wpdiggerstudio/wpzylos-security

Security primitives (Nonce, Gate, Sanitizer, Escaper) for WPZylos framework

Maintainers

Details

github.com/WPDiggerStudio/wpzylos-security

Homepage

Source

Issues

Documentation

Fund package maintenance!
Paypal

Installs: 267

Dependents: 2

Suggesters: 0

Security: 0

Stars: 0

Watchers: 0

Forks: 0

Open Issues: 0

pkg:composer/wpdiggerstudio/wpzylos-security

v1.0.0 2026-02-01 13:02 UTC

Requires

Requires (Dev)

MIT 9c95f3b725a2316f452a8bf8a55792f1bda2ae7d

authorizationsecuritywordpressescapingsanitizationnoncewpzylos

This package is auto-updated.

Last update: 2026-02-01 13:03:52 UTC

README

PHP Version License GitHub

Security primitives (Nonce, Gate, Sanitizer, Escaper) for WPZylos framework.

📖 Full Documentation | 🐛 Report Issues

✨ Features

  • Nonce — WordPress nonce generation and verification
  • Gate — Capability-based authorization
  • Sanitizer — Input sanitization helpers
  • Escaper — Output escaping helpers
  • CSRF Protection — Cross-site request forgery prevention

📋 Requirements

Requirement Version
PHP ^8.0
WordPress 6.0+

🚀 Installation

composer require wpdiggerstudio/wpzylos-security

📖 Quick Start

use WPZylos\Framework\Security\Nonce;
use WPZylos\Framework\Security\Gate;

// Nonce handling
$nonce = Nonce::create('my_action');
if (Nonce::verify($_POST['nonce'], 'my_action')) {
    // Valid nonce
}

// Authorization
if (Gate::allows('edit_posts')) {
    // User can edit posts
}

🏗️ Core Features

Nonce Management

use WPZylos\Framework\Security\Nonce;

// Create nonce
$nonce = Nonce::create('save_settings');

// Create nonce field
echo Nonce::field('save_settings');

// Verify nonce
if (Nonce::verify($_POST['_wpnonce'], 'save_settings')) {
    // Valid
}

Authorization Gate

use WPZylos\Framework\Security\Gate;

// Check capability
if (Gate::allows('manage_options')) {
    // Admin only
}

// Deny access
if (Gate::denies('edit_posts')) {
    wp_die('Unauthorized');
}

// Check with post ID
if (Gate::allows('edit_post', $post_id)) {
    // Can edit specific post
}

Input Sanitization

use WPZylos\Framework\Security\Sanitizer;

$email = Sanitizer::email($_POST['email']);
$title = Sanitizer::text($_POST['title']);
$content = Sanitizer::html($_POST['content']);
$url = Sanitizer::url($_POST['url']);

Output Escaping

use WPZylos\Framework\Security\Escaper;

echo Escaper::html($userInput);
echo Escaper::attr($attribute);
echo Escaper::url($url);
echo Escaper::js($jsString);

📦 Related Packages

Package Description
wpzylos-core Application foundation
wpzylos-validation Input validation
wpzylos-scaffold Plugin template

📖 Documentation

For comprehensive documentation, tutorials, and API reference, visit wpzylos.com.

☕ Support the Project

If you find this package helpful, consider buying me a coffee! Your support helps maintain and improve the WPZylos ecosystem.

Donate with PayPal

📄 License

MIT License. See LICENSE for details.

🤝 Contributing

Contributions are welcome! Please see CONTRIBUTING.md for guidelines.

Made with ❤️ by WPDiggerStudio