hidden_files

Hidden files included

The plugin package contains hidden files or directories that usually should not ship in a WordPress.org release.

critical weight

Why It Shows Up

Plugin Check found dotfiles, hidden folders, or operating-system metadata in the plugin ZIP.

Why It Matters

Hidden files can leak development metadata, repository configuration, local tooling state, or unexpected content.

How to Fix

  • Exclude dotfiles and local metadata from the release build.
  • Build release ZIPs from a clean export or packaging script.
  • Keep only files required for the plugin to run, document itself, or provide distributed assets.

Affected Plugins

RankPluginScoreErrorsWarningsInstallsAddedUpdatedTop Issue
#851Sola Payment Gateway for WooCommerce35107116700Missing Translators Comment
#852WP Courseware for WooCommerce3555491k+Text Domain Mismatch
#853Custom Payment Gateways for WooCommerce35202313k+Non Singular String Literal Domain
#854Require Login for WooCommerce351062k+wp function not compatible with requires wp
#855Save and Share Cart for WooCommerce3512551600Text Domain Mismatch
#856Title Limit for WooCommerce3541124k+Output is not escaped
#857Abandoned Cart Lite for WooCommerce358416120k+Non-prefixed global variable
#858Data Exchange for WooCommerce and 1C:Enterprise/1С:Предприятие35121k+Hidden files included
#859Call for Price for WooCommerce355378k+Non-prefixed hook name
#860Checkout Terms Conditions Popup for WooCommerce3576301k+Output is not escaped
#861Conversion Tracking for WooCommerce35746120k+Output is not escaped
#862WooCommerce Gateway Affirm352586k+Nonce verification recommended
#863Custom Payment Gateway for WooCommerce3511128k+Missing nonce verification
#864Invoices for WooCommerce355516810k+Non-prefixed global variable
#865PDF Invoices & Packing Slips for WooCommerce3535965300k+Non-prefixed hook name
#866Quaderno: Global Tax & Invoicing Automation for WooCommerce35470500Missing nonce verification
#867Stock Manager for WooCommerce3554520k+Non-prefixed global variable
#868Wholesale Suite – B2B, Dynamic Pricing & WooCommerce Wholesale Prices35225220k+Direct Query
#869Wooplatnica352724400Non-prefixed class
#870BulkGate SMS Plugin for WooCommerce3533321k+Output is not escaped
#871Access Areas for WordPress351795400Direct Query
#872WP All Export – Drag & Drop Export to Any Custom CSV, XML & Excel354110100k+wp function not compatible with requires wp
#873WP All Import – Drag & Drop Import for CSV, XML, Excel & Google Sheets353520100k+Missing direct file access protection
#874WP API Menus351292k+wp function not compatible with requires wp
#875WP Associate Post R235259863k+Output is not escaped
#876Bitly's WordPress Plugin356232k+Non-prefixed function
#877Category Dropdown by GCS Design3593521k+Output is not escaped
#878WP Change Email Sender3551310k+Non-prefixed namespace
#879WP Compiler3533201k+Output is not escaped
#880WP Content Copy Protection35761110k+Text Domain Mismatch
#881Countdown Block35521k+Hidden files included
#882Custom Body Class353910110k+Non-prefixed global variable
#883WP Dark Mode – Improve Accessibility with AI Powered Dark Theme352016020k+Non-prefixed global variable
#884WP Duplicate Page35445060k+Text Domain Mismatch
#885WP Flexslider35157600Unsafe printing function
#886WP GPX Maps35271004k+Non-prefixed global variable
#887WPGraphQL35108630k+Non-prefixed hook name
#888WP Hydra3510181k+Input is not sanitized
#889WP-KaTeX35148800Missing direct file access protection
#890WP-LESS3516810k+Missing direct file access protection
#891WP Login and Logout Redirect351666k+Text Domain Mismatch
#892WP-Markdown353139400Output is not escaped
#893WP Menu Custom Fields35116700Hidden files included
#894WP Instant Feeds3519126k+Output is not escaped
#895Disable Bulk Smush Limit of Smush Image Optimization35323k+Hidden files included
#896WP Open Street Map35591113k+Input is not validated
#897Parse.ly3515441k+Non-prefixed hook name
#898WP-Persian35144377k+Unsafe printing function
#899WP PGP Encrypted Emails356339400Output is not escaped
#900WP Post Nav3573242400Non-prefixed global variable