Insights from Google PageSpeed

Mismatched text domain. Expected 'google-pagespeed-insights' but got 'acf-font-awesome'.

Processing form data without nonce verification.

Use placeholders and $wpdb->prepare(); found interpolated variable $compare_time at \t\t\tWHERE timestamp < $compare_time\n

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar

Unescaped parameter $gpi_api_error_logs used in $wpdb->get_results()\n$gpi_api_error_logs assigned unsafely at line 774.

Detected usage of a non-sanitized input variable: $_GET['_wpnonce']

Detected usage of a possibly undefined superglobal array index: $_GET['page_id']. Check that the array index exists before using it.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Attempting a database schema change is discouraged.

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Unescaped parameter $db_columns used in $wpdb->get_results()\n$db_columns assigned unsafely at line 534.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.

rand() is discouraged. Use the far less predictable wp_rand() instead.

Found call to wp_register_script() with external resource. Offloading scripts to your servers or any remote service is disallowed.

The use of function set_time_limit() is discouraged

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

Resource version not set in call to wp_register_script(). This means new versions of the script may not always be loaded due to browser caching.

Missing $domain parameter in function call to esc_html_e().

A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

The $text parameter must be a single text string literal. Found: 'There may not be any results for the "' . esc_html( $current_filter ) . '" filter. Try another filter.'

Tested up to: 6.5 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.