PluginScore

Analytics Spam Blocker

Prevent referrer spam from affecting your website analytics. Easily create a blocklist and receive new domains weekly to stay on top of the issue.

v4.2ArnanUpdated Added 800 installs78% rating
analyticsantispamreferral spamreferrer spamspam
37
Score
76
Errors
22
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability66

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

98 findings

Security

70

8 issue groups

Maintainability

24

14 issue groups

I18n

3

2 issue groups

Repo Compliance

1

1 issue group

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.33
Category
Security
Occurrences
33
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunctionReference
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$blocklist['domain_count']'.22
Category
Security
Occurrences
22
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$blocklist['domain_count']'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4
Category
Security
Occurrences
4
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['action']4
Category
Security
Occurrences
4
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['action']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar4
Category
Security
Occurrences
4
Severity
warning

Sample message

$_GET['action'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityfile system operations is writableFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
WARNINGMaintainabilityABSPATHDetectedWriting files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.

PluginCheck.CodeAnalysis.WriteFile.ABSPATHDetected
ERRORMaintainabilityPlugin Directory WritePlugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WP_CONTENT_DIR. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

PluginCheck.CodeAnalysis.WriteFile.PluginDirectoryWrite
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$blocklist".2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$blocklist".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().

WordPress.WP.AlternativeFunctions.file_system_operations_fclose
Show 15 more
ERRORMaintainabilityfile system operations fopen2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORMaintainabilityfile system operations fwrite2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().

WordPress.WP.AlternativeFunctions.file_system_operations_fwrite
ERRORMaintainabilitystrip tags strip tags2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.

WordPress.WP.AlternativeFunctions.strip_tags_strip_tags
ERRORI18nMissing Arg Domain2
Category
I18n
Occurrences
2
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
ERRORMaintainabilityMissing direct file access protection2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
ERRORMaintainabilitydate date1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
WARNINGMaintainabilityNon-prefixed function1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "ajdg_fetch_rss_feed".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
WARNINGSecurityMissing nonce verification1
Category
Security
Occurrences
1
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGSecurityInput is not validated1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['spamblocker_nonce']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilityparse url parse url1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityunlink unlink1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
WARNINGMaintainabilityMissing Version1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.

WordPress.WP.EnqueuedResourceParameters.MissingVersion
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.9 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference

External Connections

Potential connections found in static code analysis.

4 domains

Outbound calls

17

External assets

0

Incoming endpoints

0

Notable Domains

ajdg.solutions11 · outbound
arnan.me3 · outbound
support.ajdg.net2 · outbound
raw.githubusercontent.com1 · outbound

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v4.2

37

Latest

Findings
98
Errors
76
Warnings
22
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

33 nodes

Related Plugins

PufferSights – AI Crawler Insights

0 active installs

100
VigIA – AI Visibility, Analytics & Control

1k+ active installs

100
Block List Updater

4k+ active installs

99
Machete

7k+ active installs

99
Search Analytics for WP

3k+ active installs

99
Web Worker Offloading

10k+ active installs

99