The fastest feature-complete SEO plugin for professional WordPress websites. Secure, fast, unbranded, and automated SEO. Do less; get better results.
Category Scores
Top Issues by Category
maintainability863
security61
i18n46
repo_compliance1
Issues Details
972 issues found in latest scan
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ays_reset".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Short PHP opening tag used with echo; expected "<?php echo $bstyle ..." but found "<?= $bstyle ..."
Mismatched text domain. Expected 'autodescription' but got 'default'.
Detected usage of a non-sanitized input variable: $_GET['lang']
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "bbp_raw_title".
$_GET['lang'] not unslashed before sanitization. Use wp_unslash() or similar
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
Detected usage of a possibly undefined superglobal array index: $_POST['autodescription']. Check that the array index exists before using it.
Unescaped parameter $indexes used in $wpdb->get_var()\n$indexes assigned unsafely at line 514.
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
The use of function set_time_limit() is discouraged
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "tsf".
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Detected usage of tax_query, possible slow query.
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "{$hook_name}_settings_page_boxes".
Setting `suppress_filters` to `true` is prohibited.
Plugin name "The SEO Framework – Fast, Automated, Effortless." is different from the name declared in plugin header "The SEO Framework".
Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ays_reset". | 445 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 200 |
| Generic.PHP.DisallowShortOpenTag.EchoFound | ERROR | Short PHP opening tag used with echo; expected "<?php echo $bstyle ..." but found "<?= $bstyle ..." | 133 |
| WordPress.WP.I18n.TextDomainMismatch | WARNING | Mismatched text domain. Expected 'autodescription' but got 'default'. | 45 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_GET['lang'] | 28 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "bbp_raw_title". | 25 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['lang'] not unslashed before sanitization. Use wp_unslash() or similar | 24 |
| Generic.PHP.DiscourageGoto.Found | ERROR | The "goto" language construct should not be used. | 13 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 11 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 11 |
| WordPress.WP.AlternativeFunctions.parse_url_parse_url | ERROR | parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead. | 9 |
| PluginCheck.CodeAnalysis.Heredoc.NotAllowed | ERROR | Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead | 6 |
| WordPress.Security.ValidatedSanitizedInput.InputNotValidated | WARNING | Detected usage of a possibly undefined superglobal array index: $_POST['autodescription']. Check that the array index exists before using it. | 6 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $indexes used in $wpdb->get_var()\n$indexes assigned unsafely at line 514. | 3 |
| Internal.NoCodeFound | WARNING | No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them. | 2 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "tsf". | 2 |
| PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound | WARNING | load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed. | 1 |
| WordPress.DB.SlowDBQuery.slow_db_query_tax_query | WARNING | Detected usage of tax_query, possible slow query. | 1 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "{$hook_name}_settings_page_boxes". | 1 |
| WordPressVIPMinimum.Performance.WPQueryParams.SuppressFilters_suppress_filters | ERROR | Setting `suppress_filters` to `true` is prohibited. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "The SEO Framework – Fast, Automated, Effortless." is different from the name declared in plugin header "The SEO Framework". | 1 |
| outdated_tested_upto_header | ERROR | Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress. | 1 |
| upgrade_notice_limit | WARNING | The upgrade notice for "5.0.0" exceeds the limit of 300 characters. | 1 |
Latest Snapshot
Findings
972
Errors
363
Warnings
609
Score History
First score snapshot
First scan completed Jun 19, 2026
v5.1.4 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v5.1.4
31
Latest
- Findings
- 972
- Errors
- 363
- Warnings
- 609
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 31 | 972 | 363 | 609 | v5.1.4 | 2.0.0 | 2026.06-mvp-static-v2 |
