logo

Security

Security measures implemented in Schemafy

Security

Schemafy implements multiple layers of security:

CSRF Protection

All AJAX requests use WordPress nonces to prevent Cross-Site Request Forgery.

Capability Checks

Capability checks (manage_options, edit_posts) on all operations. Only users with appropriate permissions can manage schemas.

Input Sanitization

All user input data is sanitized before processing. This includes:

  • Schema names and URLs
  • JSON-LD data
  • Meta tags and social media fields

JSON Validation

All JSON is validated before being saved to the database:

  • JSON syntax validation
  • Schema.org structure verification
  • Required field check
  • Google Guidelines compliance

SQL Injection Prevention

All database queries use $wpdb->prepare() to prevent SQL injection.

Encoding

JSON-LD data is properly encoded when injected into HTML to prevent XSS.

Previous

Dynamic Variables

Next

Interactive Tutorial