hidden_files
Hidden files included
The plugin package contains hidden files or directories that usually should not ship in a WordPress.org release.
Why It Shows Up
Plugin Check found dotfiles, hidden folders, or operating-system metadata in the plugin ZIP.
Why It Matters
Hidden files can leak development metadata, repository configuration, local tooling state, or unexpected content.
How to Fix
- Exclude dotfiles and local metadata from the release build.
- Build release ZIPs from a clean export or packaging script.
- Keep only files required for the plugin to run, document itself, or provide distributed assets.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #451 | Tidio – Live Chat & AI Chatbots | 34 | 52 | 19 | 80k+ | curl curl setopt | ||
| #452 | Useful Blocks | 34 | 214 | 22 | 20k+ | Output is not escaped | ||
| #453 | DPD SK for WooCommerce | 34 | 130 | 165 | 700 | Output is not escaped | ||
| #454 | PagHiper Boleto e PIX para WooCommerce | 34 | 29 | 138 | 1k+ | Missing nonce verification | ||
| #455 | Product Tabs for WooCommerce | 34 | 196 | 93 | 10k+ | Text Domain Mismatch | ||
| #456 | WP-SCSS | 34 | 269 | 13 | 40k+ | Exception output is not escaped | ||
| #457 | Algori 360 Image | 35 | 6 | 6 | 4k+ | Hidden files included | ||
| #458 | Algori 360 Video | 35 | 6 | 6 | 500 | Hidden files included | ||
| #459 | Abandoned Checkout Recovery & Order Notifications for WooCommerce | 35 | 108 | 77 | 800 | Text Domain Mismatch | ||
| #460 | ACF Color Swatches | 35 | 50 | 21 | 1k+ | Text Domain Mismatch | ||
| #461 | ACF Content Analysis for Yoast SEO | 35 | 9 | 17 | 100k+ | Non-prefixed constant | ||
| #462 | Advanced Custom Fields : CPT Options Pages | 35 | 37 | 11 | 2k+ | Output is not escaped | ||
| #463 | ACF: Focal Point | 35 | 61 | 6 | 400 | Text Domain Mismatch | ||
| #464 | Advanced Custom Fields: Image Aspect Ratio Crop Field | 35 | 70 | 37 | 20k+ | Text Domain Mismatch | ||
| #465 | ACF: Image Hotspots Field | 35 | 26 | 5 | 2k+ | Text Domain Mismatch | ||
| #466 | ACF OpenStreetMap Field | 35 | 40 | 46 | 9k+ | Non-prefixed global variable | ||
| #467 | Add to Calendar Button | 35 | 31 | 9 | 3k+ | Output is not escaped | ||
| #468 | Admin Color Schemer | 35 | 166 | 20 | 1k+ | Exception output is not escaped | ||
| #469 | Admin Slug Column | 35 | 2 | 0 | 5k+ | Hidden files included | ||
| #470 | AdPlugg WordPress Ad Plugin | 35 | 58 | 17 | 500 | Missing direct file access protection | ||
| #471 | CAPTCHA 4WP – Antispam CAPTCHA solution for WordPress | 35 | 20 | 10 | 100k+ | Missing Arg Domain | ||
| #472 | Advanced Scrollbar – Custom Scrollbar Styling and Behavior | 35 | 2 | 0 | 700 | Hidden files included | ||
| #473 | Affiliate Link Marker | 35 | 31 | 4 | 400 | Text Domain Mismatch | ||
| #474 | AfterSalesPro Plugin | 35 | 24 | 111 | 400 | Nonce verification recommended | ||
| #475 | Air WP Sync – Airtable to WordPress | 35 | 38 | 42 | 1k+ | Non-prefixed hook name | ||
| #476 | AJAX Heartbeat Tool | 35 | 6 | 1 | 400 | Hidden files included | ||
| #477 | Akismet Anti-spam: Spam Protection | 35 | 33 | 99 | 6m+ | Non-prefixed global variable | ||
| #478 | AMIMOTO Plugin Dashboard | 35 | 82 | 82 | 900 | Non Singular String Literal Domain | ||
| #479 | Analytics Tracker | 35 | 4 | 5 | 1k+ | Hidden files included | ||
| #480 | Animate In View | 35 | 12 | 0 | 1k+ | Hidden files included | ||
| #481 | Antideo Email Validator | 35 | 38 | 98 | 800 | Missing nonce verification | ||
| #482 | AppMySite – WordPress & WooCommerce Mobile App Builder (No-Code Android & iOS App Maker) | 35 | 165 | 37 | 8k+ | Missing Arg Domain | ||
| #483 | Archive Content with Archived Post Status | 35 | 3 | 2 | 5k+ | Discouraged text-domain loading | ||
| #484 | Aurora Heatmap | 35 | 14 | 18 | 20k+ | Non-prefixed global variable | ||
| #485 | Auto Login for Sakura Rental Server | 35 | 3 | 3 | 10k+ | Hidden files included | ||
| #486 | Autocomplete For Relevanssi | 35 | 30 | 9 | 900 | Unsafe printing function | ||
| #487 | Automatic YouTube Gallery | 35 | 83 | 59 | 9k+ | Output is not escaped | ||
| #488 | Avif Express | 35 | 26 | 167 | 400 | Input is not validated | ||
| #489 | Axeptio – Cookie Banner – GDPR Consent & Compliance with a friendly touch | 35 | 5 | 13 | 8k+ | Database parameter is not escaped | ||
| #490 | AXP Cyrillic to Latin | 35 | 21 | 3 | 1k+ | Output is not escaped | ||
| #491 | BackWPup – WordPress Backup & Restore Plugin | 35 | 12 | 779 | 500k+ | Non-prefixed global variable | ||
| #492 | BASE Item List | 35 | 4 | 13 | 800 | error log error log | ||
| #493 | bbPress Notify (No-Spam) | 35 | 62 | 66 | 2k+ | wp function not compatible with requires wp | ||
| #494 | Before After Image Comparison – Visual Comparison for Two Images | 35 | 19 | 16 | 3k+ | Text Domain Mismatch | ||
| #495 | Better Plugin Compatibility Control | 35 | 7 | 4 | 4k+ | trademarked term | ||
| #496 | Better Recent Comments | 35 | 127 | 29 | 2k+ | Text Domain Mismatch | ||
| #497 | CTC Masonry Gallery 🎨 | 35 | 6 | 3 | 1k+ | Hidden files included | ||
| #498 | Gutenberg Block for WooCommerce Product Table | 35 | 14 | 4 | 3k+ | Hidden files included | ||
| #499 | Block Manager | 35 | 33 | 26 | 4k+ | Text Domain Mismatch | ||
| #500 | Gutenberg Block Editor Toolkit – EditorsKit | 35 | 61 | 25 | 20k+ | Text Domain Mismatch |
