Anti-Malware Security and Brute-Force Firewall

This Anti-Malware scanner searches for Malware, Viruses, and other security threats and vulnerabilities on your server and it helps you fix them.

v4.23.90EliUpdated Added 100k+ installs98% rating67% support resolved
23
Score
543
Errors
965
Warnings
+0
Change

Category Scores

Security0
Repo86
Performance100
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

1,508 findings

Security

1,185

9 issue groups

Maintainability

242

12 issue groups

I18n

57

4 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" ( $fa ) $lt/span$gt\n$lt/body$gt$lt/html$gt"'.409
Category
Security
Occurrences
409
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" ( $fa ) $lt/span$gt\n$lt/body$gt$lt/html$gt"'.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.278
Category
Security
Occurrences
278
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET["$pass_on"]195
Category
Security
Occurrences
195
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET["$pass_on"]

WARNINGSecurityRequest data is not unslashed$_GET["$pass_on"] not unslashed before sanitization. Use wp_unslash() or similar153
Category
Security
Occurrences
153
Severity
warning

Sample message

$_GET["$pass_on"] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.114
Category
Security
Occurrences
114
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$GLOBAL_STRING".68
Category
Maintainability
Occurrences
68
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$GLOBAL_STRING".

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.41
Category
Maintainability
Occurrences
41
Severity
warning

Sample message

Use of a direct database call is discouraged.

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.41
Category
I18n
Occurrences
41
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().37
Category
Maintainability
Occurrences
37
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityerror log print rprint_r() found. Debug code should not normally be used in production.26
Category
Maintainability
Occurrences
26
Severity
warning

Sample message

print_r() found. Debug code should not normally be used in production.

Show 15 more
WARNINGMaintainabilityNon-prefixed function22
Category
Maintainability
Occurrences
22
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "__".

ERRORMaintainabilitydate date17
Category
Maintainability
Occurrences
17
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

ERRORSecuritySQL query is not prepared14
Category
Security
Occurrences
14
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $GLOBALS

WARNINGSecurityInput is not validated13
Category
Security
Occurrences
13
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET["GOTMLS_includes"]. Check that the array index exists before using it.

ERRORI18nMissing Arg Domain8
Category
I18n
Occurrences
8
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORMaintainabilityfile system operations is writable7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

ERRORMaintainabilitycurl curl setopt6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

ERRORMaintainabilityfile system operations chmod6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

ERRORMaintainabilityMissing direct file access protection6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORSecurityDatabase parameter is not escaped5
Category
Security
Occurrences
5
Severity
error

Sample message

Unescaped parameter $SQL used in $wpdb->get_results()\n$SQL assigned unsafely at line 1516.

ERRORI18nUnordered Placeholders Text5
Category
I18n
Occurrences
5
Severity
error

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1\$s, %2\$d", but got "%s, %d" in "%s %d item from the quarantine trash.".

WARNINGMaintainabilityDiscouraged PHP function4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

The use of function set_time_limit() is discouraged

WARNINGSecurityInterpolated SQL is not prepared4
Category
Security
Occurrences
4
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $SQL at "$SQL AND post_id = %s"

ERRORI18nInterpolated Variable Text3
Category
I18n
Occurrences
3
Severity
error

Sample message

The $text parameter must not contain interpolated variables or expressions. Found: $chksum

ERRORMaintainabilityForbidden PHP function found2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

The use of function str_rot13() is forbidden

External Connections

Potential connections found in static code analysis.

13 domains

Outbound calls

19

External assets

3

Incoming endpoints

2

Notable Domains

gotmls.net6 · outbound
anti-malware.ninja1 · outbound
google.com1 · outbound

Platform / Reference Domains

wordpress.org4 · platform/reference
core.svn.wordpress.org1 · platform/reference
gnu.org1 · platform/reference
plugins.svn.wordpress.org1 · platform/reference
profiles.wordpress.org1 · platform/reference

External Asset Domains

Incoming Endpoints

wp_ajax_nopriv_GOTMLS_$ajax_functionpublic

wp_ajax

Admin AJAX endpoints1
wp_ajax_GOTMLS_$ajax_functionauthenticated

wp_ajax

Score History

3 score snapshots

+1
1007550250Jun 19, 2026, 11:28 PM UTC Score 22/100 Plugin v4.23.88 Plugin Check 2.0.0 544 errors, 965 warningsJun 26, 2026, 01:58 PM UTC Score 23/100 Plugin v4.23.89 Plugin Check 2.0.0 543 errors, 965 warningsJun 29, 2026, 06:21 PM UTC Score 23/100 Plugin v4.23.90 Plugin Check 2.0.0 543 errors, 965 warningsJun 19, 2026Jun 29, 2026

v4.23.90

23

Latest

Findings
1,508
Errors
543
Warnings
965
Check
2.0.0

v4.23.89

23

Score

Findings
1,508
Errors
543
Warnings
965
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

35 nodes

Related Plugins