Security Optimizer – The All-In-One Protection Plugin

Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.

v1.6.4SiteGroundUpdated Added 1m+ installs90% rating100% support resolved
35
Score
40
Errors
84
Warnings
+0
Change

Category Scores

Security0
Repo97
Performance100
Maintainability51

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

124 findings

Security

66

5 issue groups

Maintainability

53

17 issue groups

I18n

2

2 issue groups

Repo Compliance

1

1 issue group

WARNINGSecurityRequest data is not unslashed$_COOKIE[$sg_2fa_user_cookie] not unslashed before sanitization. Use wp_unslash() or similar22
Category
Security
Occurrences
22
Severity
warning

Sample message

$_COOKIE[$sg_2fa_user_cookie] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$sg_2fa_user_cookie]21
Category
Security
Occurrences
21
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE[$sg_2fa_user_cookie]

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;20
Category
Maintainability
Occurrences
20
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.10
Category
Security
Occurrences
10
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.

WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Detected usage of meta_query, possible slow query.

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.7
Category
Security
Occurrences
7
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.6
Category
Security
Occurrences
6
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Use of a direct database call is discouraged.

Show 15 more
WARNINGMaintainabilityNo Caching2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

ERRORMaintainabilityNon Enqueued Stylesheet2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

WARNINGMaintainabilityerror log debug backtrace1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

debug_backtrace() found. Debug code should not normally be used in production.

WARNINGMaintainabilityprevent path disclosure error reporting1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

error_reporting() can lead to full path disclosure.

ERRORMaintainabilityfile system operations fputs1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fputs().

ERRORMaintainabilityfile system operations fwrite1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

ERRORMaintainabilityfile system operations is writable1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

ERRORMaintainabilityrand rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

ERRORI18nMissing Arg Domain1
Category
I18n
Occurrences
1
Severity
error

Sample message

Missing $domain parameter in function call to __().

ERRORI18nNon Singular String Literal Text1
Category
I18n
Occurrences
1
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $entry['visitor_type']

WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Security Optimizer - The All-In-One Protection Plugin" is different from the name declared in plugin header "Security Optimizer".

WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

WARNINGRepo Complianceplugin header nonexistent domain path1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"

WARNINGMaintainabilitytrademarked term1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Security Optimizer - The All-In-One Protection Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.

External Connections

Potential connections found in static code analysis.

20 domains

Outbound calls

48

External assets

3

Incoming endpoints

3

Notable Domains

siteground.com7 · outbound
php-fig.org4 · outbound
de.siteground.com3 · outbound
getcomposer.org3 · outbound
it.siteground.com3 · outbound
siteground.es3 · outbound

Platform / Reference Domains

github.com9 · platform/reference
w3.org5 · platform/reference
api.wordpress.org1 · platform/reference
codex.wordpress.org1 · platform/reference
downloads.wordpress.org1 · platform/reference
opensource.org1 · platform/reference

External Asset Domains

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints3
wp_ajax_dismiss_sg_security_noticeauthenticated

wp_ajax

wp_ajax_dismiss_sgs_2fa_noticeauthenticated

wp_ajax

wp_ajax_sgs_clear_logsauthenticated

wp_ajax

Score History

3 score snapshots

+0
1007550250Jun 19, 2026, 09:40 PM UTC Score 35/100 Plugin v1.6.2 Plugin Check 2.0.0 40 errors, 82 warningsJun 22, 2026, 12:29 PM UTC Score 35/100 Plugin v1.6.3 Plugin Check 2.0.0 40 errors, 82 warningsJul 1, 2026, 12:35 PM UTC Score 35/100 Plugin v1.6.4 Plugin Check 2.0.0 40 errors, 84 warningsJun 19, 2026Jul 1, 2026

v1.6.4

35

Latest

Findings
124
Errors
40
Warnings
84
Check
2.0.0

v1.6.3

35

Score

Findings
122
Errors
40
Warnings
82
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Dam Spam

1k+ active installs

100
Firebase Authentication

500 active installs

100
Logged-in-only

700 active installs

100
Login Security Captcha

10k+ active installs

100
Protect Login

600 active installs

100
Remove XML-RPC Methods

1k+ active installs

100