// Format and return JSON return array_map(function($post) return [ 'title' => get_the_title($post), 'url' => get_permalink($post), 'excerpt' => wp_trim_words($post->post_excerpt, 20) ]; , $query->posts);
| Risk | Example | Mitigation | |------|---------|-------------| | Heavy queries (DoS) | s=aaaaaaaa... (100 chars) | Limit query length to 50 chars | | SQL injection | s=' OR 1=1 | Parameterized queries (WP core does this) | | Data leakage | Searching draft posts | Check current_user_can('read_post') | | XSS | Result contains <script> | Escape output with esc_html() | wordpress search plugin ajax
| Approach | Example | Pros | Cons | |----------|---------|------|------| | | Default WP search + AJAX wrapper | No extra DB tables | Slow, no relevance tuning | | Indexed | SearchWP, Relevanssi | Fast, fuzzy matches, custom weights | Rebuilds index on save/update | Relevanssi | Fast
If you prefer not to code this yourself, several excellent plugins handle this out of the box: wordpress search plugin ajax
For , go with Fibosearch .For maximum control over search logic, choose SearchWP .For stunning visuals and ease of use, Ajax Search Lite is your best bet.
