Prevent XSS Vulnerability

This plugin helps protect your website from two common types of Cross-Site Scripting (XSS) vulnerabilities:

• Reflected XSS: This happens when harmful scripts are hidden in a website's URL. If a user clicks a link with such a script, it can run in their browser, potentially stealing their data or taking control of their system.
• Self-XSS: This occurs when a user's own input on your website is displayed back to them in an unsafe way, allowing malicious scripts to run in their browser.

This plugin provides several layers of protection: Blocking: When active, the plugin checks URLs for specific characters. If it finds any of these characters in the URL, it redirects the user to prevent a potential XSS attack. You can customize which characters to block or allow.

• Opening Round Bracket (
• Closing Round Bracket )
• Less than Sign <
• Greater than Sign >
• Opening Square Bracket [
• Closing Square Bracket ]
• Opening Curly Bracket {
• Pipe or Vertical Bar |
• Closing Curly Bracket }

Encoding: For an extra layer of security, the plugin encodes certain characters found in URL parameters. This stops harmful code from running, even if it's present in the URL. You can also choose to exclude specific parameters from being encoded.

• Exclamation Mark !
• Double Quotation "
• Single Quotation '
• Opening Round Bracket (
• Closing Round Bracket )
• Asterisk Sign *
• Less than Sign <
• Greater than Sign >
• Grave Accent `
• Caret ^
• Opening Square Bracket [
• Closing Square Bracket ]
• Opening Curly Bracket {
• Pipe or Vertical Bar |
• Closing Curly Bracket }

Escaping HTML in $_GET: This plugin automatically makes HTML characters safe within the $_GET variable. This is vital if your website pulls data from URLs and displays it as part of your web page. It helps prevent malicious scripts from being injected through user-provided input.

You can install this plugin either through your WordPress dashboard or manually via FTP. From within WordPress

1. Go to 'Plugins > Add New'.
2. Search for "Prevent XSS Vulnerability".
3. Click "Activate" for "Prevent XSS Vulnerability" on your Plugins page.
4. Then, follow the "After activation" steps below.

Manually (via FTP)

1. Upload the prevent-xss-vulnerability folder to the /wp-content/plugins/ directory.
2. Activate "Prevent XSS Vulnerability" from the 'Plugins' menu in WordPress.
3. Then, follow the "After activation" steps below.

After activation

1. Go to the Prevent XSS Vulnerability page in your WordPress Admin Dashboard.
2. Adjust the settings to fit your website's needs.
3. That's it! You're done.

2.1.0 - July 03, 2025

• Key Changes & Improvements:
• Enhanced Console Visibility: The prominent "Stop!" message now appears in a much larger (48px), bold, red font with a black text shadow to grab immediate attention. The main warning message also uses a larger, more readable font (20px).
• Improved Console Grouping: The entire Self-XSS warning is now grouped within a console.group('Self-XSS Warning') block. This keeps all related messages together in the developer console, making the warning stand out and preventing it from getting lost among other console output.

Earlier versions

• For a detailed changelog of earlier versions, please refer to the separate changelog.txt file.