PluginScore

CloudSecure WP Security

管理画面とログインURLをサイバー攻撃から守る、国産・日本語対応のセキュリティ対策プラグインです。 かんたんな設定を行うだけで、不正アクセスや不正ログインからあなたのWordPressを保護します。

v1.4.10XServerUpdated Added 100k+ installs100% rating
Brute ForceWAFanti-spamlogin locksecurity
29
Score
74
Errors
350
Warnings
+0
Change

Category Scores

Security0
Repo75
Performance100
Maintainability39

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

424 findings

Security

234

11 issue groups

Maintainability

178

12 issue groups

I18n

2

1 issue group

Supply Chain

2

1 issue group

WARNINGSecurityRequest data is not unslashed$_GET['cloudsecurewp_2fa_error'] not unslashed before sanitization. Use wp_unslash() or similar103
Category
Security
Occurrences
103
Severity
warning

Sample message

$_GET['cloudsecurewp_2fa_error'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().82
Category
Maintainability
Occurrences
82
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.49
Category
Maintainability
Occurrences
49
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_POST['redirect_to']32
Category
Security
Occurrences
32
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_POST['redirect_to']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $placeholders22
Category
Security
Occurrences
22
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $placeholders

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.21
Category
Security
Occurrences
21
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().17
Category
Maintainability
Occurrences
17
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.13
Category
Security
Occurrences
13
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $delete_placeholders at "DELETE FROM {$wpdb->usermeta} WHERE umeta_id IN ($delete_placeholders)"12
Category
Security
Occurrences
12
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $delete_placeholders at "DELETE FROM {$wpdb->usermeta} WHERE umeta_id IN ($delete_placeholders)"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
ERRORSecurityDatabase parameter is not escapedUnescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 103.10
Category
Security
Occurrences
10
Severity
error

Sample message

Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 103.

PluginCheck.Security.DirectDB.UnescapedDBParameter
Show 15 more
WARNINGSecurityUnfinished Prepare7
Category
Security
Occurrences
7
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
WARNINGMaintainabilityNon-prefixed hook name7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "login_errors".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilitySchema Change6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
WARNINGSecurityInput is not validated6
Category
Security
Occurrences
6
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['method']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGSecurityDatabase parameter is not escaped5
Category
Security
Occurrences
5
Severity
warning

Sample message

Unescaped parameter $case_sql used in $wpdb->query()\n$case_sql assigned unsafely at line 2199.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecuritywp redirect wp redirect3
Category
Security
Occurrences
3
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
ERRORMaintainabilityfile system operations chmod3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
ERRORMaintainabilityunlink unlink3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "CloudSecure WP Security" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
ERRORMaintainabilityfile system operations fclose2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
ERRORMaintainabilityfile system operations fopen2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORMaintainabilityfile system operations is writable2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to esc_attr_e().

WordPress.WP.I18n.MissingArgDomainReference
ERRORSupply ChainHidden files included2
Category
Supply Chain
Occurrences
2
Severity
error

Sample message

Hidden files are not permitted.

hidden_files

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.4.10

29

Latest

Findings
424
Errors
74
Warnings
350
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

Dam Spam

1k+ active installs

100
Kitgenix CAPTCHA for Cloudflare Turnstile

500 active installs

100
Stop XML-RPC Attacks

6k+ active installs

100
BotBlocker Security – Firewall & Bot Protection

3k+ active installs

99
Email Address Obfuscation

2k+ active installs

99
User Login History

10k+ active installs

99