WP STAGING – WordPress Backup, Restore & Migration

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$activeClass".

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" to negative offset: $offset"'.

Processing form data without nonce verification.

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

$_GET[$numericValue] not unslashed before sanitization. Use wp_unslash() or similar

Detected usage of a non-sanitized input variable: $_ENV['SSH_AUTH_SOCK']

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$argv[1]'.

Processing form data without nonce verification.

Multiple placeholders in translatable strings should be ordered. Expected "%1$d, %2$d", but got "%d, %d" in 'PHP failed to process this task. We will lower the memory usage and try again... (%d/%d)'.

unlink() is discouraged. Use wp_delete_file() to delete a file.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$actionCallback".

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

Use of a direct database call is discouraged.

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

Use placeholders and $wpdb->prepare(); found interpolated variable $idsToDelete at "DELETE FROM $wpdb->options WHERE `option_id` IN ($idsToDelete)"

The $text parameter must be a single text string literal. Found: "This clone is incomplete and does not work. Clone or update it again! \n\n" .\n "Important: Keep the browser open until the cloning is finished. \n" .\n "It will not proceed if your browser is not open.\n\n" .\n "If you have an unstable internet connection and cloning breaks due to that, clone again only the folders wp-admin, wp-includes, and all database tables.\n\n" .\n "That will not take much time. Then, you can proceed with the wp-content folder that usually needs the most disk space. " .\n "If it interrupts again, at least it will not break the existing staging site again, and you can repeat and resume the last operation."

Unescaped parameter $optionTable used in $wpdb->get_var()\n$optionTable assigned unsafely at line 208.

error_log() found. Debug code should not normally be used in production.

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

print_r() found. Debug code should not normally be used in production.