Defender Security – Malware Scanner, Login Security & Firewall

WordPress security plugin with malware scanner, IP blocking, audit logs, antivirus scans, firewall, 2FA, brute force login security, and more.

v5.11.0WPMU DEV - Your All-in-One WordPress PlatformUpdated Added 80k+ installs96% rating100% support resolved
24
Score
306
Errors
518
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance97
Maintainability0

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

824 findings

Maintainability

538

18 issue groups

Security

184

6 issue groups

I18n

82

1 issue group

WARNINGMaintainabilityNon-prefixed namespaceNamespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_Defender".227
Category
Maintainability
Occurrences
227
Severity
warning

Sample message

Namespaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "WP_Defender".

ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Circular dependency detected while trying to resolve entry '$entryName': Dependencies: "'.137
Category
Security
Occurrences
137
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Circular dependency detected while trying to resolve entry '$entryName': Dependencies: "'.

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wd_2fa_init_provider_' . $slug".93
Category
Maintainability
Occurrences
93
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wd_2fa_init_provider_' . $slug".

ERRORI18nText Domain MismatchMismatched text domain. Expected 'defender-security' but got 'plugin-cross-sell-textdomain'.82
Category
I18n
Occurrences
82
Severity
error

Sample message

Mismatched text domain. Expected 'defender-security' but got 'plugin-cross-sell-textdomain'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".58
Category
Maintainability
Occurrences
58
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;38
Category
Maintainability
Occurrences
38
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

WARNINGMaintainabilityerror log var exportvar_export() found. Debug code should not normally be used in production.23
Category
Maintainability
Occurrences
23
Severity
warning

Sample message

var_export() found. Debug code should not normally be used in production.

WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable $column at \t\t\t\tSET `$column` = '$option_key',\n19
Category
Security
Occurrences
19
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $column at \t\t\t\tSET `$column` = '$option_key',\n

WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $placeholders used in $wpdb->query()\n$placeholders used without escaping.17
Category
Security
Occurrences
17
Severity
warning

Sample message

Unescaped parameter $placeholders used in $wpdb->query()\n$placeholders used without escaping.

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Use of a direct database call is discouraged.

Show 15 more
WARNINGMaintainabilityNo Caching16
Category
Maintainability
Occurrences
16
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WARNINGMaintainabilityNon-prefixed constant12
Category
Maintainability
Occurrences
12
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DONOTCACHEPAGE".

WARNINGMaintainabilityNon-prefixed function11
Category
Maintainability
Occurrences
11
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "get_public_suffix".

ERRORMaintainabilitybadly named files9
Category
Maintainability
Occurrences
9
Severity
error

Sample message

File and folder names must not contain spaces or special characters.

WARNINGMaintainabilitySchema Change8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Attempting a database schema change is discouraged.

ERRORMaintainabilityPlugin Directory Write6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of constant WPINC. Use wp_upload_dir() to get the uploads directory path or save to the database instead.

ERRORSecurityOutput is not escaped6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Could not find $_tests_dir/includes/functions.php, have you run bin/install-wp-tests.sh ?"'.

ERRORMaintainabilityNot Allowed5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

WARNINGMaintainabilityABSPATHDetected4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.

WARNINGMaintainabilityDynamic hook name4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: &quot;$filter_name&quot;.

ERRORSecurityDatabase parameter is not escaped3
Category
Security
Occurrences
3
Severity
error

Sample message

Unescaped parameter $column used in $wpdb->query()\n$column assigned unsafely at line 154.

ERRORMaintainabilityfile system operations chmod3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

ERRORMaintainabilityunlink unlink3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WARNINGSecurityInput is not sanitized2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_ENV[$variableName]

ERRORMaintainabilityfile system operations fread2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().

External Connections

Not analyzed yet.

Score History

First score snapshot

v5.11.0

24

Latest

Findings
824
Errors
306
Warnings
518
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins