WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
538
18 issue groups
Security
184
6 issue groups
I18n
82
1 issue group
WARNINGMaintainabilityNon-prefixed namespaceNamespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_Defender".227
- Category
- Maintainability
- Occurrences
- 227
- Severity
- warning
Sample message
Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_Defender".
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Circular dependency detected while trying to resolve entry '$entryName': Dependencies: "'.137
- Category
- Security
- Occurrences
- 137
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Circular dependency detected while trying to resolve entry '$entryName': Dependencies: "'.
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wd_2fa_init_provider_' . $slug".93
- Category
- Maintainability
- Occurrences
- 93
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wd_2fa_init_provider_' . $slug".
ERRORI18nText Domain MismatchMismatched text domain. Expected 'defender-security' but got 'plugin-cross-sell-textdomain'.82
- Category
- I18n
- Occurrences
- 82
- Severity
- error
Sample message
Mismatched text domain. Expected 'defender-security' but got 'plugin-cross-sell-textdomain'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".58
- Category
- Maintainability
- Occurrences
- 58
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;38
- Category
- Maintainability
- Occurrences
- 38
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGMaintainabilityerror log var exportvar_export() found. Debug code should not normally be used in production.23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
var_export() found. Debug code should not normally be used in production.
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $column at \t\t\t\tSET `$column` = '$option_key',\n19
- Category
- Security
- Occurrences
- 19
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $column at \t\t\t\tSET `$column` = '$option_key',\n
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $placeholders used in $wpdb->query()\n$placeholders used without escaping.17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Unescaped parameter $placeholders used in $wpdb->query()\n$placeholders used without escaping.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityNon-prefixed constant12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DONOTCACHEPAGE".
WARNINGMaintainabilityNon-prefixed function11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "get_public_suffix".
ERRORMaintainabilitybadly named files9
- Category
- Maintainability
- Occurrences
- 9
- Severity
- error
Sample message
File and folder names must not contain spaces or special characters.
WARNINGMaintainabilitySchema Change8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
ERRORMaintainabilityPlugin Directory Write6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WPINC. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
ERRORSecurityOutput is not escaped6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?"'.
ERRORMaintainabilityNot Allowed5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGMaintainabilityABSPATHDetected4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
WARNINGMaintainabilityDynamic hook name4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$filter_name".
ERRORSecurityDatabase parameter is not escaped3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
Unescaped parameter $column used in $wpdb->query()\n$column assigned unsafely at line 154.
ERRORMaintainabilityfile system operations chmod3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
ERRORMaintainabilityunlink unlink3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGSecurityInput is not sanitized2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_ENV[$variableName]
ERRORMaintainabilityfile system operations fread2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
External Connections
Not analyzed yet.
Score History
First score snapshot
v5.11.0
24
Latest
- Findings
- 824
- Errors
- 306
- Warnings
- 518
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 24 | 824 | 306 | 518 | v5.11.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.