Zum Hauptinhalt springen

“Instant Search” by WP Engine (overpriced, buggy on non-Astra themes) and “Better Search” (no longer maintained).

Fibosearch (free) – faster, better for WooCommerce, but custom fields require paid version. Best Premium AJAX Search Plugin SearchWP + Live Search add-on – most flexible, best for custom fields, supports PDFs, comments, custom tables. Starts at $99/year.

| Risk | Example | Mitigation | |------|---------|-------------| | Heavy queries (DoS) | s=aaaaaaaa... (100 chars) | Limit query length to 50 chars | | SQL injection | s=' OR 1=1 | Parameterized queries (WP core does this) | | Data leakage | Searching draft posts | Check current_user_can('read_post') | | XSS | Result contains <script> | Escape output with esc_html() |