WordPress.DB.RestrictedFunctions.mysql_mysql_close
mysql mysql close
The plugin uses a raw MySQL extension or class instead of WordPress database APIs.
Why It Shows Up
The scan found `mysql_*`, `mysqli_*`, PDO MySQL, or related database functions in plugin code.
Why It Matters
Bypassing `$wpdb` can ignore WordPress database configuration, escaping conventions, character sets, and compatibility layers.
How to Fix
- Replace raw MySQL calls with `$wpdb` methods or higher-level WordPress APIs.
- Use `$wpdb->prepare()` for dynamic values.
- If a third-party library requires a database connection, isolate it and document why WordPress APIs cannot be used.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Updated | Top Issue |
|---|---|---|---|---|---|---|---|
| #1 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | Exception Not Escaped | |
| #2 | InfiniteWP Client | 22 | 2,286 | 1,812 | 200k+ | Exception Not Escaped | |
| #3 | WP Umbrella: Update Backup Restore & Monitoring | 22 | 915 | 905 | 70k+ | Exception Not Escaped | |
| #4 | WP-WebAuthn | 22 | 957 | 396 | 2k+ | Exception Not Escaped | |
| #5 | Softaculous | 23 | 116 | 49 | 10k+ | file system operations fread | |
| #6 | Clone | 23 | 244 | 262 | 40k+ | Output Not Escaped | |
| #7 | Backuply – Backup, Restore, Migrate and Clone | 24 | 704 | 551 | 700k+ | Non Prefixed Variable Found | |
| #8 | InstaWP Connect – 1-click WP Staging & Migration | 24 | 253 | 811 | 40k+ | Non Prefixed Variable Found | |
| #9 | Login Security Solution | 27 | 216 | 154 | 4k+ | Output Not Escaped |
