hidden_files
Hidden files included
The plugin package contains hidden files or directories that usually should not ship in a WordPress.org release.
Why It Shows Up
Plugin Check found dotfiles, hidden folders, or operating-system metadata in the plugin ZIP.
Why It Matters
Hidden files can leak development metadata, repository configuration, local tooling state, or unexpected content.
How to Fix
- Exclude dotfiles and local metadata from the release build.
- Build release ZIPs from a clean export or packaging script.
- Keep only files required for the plugin to run, document itself, or provide distributed assets.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #551 | SumUp Payment Gateway For WooCommerce | 35 | 29 | 59 | 10k+ | Nonce verification recommended | ||
| #552 | Table for Divi | 35 | 5 | 2 | 2k+ | Hidden files included | ||
| #553 | Table Of Content Block – Auto-Generate Clickable Table of Contents | 35 | 2 | 1 | 2k+ | Hidden files included | ||
| #554 | TC Custom JavaScript | 35 | 19 | 26 | 10k+ | Missing Version | ||
| #555 | Starter Sites & Templates by Neve | 35 | 28 | 88 | 100k+ | Non-prefixed hook name | ||
| #556 | Termageddon: Cookie Consent & Privacy Compliance | 35 | 28 | 13 | 7k+ | Exception output is not escaped | ||
| #557 | The Courier Guy Shipping for WooCommerce | 35 | 57 | 107 | 3k+ | Missing nonce verification | ||
| #558 | The Social Links | 35 | 16 | 29 | 2k+ | Non-prefixed global variable | ||
| #559 | TikTok | 35 | 31 | 22 | 200k+ | Missing Arg Domain | ||
| #560 | TinyMCE Templates | 35 | 41 | 27 | 20k+ | Text Domain Mismatch | ||
| #561 | Tockify Events Calendar | 35 | 35 | 12 | 2k+ | Output is not escaped | ||
| #562 | Under Construction | 35 | 3 | 0 | 600k+ | Hidden files included | ||
| #563 | Use Google Libraries | 35 | 13 | 5 | 10k+ | Hidden files included | ||
| #564 | Embed videos and respect privacy | 35 | 6 | 11 | 2k+ | Non-prefixed global variable | ||
| #565 | Payphone – Payment Gateway Button | 35 | 3 | 2 | 2k+ | Hidden files included | ||
| #566 | Webflow Pages | 35 | 36 | 63 | 2k+ | Non Singular String Literal Domain | ||
| #567 | Converter for Media – Optimize images | Convert WebP & AVIF | 35 | 133 | 53 | 500k+ | curl curl setopt | ||
| #568 | Translate WordPress with Weglot – Multilingual AI Translation | 35 | 37 | 115 | 60k+ | Non-prefixed global variable | ||
| #569 | wePOS – Point Of Sale (POS) for WooCommerce & Dokan | 35 | 47 | 66 | 2k+ | Output is not escaped | ||
| #570 | What The File | 35 | 9 | 12 | 40k+ | Input is not sanitized | ||
| #571 | Open Graph and Twitter Card Tags | 35 | 15 | 27 | 60k+ | error log error log | ||
| #572 | Asaas Gateway for WooCommerce | 35 | 12 | 109 | 8k+ | Non-prefixed global variable | ||
| #573 | Custom Payment Gateways for WooCommerce | 35 | 202 | 31 | 3k+ | Non Singular String Literal Domain | ||
| #574 | Require Login for WooCommerce | 35 | 10 | 6 | 2k+ | wp function not compatible with requires wp | ||
| #575 | Title Limit for WooCommerce | 35 | 41 | 12 | 4k+ | Output is not escaped | ||
| #576 | Abandoned Cart Lite for WooCommerce | 35 | 84 | 161 | 20k+ | Non-prefixed global variable | ||
| #577 | Call for Price for WooCommerce | 35 | 5 | 37 | 8k+ | Non-prefixed hook name | ||
| #578 | Conversion Tracking for WooCommerce | 35 | 74 | 61 | 20k+ | Output is not escaped | ||
| #579 | WooCommerce Gateway Affirm | 35 | 2 | 58 | 6k+ | Nonce verification recommended | ||
| #580 | Custom Payment Gateway for WooCommerce | 35 | 11 | 12 | 8k+ | Missing nonce verification | ||
| #581 | Invoices for WooCommerce | 35 | 55 | 168 | 10k+ | Non-prefixed global variable | ||
| #582 | PDF Invoices & Packing Slips for WooCommerce | 35 | 35 | 956 | 300k+ | Non-prefixed hook name | ||
| #583 | Stock Manager for WooCommerce | 35 | 5 | 45 | 20k+ | Non-prefixed global variable | ||
| #584 | Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices | 35 | 22 | 52 | 20k+ | Direct Query | ||
| #585 | BulkGate SMS Plugin for WooCommerce | 35 | 33 | 32 | 1k+ | Output is not escaped | ||
| #586 | WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel | 35 | 41 | 10 | 100k+ | wp function not compatible with requires wp | ||
| #587 | WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets | 35 | 35 | 20 | 100k+ | Missing direct file access protection | ||
| #588 | WP API Menus | 35 | 12 | 9 | 2k+ | wp function not compatible with requires wp | ||
| #589 | WP Associate Post R2 | 35 | 259 | 86 | 3k+ | Output is not escaped | ||
| #590 | Bitly's WordPress Plugin | 35 | 6 | 23 | 2k+ | Non-prefixed function | ||
| #591 | WP Change Email Sender | 35 | 5 | 13 | 10k+ | Non-prefixed namespace | ||
| #592 | WP Content Copy Protection | 35 | 76 | 11 | 10k+ | Text Domain Mismatch | ||
| #593 | Custom Body Class | 35 | 39 | 101 | 10k+ | Non-prefixed global variable | ||
| #594 | WP Dark Mode – Improve Accessibility with AI Powered Dark Theme | 35 | 20 | 160 | 20k+ | Non-prefixed global variable | ||
| #595 | WP Duplicate Page | 35 | 44 | 50 | 60k+ | Text Domain Mismatch | ||
| #596 | WP GPX Maps | 35 | 27 | 100 | 4k+ | Non-prefixed global variable | ||
| #597 | WPGraphQL | 35 | 11 | 86 | 30k+ | Non-prefixed hook name | ||
| #598 | WP-LESS | 35 | 16 | 8 | 10k+ | Missing direct file access protection | ||
| #599 | WP Login and Logout Redirect | 35 | 16 | 6 | 6k+ | Text Domain Mismatch | ||
| #600 | WP Instant Feeds | 35 | 19 | 12 | 6k+ | Output is not escaped |
