diff --git a/README.md b/README.md
index 0f2586d..802c9e0 100644
--- a/README.md
+++ b/README.md
@@ -2,7 +2,7 @@
 * Contributors:      Stefan Kalscheuer
 * Requires at least: 3.9
 * Tested up to:      4.5.3
-* Stable tag:        1.1.0
+* Stable tag:        1.1.1
 * License:           GPLv3 or later
 * License URI:       https://www.gnu.org/licenses/gpl-3.0.html
 
@@ -12,31 +12,39 @@ A blacklist extension for the famous [Statify](http://statify.de) Wordpress plug
 This plugin adds customizable blacklist to Statify to allow blocking of referer spam or internal interactions.
 
 ### Current Features ##
-####Referer Blacklist
+#### Referer Blacklist ####
 Add a list of domains (for simplicity onl second-level, e.g. _example.com_ which blocks _everything.example.com_).
 
-#### CleanUp Database
+#### CleanUp Database ####
 Filters can be applied to data stored in database after modifying filter rules or for one-time clean-up.
 
-
-### Compatibility ###
+#### Compatibility ####
 This plugin requires Statify to be installed. The extension has been tested with Statify 1.4.2
 The plugin is capable of handling multisite installations.
 
 ### Credits ###
 * Author: Stefan Kalscheuer
+* Special Thanks to [pluginkollektiv](http://pluginkollektiv.org/) for maintaining _Statify_
 
 ## Installation ##
 * If you don’t know how to install a plugin for WordPress, [here’s how](http://codex.wordpress.org/Managing_Plugins#Installing_Plugins).
+* Make sure _Statify_ plugin is installed and active 
+* Goto _Settings_ -> _Statify Blacklist_ to configure the plugin
 
 ### Requirements ###
 * PHP 5.2.4
 * WordPress 3.9
-* Statify plugin installed and activated (tested with 1.4.2)
+* Statify plugin installed and activated (tested up to 1.4.3)
 
-## Changelog
-#### 1.1.0 / 15.08.2016
+## Screenshots ##
+1. Statify Blacklist settings page
+
+## Changelog ##
+### 1.1.1 / 16.08.2016 ###
+* Some security fixes
+
+### 1.1.0 / 15.08.2016 ###
 * One-time execution on database
 
-#### 1.0.0 / 14.08.2016
+### 1.0.0 / 14.08.2016 ###
 * First release
\ No newline at end of file
diff --git a/inc/statifyblacklist.class.php b/inc/statifyblacklist.class.php
index 39c3a54..b7b859d 100644
--- a/inc/statifyblacklist.class.php
+++ b/inc/statifyblacklist.class.php
@@ -79,15 +79,9 @@ class StatifyBlacklist
    * Update options
    *
    * @since   1.0.0
+   * @changed 1.1.1
    */
-  public static function update_options($options = null) {
-    if (isset($options)) {
-      if ((is_multisite() && array_key_exists(STATIFYBLACKLIST_BASE, (array)get_site_option('active_sitewide_plugins'))))
-        update_site_option('statify-blacklist', $options);
-      else
-        update_option('statify-blacklist', $options);
-    }
-
+  public static function update_options() {
     self::$_options = wp_parse_args(
       get_option('statify-blacklist'),
       array(
diff --git a/inc/statifyblacklist_admin.class.php b/inc/statifyblacklist_admin.class.php
index 0e16331..aea2e09 100644
--- a/inc/statifyblacklist_admin.class.php
+++ b/inc/statifyblacklist_admin.class.php
@@ -1,5 +1,8 @@
 <?php
 
+/* Quit */
+defined('ABSPATH') OR exit;
+
 /**
  * Statify Blacklist admin configuration
  *
@@ -7,6 +10,36 @@
  */
 class StatifyBlacklist_Admin extends StatifyBlacklist
 {
+  /**
+   * Update options
+   *
+   * @return mixed  array of sanitized array on errors, FALSE if there were none
+   * @since   1.1.1
+   */
+  public static function update_options($options) {
+    if (isset($options) && current_user_can('manage_options')) {
+      /* Sanitize URLs and remove empty inputs */
+      $givenReferer = $options['referer'];
+      $sanitizedReferer = self::sanitizeURLs($givenReferer);
+
+      /* Abort on errors */
+      if (!empty(array_diff($givenReferer, $sanitizedReferer))) {
+        return $sanitizedReferer;
+      }
+
+      /* Update database on success */
+      if ((is_multisite() && array_key_exists(STATIFYBLACKLIST_BASE, (array)get_site_option('active_sitewide_plugins'))))
+        update_site_option('statify-blacklist', $options);
+      else
+        update_option('statify-blacklist', $options);
+    }
+
+    /* Refresh options */
+    parent::update_options();
+
+    return false;
+  }
+
   /**
    * Add configuration page to admin menu
    *
@@ -65,20 +98,47 @@ class StatifyBlacklist_Admin extends StatifyBlacklist
    * Filter database for cleanup.
    *
    * @since   1.1.0
+   * @changed 1.1.1
    */
   public static function cleanup_database() {
+    /* Check user permissions */
+    if (!current_user_can('manage_options'))
+      die(_e('Are you sure you want to do this?'));
+
     global $wpdb;
 
+    /* Sanitize URLs */
+    $referer = self::sanitizeURLs(self::$_options['referer']);
+
     /* Build filter regexp */
-    $refererRegexp = str_replace('.', '\.', implode('|', self::$_options['referer']));
+    $refererRegexp = str_replace('.', '\.', implode('|', $referer));
     if (!empty($refererRegexp)) {
       /* Execute filter on database */
       $wpdb->query(
         $wpdb->prepare("DELETE FROM `$wpdb->statify` WHERE referrer REGEXP %s", $refererRegexp)
       );
-    }
 
-    /* Optimize DB */
-    $wpdb->query("OPTIMIZE TABLE `$wpdb->statify`");
+      /* Optimize DB */
+      $wpdb->query("OPTIMIZE TABLE `$wpdb->statify`");
+    }
+  }
+
+
+  /**
+   * Sanitize URLs and remove empty results
+   * @param $urls array   given array of URLs
+   * @return array  sanitized array
+   *
+   * @since    1.1.1
+   */
+  private static function sanitizeURLs($urls) {
+    return array_filter(
+      array_map(
+        function($r) {
+          return preg_replace('/[^\da-z\.-]/i', '', filter_var($r, FILTER_SANITIZE_URL));
+        },
+        $urls
+      )
+    );
   }
 }
\ No newline at end of file
diff --git a/readme.txt b/readme.txt
deleted file mode 100644
index a0fdfa0..0000000
--- a/readme.txt
+++ /dev/null
@@ -1,35 +0,0 @@
-=== Statify Blacklist ===
-Contributors: Stefan Kalscheuer
-Tags: stats, extension, blacklist, filter
-Requires at least: 3.9
-Tested up to: 4.5.3
-Stable tag: trunk
-License: GPLv3 or later
-License URI: https://www.gnu.org/licenses/gpl-3.0.html
-
-Extension for the Statify statistics plugin. Provides a customizable referer blacklist.
-
-== Description ==
-A blacklist extension for the famous [Statify](http://statify.de) Wordpress plugin.
-
-This plugin adds customizable blacklist to Statify to allow blocking of referer spam or internal interactions.
-
-== Requirements ==
-* PHP 5.2.4
-* WordPress 3.9
-* Statify plugin (tested with 1.4.2)
-
-== Installation ==
-1. Upload the plugin files to the `/wp-content/plugins/statify-blacklist` directory, or install the plugin through the WordPress plugins screen directly.
-1. Activate the plugin through the 'Plugins' screen in WordPress
-1. Use the Settings->Plugin Name screen to configure the plugin
-1. (Make your instructions match the desired user flow for activating and installing your plugin. Include any steps that might be needed for explanatory purposes)
-
-
-== Changelog ==
-
-= 1.1.0 / 15.08.2016 =
-* One-time execution on database
-
-= 1.0.0 / 14.08.2016 =
-* First release
diff --git a/statifyblacklist.php b/statifyblacklist.php
index af81033..65e4639 100644
--- a/statifyblacklist.php
+++ b/statifyblacklist.php
@@ -4,11 +4,11 @@ Plugin Name: Statify Blacklist
 Description: Extension for the statify plugin to add a customizable blacklists.
 Text Domain: statify-blacklist
 Domain Path: /lang
-Author:      stklcode
+Author:      Stefan Kalscheuer
 Author URI:  https://stklcode.de
 Plugin URI:  https://wordpress.org/plugins/statify-blacklist
 License:     GPLv3 or later
-Version:     1.1.0
+Version:     1.1.1
 */
 
 /* Quit */
diff --git a/views/settings_page.php b/views/settings_page.php
index d86f407..6a19a16 100644
--- a/views/settings_page.php
+++ b/views/settings_page.php
@@ -1,17 +1,40 @@
 <?php
 
+/* Quit */
+defined('ABSPATH') OR exit;
+
 /* Update plugin options */
 if ( !empty($_POST['statifyblacklist']) ) {
+  /* Verify nonce */
+  check_admin_referer( 'statify-blacklist-settings' );
+
+  /* Check user capabilities */
+  if (!current_user_can('manage_options')) {
+    die(_e('Are you sure you want to do this?'));
+  }
+
   if (!empty($_POST['cleanUp'])) {
     /* CleanUp DB */
     StatifyBlacklist_Admin::cleanup_database();
   } else {
-    StatifyBlacklist::update_options(
+    /* Extract referer array */
+    if (empty(trim($_POST['statifyblacklist']['referer']))) $referer = array();
+    else $referer = explode("\r\n", $_POST['statifyblacklist']['referer']);
+
+    /* Update options (data will be sanitized) */
+    $statifyBlacklistUpdateResult= StatifyBlacklist_Admin::update_options(
       array(
         'active_referer' => (int)@$_POST['statifyblacklist']['active_referer'],
-        'referer' => explode("\r\n", $_POST['statifyblacklist']['referer'])
+        'referer' => $referer
       )
     );
+
+    /* Generate messages */
+    if ($statifyBlacklistUpdateResult !== false) {
+      $statifyBlacklistPostWarning = 'Some URLs are invalid and have been sanitized. Settings have not been saved yet.';
+    } else {
+      $statifyBlacklistPostSuccess = 'Settings updated successfully.';
+    }
   }
 }
 
@@ -19,7 +42,23 @@ if ( !empty($_POST['statifyblacklist']) ) {
 
 <div class="wrap">
     <h1><?php _e( 'Statify Blacklist', 'statify-blacklist') ?></h1>
-    <?php if (is_plugin_inactive('statify/statify.php')) { print '<div class="notice notice-warning"><p>'; esc_html_e('Statify plugin is not active.', 'statify-blacklist'); print '</p></div>'; } ?>
+    <?php
+    if (is_plugin_inactive('statify/statify.php')) {
+      print '<div class="notice notice-warning"><p>';
+      esc_html_e('Statify plugin is not active.', 'statify-blacklist');
+      print '</p></div>';
+    }
+    if (isset($statifyBlacklistPostWarning)) {
+      print '<div class="notice notice-warning"><p>';
+      esc_html_e($statifyBlacklistPostWarning);
+      print '</p></div>';
+    }
+    if (isset($statifyBlacklistPostSuccess)) {
+      print '<div class="notice notice-success"><p>';
+      esc_html_e($statifyBlacklistPostSuccess);
+      print '</p></div>';
+    }
+    ?>
     <form action="" method="post" id="statify-blacklist-settings">
         <ul style="list-style: none;">
             <li>
@@ -31,7 +70,12 @@ if ( !empty($_POST['statifyblacklist']) ) {
             <li>
                 <label for="statify-blacklist_referer">
                     <?php  esc_html_e('Referer blacklist:', 'statify-blacklist'); ?><br />
-                    <textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php print implode("\r\n", StatifyBlacklist::$_options['referer']); ?></textarea><br />
+                    <textarea cols="40" rows="5" name="statifyblacklist[referer]" id="statify-blacklist_referer"><?php
+                      if (isset($statifyBlacklistUpdateResult) &&$statifyBlacklistUpdateResult !== false)
+                        print esc_html(implode("\r\n", $statifyBlacklistUpdateResult));
+                      else
+                        print esc_html(implode("\r\n", StatifyBlacklist::$_options['referer']));
+                    ?></textarea><br />
                     <small>(<?php esc_html_e('Add one domain (without subdomains) each line, e.g. example.com', 'statify-blacklist'); ?>)</small>
                 </label>
             </li>
@@ -44,7 +88,7 @@ if ( !empty($_POST['statifyblacklist']) ) {
           <input class="button-secondary" type="submit" name="cleanUp" value="<?php esc_html_e('CleanUp Database', 'statify-blacklist') ?>"
                  onclick="return confirm('Do you really want to apply filters to database? This cannot be undone.');">
           <br>
-          <small>(<?php esc_html_e('Applies filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist'); ?>)</small>
+          <small><?php esc_html_e('Applies filter (even if disabled) to data stored in database. This cannot be undone!', 'statify-blacklist'); ?></small>
         </p>
     </form>
 </div>