Wordfence Security – Firewall, Malware Scan, and Login Security

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$lsModuleURL".

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

Use placeholders and $wpdb->prepare(); found $attackDataCountQuery

Using cURL functions is highly discouraged. Use wp_remote_get() instead.

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

Unescaped parameter $query used in $wpdb->get_results($query)\n$query assigned unsafely at line 8757:\n $query=$wpdb->prepare("SELECT * FROM {$table_wfHits}\n\t\t\t\t\t\tWHERE action in ('blocked:waf', 'learned:waf', 'logged:waf', 'blocked:waf-always')\n\t\t\t\t\t\tAND id > %d\n\t\t\t\t\t\tORDER BY id LIMIT %d", $lastSendId, $limit)\n$table_wfHits assigned unsafely at line 8598:\n $table_wfHits = wfDB::networkTable('wfHits')

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

Use placeholders and $wpdb->prepare(); found $query

Unescaped parameter $count_query used in $wpdb->get_var($count_query)\n$count_query assigned unsafely at line 8762:\n $count_query = str_replace(\n\t\t\t\t\t\t\tarray(\n\t\t\t\t\t\t\t\t"SELECT * FROM",\n\t\t\t\t\t\t\t\t"ORDER BY id LIMIT " . $limit,\n\t\t\t\t\t\t\t),\n\t\t\t\t\t\t\tarray( "SELECT COUNT(*) FROM", "" ), $query\n\t\t\t\t\t\t)\n$query assigned unsafely at line 8757:\n $query=$wpdb->prepare("SELECT * FROM {$table_wfHits}\n\t\t\t\t\t\tWHERE action in ('blocked:waf', 'learned:waf', 'logged:waf', 'blocked:waf-always')\n\t\t\t\t\t\tAND id > %d\n\t\t\t\t\t\tORDER BY id LIMIT %d", $lastSendId, $limit)\n$table_wfHits assigned unsafely at line 8598:\n $table_wfHits = wfDB::networkTable('wfHits')