Two Factor Authentication

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<p>$message</p></div>"'.

Sanitization missing for register_setting().

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$settings_url'.

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "secure_auth_cookie".

Use placeholders and $wpdb->prepare(); found $query

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "secure_logged_in_cookie".

A function call to _n() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '__'.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.