Head Meta Data

Adds a custom set of tags to the section of all posts & pages.

v20260421Jeff StarrUpdated 2 months agoAdded 14 years ago10k+ installs96% rating

meta metadata robots seo

Score

Errors

Warnings

Change

Category Scores

Security24

Repo100

Performance100

Maintainability86

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

61 findings

Maintainability

5 issue groups

Security

5 issue groups

I18n

1 issue group

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_hmd_links".30

Category: Maintainability
Occurrences: 30
Severity: warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "add_hmd_links".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$custom'.17

Category: Security
Occurrences: 17
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$custom'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "hmd_check_date_expired".3

Category: Maintainability
Occurrences: 3
Severity: warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "hmd_check_date_expired".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound

WARNINGI18nDiscouraged text-domain loadingload_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFound Reference

WARNINGMaintainabilityShort URL foundShort URL detected (bit.ly). Use full URLs instead of URL shorteners.1

Category: Maintainability
Occurrences: 1
Severity: warning

Sample message

Short URL detected (bit.ly). Use full URLs instead of URL shorteners.

PluginCheck.CodeAnalysis.ShortURL.Found

ERRORMaintainabilitydate datedate() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date

WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.1

Category: Security
Occurrences: 1
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['dismiss-notice-verify']1

Category: Security
Occurrences: 1
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['dismiss-notice-verify']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_GET['dismiss-notice-verify'] not unslashed before sanitization. Use wp_unslash() or similar1

Category: Security
Occurrences: 1
Severity: warning

Sample message

$_GET['dismiss-notice-verify'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

Show 1 more

ERRORMaintainabilityMissing direct file access protection1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

External Connections

Not analyzed yet.

Score History

First score snapshot

4 days ago

v20260421

Latest

Findings: 61
Errors: 19
Warnings: 42
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
4 days agoLatest	55	61	19	42	v20260421	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

28 nodes

Loading map

PluginAuthorCategoryIssueRelated

Relationship links

Issue

Related Plugins

Hide/Remove Metadata

20k+ active installs

100

HTTP 410 (Gone) responses

4k+ active installs

100

noindex SEO

3k+ active installs

100

wp_head() cleaner

2k+ active installs

100

AIKTP

3k+ active installs

Canonical Link

2k+ active installs