Adds WordPress login and admin protections, including CAPTCHA, login lock, login alerts, renamed login URLs, and SiteGuard WAF tuning support.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
503
9 issue groups
Maintainability
153
13 issue groups
I18n
26
3 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.221
- Category
- Security
- Occurrences
- 221
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$action'.
WARNINGSecurityRequest data is not unslashed$_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar111
- Category
- Security
- Occurrences
- 111
- Severity
- warning
Sample message
$_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST[self::OPT_NAME_BODY]. Check that the array index exists before using it.58
- Category
- Security
- Occurrences
- 58
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_POST[self::OPT_NAME_BODY]. Check that the array index exists before using it.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['rule']57
- Category
- Security
- Occurrences
- 57
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['rule']
ERRORMaintainabilityfile system operations fwriteFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.24
- Category
- Maintainability
- Occurrences
- 24
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.23
- Category
- Security
- Occurrences
- 23
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().21
- Category
- Maintainability
- Occurrences
- 21
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.19
- Category
- Maintainability
- Occurrences
- 19
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Processing form data without nonce verification.
Show 15 moreShow less
ERRORI18nMissing Translators Comment14
- Category
- I18n
- Occurrences
- 14
- Severity
- error
Sample message
A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGSecurityInterpolated SQL is not prepared11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $table at "SELECT 1 FROM $table WHERE ip_address = %s AND status = %d AND last_login_time >= (SYSDATE() - INTERVAL 1 DAY) LIMIT 1"
ERRORMaintainabilityfile system operations chmod10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
ERRORMaintainabilityfile system operations fclose10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORI18nMissing Arg Domain10
- Category
- I18n
- Occurrences
- 10
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilityfile system operations is writable8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORMaintainabilityparse url parse url8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityMissing direct file access protection8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORMaintainabilityfile system operations fopen7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityNon-prefixed hook name5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "https_local_ssl_verify".
ERRORMaintainabilityfile system operations rmdir4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
WARNINGMaintainabilityABSPATHDetected3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
ERRORSecuritySQL query is not prepared3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $prepare
WARNINGI18nDiscouraged text-domain loading2
- Category
- I18n
- Occurrences
- 2
- Severity
- warning
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
WARNINGSecurityDatabase parameter is not escaped2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Unescaped parameter $table_name used in $wpdb->query()\n$table_name assigned unsafely at line 31.
External Connections
Potential connections found in static code analysis.
Outbound calls
18
External assets
1
Incoming endpoints
0
Notable Domains
Platform / Reference Domains
External Asset Domains
No external asset domains detected.
Incoming Endpoints
No public endpoints detected.
Score History
7 score snapshots
v1.8.5
24
Latest
- Findings
- 707
- Errors
- 361
- Warnings
- 346
- Check
- 2.0.0
v1.8.4
24
Score
- Findings
- 705
- Errors
- 361
- Warnings
- 344
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 707 | 361 | 346 | v1.8.5 | 2.0.0 |
| 24 | 705 | 361 | 344 | v1.8.4 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Domain
Related
Author
Issue
Domain
Related
Related Plugins
10k+ active installs
500 active installs
10k+ active installs
3k+ active installs
60k+ active installs
300k+ active installs