Reducing user input for security

Having user inputs is not in itself a vulnerability. Vulnerabilities happen when the user input isn’t handled correctly. With that in mind, having a standard WordPress search field and logins on your site is probably one of the most secure things that you can have as the code for these has been viewed and verified to a lot of people.

You are seriously over-thinking this.

If the search box is the standard WordPress one, then it will only work with the standard WordPress search functions, which are secure.

As far as the theme being secure still if it hasn’t been updated for a while, that’s a different story. The only answer that anyone could give to that is “maybe”. If you’re concerned, then switch to a different theme that gets regular updates.

I mean that there’s been 100’s, if not 1,000’s of people that have reviewed the code for the search functionality. If there was any problems, they would have found it. Of course, that’s not to say that it’s 100% secure, but so far it’s one of the more secure things out there.

I will say one thing. As much as security is very important, you should not get caught up in trying to be 100% secure. You never will be. No matter what. And that’s not anything to do with any code that you write. It’s all about other plugins that are installed, anything that’s exploited in WordPress core, and anything that’s vulnerable in your hosting environment. All I’m trying to say is.. do your best, but don’t let your security goals override your learning. While you do need to know about security, it it something that you will learn, so don’t focus 100% on that now.