WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.
Prioritized issue groups from the latest Plugin Check scan
Maintainability
538
18 issue groups
Security
184
6 issue groups
I18n
82
1 issue group
Sample message
Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_Defender".
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Circular dependency detected while trying to resolve entry '$entryName': Dependencies: "'.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wd_2fa_init_provider_' . $slug".
Sample message
Mismatched text domain. Expected 'defender-security' but got 'plugin-cross-sell-textdomain'.
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
var_export() found. Debug code should not normally be used in production.
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $column at \t\t\t\tSET `$column` = '$option_key',\n
Sample message
Unescaped parameter $placeholders used in $wpdb->query()\n$placeholders used without escaping.
Sample message
Use of a direct database call is discouraged.
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DONOTCACHEPAGE".
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "get_public_suffix".
Sample message
File and folder names must not contain spaces or special characters.
Sample message
Attempting a database schema change is discouraged.
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WPINC. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?"'.
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$filter_name".
Sample message
Unescaped parameter $column used in $wpdb->query()\n$column assigned unsafely at line 154.
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
Sample message
Detected usage of a non-sanitized input variable: $_ENV[$variableName]
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
Not analyzed yet.
First score snapshot
v5.11.0
24
Latest
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 824 | 306 | 518 | v5.11.0 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.