SureRank – SEO Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema
Category Scores
Top Issues by Category
maintainability105
i18n38
security5
performance2
Issues Details
152 issues found in latest scan
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins".
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$key . '_tracking_enabled'".
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_Admin_Notices".
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cron_hooks".
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Mismatched text domain. Expected 'surerank' but got 'astra-notices'.
Function "wp_get_abilities()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 6.7.0.
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_ANALYTICS_URI".
Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 553.
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
The use of function set_time_limit() is discouraged
$_GET['access_token'] not unslashed before sanitization. Use wp_unslash() or similar
rename() is discouraged. Use WP_Filesystem::move() to rename a file.
Stylesheets must be registered/enqueued via wp_enqueue_style()
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information.
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "wp_timezone_string".
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
unlink() is discouraged. Use wp_delete_file() to delete a file.
Plugin name "SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema" is different from the name declared in plugin header "SureRank SEO".
Mismatched Requires at least: 6.8 != 6.7. "Requires at least" needs to be exactly the same with that in your main plugin file's header.
Mismatched Requires PHP: 8.0 != 7.4. "Requires PHP" needs to be exactly the same with that in your main plugin file's header.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "active_plugins". | 36 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 31 |
| WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$key . '_tracking_enabled'". | 23 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound | WARNING | Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_Admin_Notices". | 8 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound | WARNING | Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cron_hooks". | 6 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 6 |
| WordPress.WP.I18n.TextDomainMismatch | ERROR | Mismatched text domain. Expected 'surerank' but got 'astra-notices'. | 5 |
| wp_function_not_compatible_with_requires_wp | ERROR | Function "wp_get_abilities()" requires WordPress 6.9.0, but your plugin minimum supported version is WordPress 6.7.0. | 5 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound | WARNING | Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "BSF_ANALYTICS_URI". | 4 |
| PluginCheck.Security.DirectDB.UnescapedDBParameter | WARNING | Unescaped parameter $sql used in $wpdb->get_results()\n$sql assigned unsafely at line 553. | 3 |
| WordPress.DB.DirectDatabaseQuery.DirectQuery | WARNING | Use of a direct database call is discouraged. | 3 |
| WordPress.DB.DirectDatabaseQuery.NoCaching | WARNING | Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete(). | 3 |
| Squiz.PHP.DiscouragedFunctions.Discouraged | WARNING | The use of function set_time_limit() is discouraged | 2 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['access_token'] not unslashed before sanitization. Use wp_unslash() or similar | 2 |
| WordPress.WP.AlternativeFunctions.rename_rename | ERROR | rename() is discouraged. Use WP_Filesystem::move() to rename a file. | 2 |
| WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet | ERROR | Stylesheets must be registered/enqueued via wp_enqueue_style() | 2 |
| WordPress.WP.I18n.MissingTranslatorsComment | ERROR | A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders. | 2 |
| WordPressVIPMinimum.Performance.WPQueryParams.PostNotIn_post__not_in | WARNING | Using exclusionary parameters, like post__not_in, in calls to get_posts() should be done with caution, see https://wpvip.com/documentation/performance-improvements-by-removing-usage-of-post__not_in/ for more information. | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "wp_timezone_string". | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_rmdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir(). | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| five_star_reviews_detected | ERROR | Linking directly to 5 stars reviews is not allowed. | 1 |
| mismatched_plugin_name | WARNING | Plugin name "SureRank SEO – Smart Assistant with Meta Tags, Social Preview, XML Sitemap, and Schema" is different from the name declared in plugin header "SureRank SEO". | 1 |
| readme_mismatched_header_requires | ERROR | Mismatched Requires at least: 6.8 != 6.7. "Requires at least" needs to be exactly the same with that in your main plugin file's header. | 1 |
| readme_mismatched_header_requires_php | ERROR | Mismatched Requires PHP: 8.0 != 7.4. "Requires PHP" needs to be exactly the same with that in your main plugin file's header. | 1 |
Latest Snapshot
Findings
152
Errors
58
Warnings
94
Score History
First score snapshot
First scan completed Jun 19, 2026
v1.9.0 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 19, 2026
v1.9.0
77
Latest
- Findings
- 152
- Errors
- 58
- Warnings
- 94
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 19, 2026Latest | 77 | 152 | 58 | 94 | v1.9.0 | 2.0.0 | 2026.06-mvp-static-v2 |
