Squiz.PHP.DiscouragedFunctions.Discouraged
Discouraged PHP function
The plugin uses a PHP or WordPress pattern that coding standards discourage.
Why It Shows Up
Plugin Check found a discouraged function, forbidden function, goto, backtick operator, or similar construct.
Why It Matters
Discouraged patterns are often harder to review, less portable across hosts, or easier to misuse securely.
How to Fix
- Identify why the construct is used and whether WordPress provides a safer API.
- Replace shell execution, dynamic execution, or broad forbidden functions with constrained WordPress APIs.
- If a third-party library triggers the warning, isolate and document it.
References
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #1 | BulletProof Security | 0 | 5,048 | 4,949 | 20k+ | Output is not escaped | ||
| #2 | Intercom | 0 | 60 | 71 | 6k+ | Non-prefixed function | ||
| #3 | Themify Builder | 9 | 5,195 | 2,096 | 5k+ | Text Domain Mismatch | ||
| #4 | JetBackup – Backup, Restore & Migrate | 10 | 1,559 | 145 | 100k+ | Exception output is not escaped | ||
| #5 | Easy WP SMTP – WordPress SMTP and Email Logs: Gmail, Office 365, Outlook, Custom SMTP, and more | 15 | 32 | 163 | 500k+ | Direct Query | ||
| #6 | wpForo Forum | 17 | 4,033 | 2,922 | 20k+ | Unsafe printing function | ||
| #7 | Prime Slider Addons for Elementor | 18 | 3,500 | 230 | 100k+ | Text Domain Mismatch | ||
| #8 | JetFormBuilder — Dynamic Blocks Form Builder | 18 | 2,093 | 1,589 | 90k+ | Text Domain Mismatch | ||
| #9 | Podlove Podcast Publisher | 18 | 2,326 | 1,429 | 3k+ | Output is not escaped | ||
| #10 | RestroPress – Online Food Ordering System | 18 | 521 | 3,083 | 1k+ | Non-prefixed global variable | ||
| #11 | Shopping Cart & eCommerce Store | 18 | 5,459 | 17,298 | 4k+ | Non-prefixed global variable | ||
| #12 | WP Import Export Lite | 18 | 738 | 979 | 40k+ | Non-prefixed global variable | ||
| #13 | WP Directory Kit | 18 | 2,119 | 2,617 | 2k+ | Non-prefixed global variable | ||
| #14 | Element Pack – Widgets, Templates & Addons for Elementor | 19 | 9,448 | 517 | 100k+ | Text Domain Mismatch | ||
| #15 | Download Monitor | 19 | 425 | 1,364 | 80k+ | Non-prefixed hook name | ||
| #16 | Advanced File Manager – Ultimate File Manager for WordPress And Document Library Solution | 19 | 1,218 | 901 | 100k+ | Exception output is not escaped | ||
| #17 | Go Fetch Jobs (for WP Job Manager) | 19 | 1,410 | 1,741 | 700 | Non-prefixed global variable | ||
| #18 | Matomo Analytics – Powerful, Privacy-First Insights for WordPress | 19 | 1,909 | 878 | 100k+ | Exception output is not escaped | ||
| #19 | Search Atlas SEO – Premier SEO Plugin for One-Click WP Publishing & Integrated AI Optimization | 19 | 1,293 | 2,679 | 9k+ | Output is not escaped | ||
| #20 | Netgsm | 19 | 338 | 298 | 1k+ | Setting is missing a sanitization callback | ||
| #21 | Verified Reviews (Avis Vérifiés) | 19 | 671 | 1,136 | 800 | Non-prefixed global variable | ||
| #22 | Realtyna Organic IDX plugin + WPL Real Estate | 19 | 947 | 3,653 | 2k+ | Non-prefixed global variable | ||
| #23 | Really Simple Security – Simple and Performant Security (formerly Really Simple SSL) | 19 | 541 | 385 | 3m+ | Missing Translators Comment | ||
| #24 | Membership Plugin – Kadence Memberships | 19 | 5,082 | 2,982 | 9k+ | Text Domain Mismatch | ||
| #25 | SendPress Newsletters | 19 | 2,293 | 1,422 | 2k+ | Output is not escaped | ||
| #26 | WP Email Template | 19 | 342 | 350 | 2k+ | Exception output is not escaped | ||
| #27 | WPOSS阿里云对象存储 | 19 | 269 | 315 | 1k+ | Non-prefixed namespace | ||
| #28 | Brizy – Page Builder | 20 | 589 | 720 | 70k+ | Output is not escaped | ||
| #29 | GiveWP – Donation Plugin and Fundraising Platform | 20 | 3,437 | 3,577 | 100k+ | Output is not escaped | ||
| #30 | GoUrl Bitcoin Payment Gateway & Paid Downloads & Membership | 20 | 1,832 | 720 | 800 | Non Singular String Literal Domain | ||
| #31 | Leaky Paywall | 20 | 320 | 776 | 700 | Nonce verification recommended | ||
| #32 | Link Library | 20 | 1,941 | 1,397 | 10k+ | Unsafe printing function | ||
| #33 | MAS Videos | 20 | 519 | 1,693 | 1k+ | Non-prefixed global variable | ||
| #34 | Microthemer Lite – Visual Editor to Customize CSS | 20 | 1,004 | 1,699 | 10k+ | Non-prefixed global variable | ||
| #35 | Quill Forms | Conversational Multi Step Forms, Surveys & quizzes | 20 | 401 | 368 | 3k+ | Text Domain Mismatch | ||
| #36 | SpeakOut! Email Petitions | 20 | 850 | 994 | 3k+ | Missing nonce verification | ||
| #37 | Events Manager – OpenStreetMaps | 20 | 559 | 444 | 700 | Output is not escaped | ||
| #38 | Razorpay for WooCommerce | 20 | 974 | 855 | 100k+ | Non-prefixed function | ||
| #39 | WP Minify Fix | 20 | 306 | 380 | 800 | Output is not escaped | ||
| #40 | WPJAM Basic | 20 | 328 | 356 | 4k+ | Output is not escaped | ||
| #41 | Store Locator WordPress | 21 | 2,372 | 1,572 | 10k+ | Text Domain Mismatch | ||
| #42 | Backup Migration | 21 | 981 | 1,093 | 80k+ | Non-prefixed global variable | ||
| #43 | bbPress | 21 | 929 | 3,672 | 100k+ | Non-prefixed function | ||
| #44 | Pinpoint Booking System – Version 2 | 21 | 634 | 328 | 3k+ | Missing direct file access protection | ||
| #45 | rtMedia for WordPress, BuddyPress and bbPress | 21 | 363 | 633 | 8k+ | Non-prefixed constant | ||
| #46 | Captcha Them All | 21 | 300 | 323 | 6k+ | Output is not escaped | ||
| #47 | CartFlows – Funnel Builder & Checkout Plugin for WooCommerce | 21 | 461 | 614 | 200k+ | Text Domain Mismatch | ||
| #48 | Smart Grid-Layout Design for Contact Form 7 | 21 | 1,126 | 734 | 10k+ | Output is not escaped | ||
| #49 | Comet Cache | 21 | 857 | 245 | 20k+ | Output is not escaped | ||
| #50 | Duplicator – Backups & Migration Plugin – Cloud Backups, Scheduled Backups, & More | 21 | 2,572 | 1,277 | 1m+ | Output is not escaped |
