also provide Escape HTML functionality in $_GET
variable. $_GET
is mostly used to put the values in HTML from the URL. This Check is quite useful if your site using/getting anything from the URL and printing it in HTML. It secures your Search and other sections as per your site working.
NOTE: MAKE SURE TO CHECK YOUR FORMS AFTER ACTIVATING THE PLUGIN AND IF YOU HAVE WOOCOMMERCE SITE THEN PLEASE ALSO CHECK THE CART AND CHECKOUT PROCESS.
Download:
You can download Prevent XSS Vulnerability Plugin from here:
https://wordpress.org/plugins/prevent-xss-vulnerability/
Contact:
To have any kind of query, you can contact us via our Contact form.