hidden_files
Hidden files included
The plugin package contains hidden files or directories that usually should not ship in a WordPress.org release.
Why It Shows Up
Plugin Check found dotfiles, hidden folders, or operating-system metadata in the plugin ZIP.
Why It Matters
Hidden files can leak development metadata, repository configuration, local tooling state, or unexpected content.
How to Fix
- Exclude dotfiles and local metadata from the release build.
- Build release ZIPs from a clean export or packaging script.
- Keep only files required for the plugin to run, document itself, or provide distributed assets.
Affected Plugins
| Rank | Plugin | Score | Errors | Warnings | Installs | Added | Updated | Top Issue |
|---|---|---|---|---|---|---|---|---|
| #701 | Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE | 35 | 131 | 41 | 300k+ | Missing direct file access protection | ||
| #702 | Page Visits Counter – Lite | 35 | 28 | 35 | 5k+ | Output is not escaped | ||
| #703 | Paytrail for WooCommerce | 35 | 28 | 46 | 3k+ | Non-prefixed global variable | ||
| #704 | Pearl – Header Builder | 35 | 7 | 283 | 5k+ | Non-prefixed global variable | ||
| #705 | Permissions Editor for Ninja Forms | 35 | 29 | 6 | 1k+ | Output is not escaped | ||
| #706 | Phone Orders for WooCommerce | 35 | 1 | 229 | 1k+ | Non-prefixed hook name | ||
| #707 | Pie Calendar – Events Calendar Made Simple | 35 | 83 | 53 | 1k+ | Text Domain Mismatch | ||
| #708 | Piwik PRO | 35 | 22 | 3 | 3k+ | Output is not escaped | ||
| #709 | Pixeline's Email Protector | 35 | 77 | 5 | 800 | Unsafe printing function | ||
| #710 | Plausible Analytics | 35 | 244 | 61 | 10k+ | Exception output is not escaped | ||
| #711 | Pochipp | 35 | 27 | 102 | 20k+ | Non-prefixed global variable | ||
| #712 | Pods Alternative Cache | 35 | 1 | 0 | 5k+ | Hidden files included | ||
| #713 | Post Content Shortcodes | 35 | 205 | 56 | 2k+ | Output is not escaped | ||
| #714 | Post Draft Preview | 35 | 49 | 69 | 700 | Text Domain Mismatch | ||
| #715 | Post Meta Data Manager | 35 | 30 | 112 | 1k+ | Non-prefixed global variable | ||
| #716 | Post Password Token | 35 | 132 | 38 | 600 | Text Domain Mismatch | ||
| #717 | Posts Table with Search & Sort | 35 | 143 | 33 | 3k+ | Text Domain Mismatch | ||
| #718 | PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) | 35 | 6 | 56 | 80k+ | Post Not In exclude | ||
| #719 | Powerful Posts Per Page (PPPP) | 35 | 4 | 1 | 1k+ | Hidden files included | ||
| #720 | Pre-Publish Checklist | 35 | 7 | 2 | 1k+ | Missing direct file access protection | ||
| #721 | Product Prices by User Roles for WooCommerce | 35 | 12 | 19 | 1k+ | Non-prefixed hook name | ||
| #722 | Print, PDF & Email by PrintFriendly | 35 | 1 | 5 | 20k+ | Not In Footer | ||
| #723 | Product Blocks for WooCommerce | 35 | 4 | 3 | 4k+ | slow db query tax query | ||
| #724 | Product Delivery Date for WooCommerce – Lite | 35 | 171 | 27 | 1k+ | Text Domain Mismatch | ||
| #725 | Product Input Fields for WooCommerce | 35 | 18 | 84 | 4k+ | Non-prefixed function | ||
| #726 | Min Max Step Quantity Limits Manager for WooCommerce | 35 | 67 | 158 | 3k+ | Non-prefixed global variable | ||
| #727 | Ninjalytics: Sales Reports & Order Export for WooCommerce and EDD | 35 | 6 | 32 | 6k+ | Non-prefixed global variable | ||
| #728 | Pronamic Client | 35 | 111 | 48 | 700 | Output is not escaped | ||
| #729 | Protect the Children! | 35 | 2 | 34 | 1k+ | Missing nonce verification | ||
| #730 | Publitio | 35 | 47 | 26 | 400 | curl curl setopt | ||
| #731 | Push7 | 35 | 45 | 17 | 700 | Short PHP open tag found | ||
| #732 | Random Post on Refresh | 35 | 3 | 8 | 500 | Non-prefixed hook name | ||
| #733 | Flutterwave WooCommerce | 35 | 7 | 20 | 2k+ | Non-prefixed class | ||
| #734 | ReactPress – Create React App for WordPress | 35 | 26 | 43 | 3k+ | Request data is not unslashed | ||
| #735 | Real Time Validation for Gravity Forms | 35 | 185 | 30 | 2k+ | Output is not escaped | ||
| #736 | Really Simple Google Tag Manager (GTM) | 35 | 115 | 15 | 4k+ | Text Domain Mismatch | ||
| #737 | Remove Admin Toolbar | 35 | 13 | 7 | 600 | Missing direct file access protection | ||
| #738 | Remove Dashboard Access | 35 | 16 | 23 | 30k+ | wp function not compatible with requires wp | ||
| #739 | Repeaters & Relationships Connector with ACF for Elementor | 35 | 6 | 3 | 700 | Missing direct file access protection | ||
| #740 | Reseller Store | 35 | 56 | 34 | 1k+ | Output is not escaped | ||
| #741 | Restrict Elementor Widgets, Columns and Sections | 35 | 18 | 53 | 500 | Non-prefixed function | ||
| #742 | Reveal IDs | 35 | 23 | 13 | 40k+ | Output is not escaped | ||
| #743 | RICG Responsive Images | 35 | 29 | 25 | 2k+ | wp function not compatible with requires wp | ||
| #744 | Term Description: Rich Text Editor (Powered by TinyMCE) for WooCommerce | 35 | 2 | 0 | 700 | Hidden files included | ||
| #745 | RichText Extension | 35 | 25 | 4 | 900 | Output is not escaped | ||
| #746 | Robots.txt rewrite | 35 | 56 | 19 | 1k+ | Output is not escaped | ||
| #747 | RPS Image Gallery | 35 | 88 | 16 | 800 | Output is not escaped | ||
| #748 | RS CSV Importer Media Add-On | 35 | 4 | 1 | 4k+ | Hidden files included | ||
| #749 | Taxonomy Tags to Checkboxes | 35 | 2 | 0 | 1k+ | Hidden files included | ||
| #750 | s2Member – Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions | 35 | 24 | 5 | 8k+ | Missing direct file access protection |