Automatically insert Project Honeypot links into your pages and block IP addresses that are listed on various block lists you can choose from.
| Code | Message | Location | Category | |
|---|---|---|---|---|
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $deleteActivityQuery used in $wpdb->query($wpdb->prepare($deleteActivityQuery, $remoteAddress))\n$deleteActivityQuery assigned unsafely at line 1071:\n $deleteActivityQuery = "DELETE FROM ".$wpdb->base_prefix."ht_activity WHERE ip_address=%s"\n$deleteActivityQuery assigned unsafely at line 1055:\n $deleteActivityQuery = "DELETE FROM ".$wpdb->base_prefix."ht_activity WHERE ip_address=%s"\n$remoteAddress used without escaping. | 1072:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $deleteActivityQuery | 1072:40 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $showColumnSql | 627:43 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $updateColumnSql used in $wpdb->query($updateColumnSql)\n$updateColumnSql assigned unsafely at line 641:\n $updateColumnSql = "ALTER TABLE ".$wpdb->base_prefix."ht_ip_list MODIFY " . $column . " " . $value[1] . " " . $value[2] . " " . $value[3] . ";"\n$column assigned unsafely at line 639:\n $column=> | 642:34 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $honeypotRecordQuery used in $wpdb->get_results($honeypotRecordQuery)\n$honeypotRecordQuery assigned unsafely at line 394:\n $honeypotRecordQuery = "SELECT ip_id, ip_address_start FROM ".$wpdb->base_prefix."ht_ip_list WHERE offense_level = 11 ORDER BY insert_time"\n$allHoneypotRecords assigned unsafely at line 395:\n $allHoneypotRecords = $wpdb->get_results($honeypotRecordQuery, ARRAY_A) | 395:34 | Security |
| ERROR | PluginCheck.Security.DirectDB.UnescapedDBParameter | Unescaped parameter $deleteActivityQuery used in $wpdb->query($wpdb->prepare($deleteActivityQuery, $remoteAddress))\n$deleteActivityQuery assigned unsafely at line 1097:\n $deleteActivityQuery = "DELETE FROM ".$wpdb->base_prefix."ht_activity WHERE ip_address=%s"\n$deleteActivityQuery assigned unsafely at line 1071:\n $deleteActivityQuery = "DELETE FROM ".$wpdb->base_prefix."ht_activity WHERE ip_address=%s"\n$deleteActivityQuery assigned unsafely at line 1055:\n $deleteActivityQuery = "DELETE FROM ".$wpdb->base_prefix."ht_activity WHERE ip_address=%s"\n$remoteAddress used without escaping. | 1098:19 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $deleteActivityQuery | 1098:40 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. | 41:44 | Security |
| ERROR | WordPress.DB.PreparedSQL.NotPrepared | Use placeholders and $wpdb->prepare(); found $updateColumnSql | 642:40 | Security |
| ERROR | WordPress.Security.EscapeOutput.OutputNotEscaped | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$this'. | 61:36 | Security |
| 16.11.2025, 10:31:36 | 15s | 5 | 131 | 765 |