Heroic Favicon Generator is your one-click favicon generator for WordPress.
Prioritized issue groups from the latest Plugin Check scan
Maintainability
60
21 issue groups
Security
32
2 issue groups
I18n
15
2 issue groups
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$HexColorString'.
Sample message
Mismatched text domain. Expected 'favhero-favicon-generator' but got 'ht-ultimate-favicon'.
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fsockopen().
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
Sample message
strip_tags() is discouraged. Use the more comprehensive wp_strip_all_tags() instead.
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
Sample message
Resource version not set in call to wp_enqueue_script(). This means new versions of the script may not always be loaded due to browser caching.
Sample message
load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.
Sample message
Writing files using ABSPATH may be problematic. Consider using wp_upload_dir() instead if storing user data or generated files.
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Sample message
phpinfo() can lead to full path disclosure.
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
Sample message
In footer ($in_footer) is not set explicitly wp_enqueue_script; It is recommended to load scripts in the footer. Please set this value to `true` to load it in the footer, or explicitly `false` if it should be loaded in the header.
Not analyzed yet.
First score snapshot
v1.7.1
41
Latest
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 41 | 111 | 104 | 7 | v1.7.1 | 2.0.0 |
Author, categories, issues, domains, and nearby plugins.