Title: Reducing user input for security
Last modified: January 18, 2024

---

# Reducing user input for security

 *  [ketanco](https://wordpress.org/support/users/ketanco/)
 * (@ketanco)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/)
 * I disabled all comments on my wordpress site but there is still the search box.
   and also of course the login page which is a must have for all sites. so disabling
   comments means nothing because i have these where users can make inputs anyway?
   so as far as security, as long as there is a field a user can make input , such
   as a search box, or login page or comment section or something else, it doesnt
   matter which of these I have and as long as there is one it is a vulnerability?
   so then, how about in addition to removing search box, also changing the default
   file name of wp-login? so there will be nowhere to make input? does it make sense?
   what is the best approach otherwise? just use wordfence etc.. and it protects
   all kinds of user input fields (and not just login box)?

Viewing 6 replies - 1 through 6 (of 6 total)

 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17352772)
 * Having user inputs is not in itself a vulnerability. Vulnerabilities happen when
   the user input isn’t handled correctly. With that in mind, having a standard 
   WordPress search field and logins on your site is probably one of the most secure
   things that you can have as the code for these has been viewed and verified to
   a lot of people.
 *  Thread Starter [ketanco](https://wordpress.org/support/users/ketanco/)
 * (@ketanco)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17352910)
 * ahh ok.
 * but the search box is displayed on my theme. And i think the team that made my
   theme went out of business because i am not seeing any updates since years. So
   that seachbox code exists in theme which is not updated since years and this 
   poses risk ? I have wordfence. Will wordfence still protect my seach box ? ( 
   i know it protects login box)
 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17352916)
 * You are seriously over-thinking this.
 * If the search box is the standard WordPress one, then it will only work with 
   the standard WordPress search functions, which are secure.
 * As far as the theme being secure still if it hasn’t been updated for a while,
   that’s a different story. The only answer that anyone could give to that is “
   maybe”. If you’re concerned, then switch to a different theme that gets regular
   updates.
 *  Thread Starter [ketanco](https://wordpress.org/support/users/ketanco/)
 * (@ketanco)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17353147)
 * ok thanks. And for my learning, what does it mean search function is secure? 
   How?
 *  [catacaustic](https://wordpress.org/support/users/catacaustic/)
 * (@catacaustic)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17353601)
 * I mean that there’s been 100’s, if not 1,000’s of people that have reviewed the
   code for the search functionality. If there was any problems, they would have
   found it. Of course, that’s not to say that it’s 100% secure, but so far it’s
   one of the more secure things out there.
 * I will say one thing. As much as security is very important, you should not get
   caught up in trying to be 100% secure. You never will be. No matter what. And
   that’s not anything to do with any code that you write. It’s all about other 
   plugins that are installed, anything that’s exploited in WordPress core, and 
   anything that’s vulnerable in your hosting environment. All I’m trying to say
   is.. do your best, but don’t let your security goals override your learning. 
   While you do need to know about security, it it something that you will learn,
   so don’t focus 100% on that now.
 *  Thread Starter [ketanco](https://wordpress.org/support/users/ketanco/)
 * (@ketanco)
 * [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17353639)
 * Ok Thanks a lot for the answers

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘Reducing user input for security’ is closed to new replies.

 * In: [Developing with WordPress](https://wordpress.org/support/forum/wp-advanced/)
 * 7 replies
 * 2 participants
 * Last reply from: [ketanco](https://wordpress.org/support/users/ketanco/)
 * Last activity: [2 years, 4 months ago](https://wordpress.org/support/topic/reducing-user-input-for-security/#post-17353639)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics