• subscribe
  • twitter

WordPress – Defeat XSS malicious code with HTML Purifier

HTML Purifier is an open-source project that uses a standard-complaint HTML filter written in PHP to clean-up cross-site scripts(XSS) aka malicious code that could be found in HTML codes. It is particularly useful in cases where website user or visitors are allowed to post HTML contents, like in the case of most blogging platform.

In WordPress for example visitors are allowed to post HTML contents in the comments using various tags. It very possible and often happens that malicious codes are mixed-up with the comments, but lucky enough WordPress has already included a good HTML filter – KSES.
If you want to improve HTML filtering on your WordPress blog, then you can download for free the HTML Purifier plugin. All you have to do is; download the plugin, upload to your plugin folder, activate and and move to Settings => HTML Purifier for customization.
This plugin is also available for blogging platforms like Drupal, Joomla, CodeIgniter, MODx, Phorum.
A demo page is also available if you want to see how HTML purifier operates before employing it.