Hitsteps Web Analytics

Hitsteps Analytics is a real time website visitor tracker and SEO analytics, it allow you to view and interact with your visitors in real time.

v5.93HitstepsUpdated Added 800 installs78% rating
34
Score
370
Errors
313
Warnings
+0
Change

Category Scores

Security0
Repo88
Performance100
Maintainability52

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

683 findings

Security

562

8 issue groups

Maintainability

109

10 issue groups

I18n

9

4 issue groups

Repo Compliance

3

3 issue groups

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.294
Category
Security
Occurrences
294
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$after_title'.

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.80
Category
Security
Occurrences
80
Severity
warning

Sample message

Processing form data without nonce verification.

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE['comment_author_'.md5( get_option("siteurl"))]60
Category
Security
Occurrences
60
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_COOKIE['comment_author_'.md5( get_option("siteurl"))]

WARNINGSecurityRequest data is not unslashed$_COOKIE['comment_author_'.md5( get_option("siteurl"))] not unslashed before sanitization. Use wp_unslash() or similar60
Category
Security
Occurrences
60
Severity
warning

Sample message

$_COOKIE['comment_author_'.md5( get_option("siteurl"))] not unslashed before sanitization. Use wp_unslash() or similar

WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['_hs_data_output_visitor_base']. Check that the array index exists before using it.52
Category
Security
Occurrences
52
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['_hs_data_output_visitor_base']. Check that the array index exists before using it.

ERRORMaintainabilitywp function not compatible with requires wpFunction "esc_attr()" requires WordPress 2.8.0, but your plugin minimum supported version is WordPress 2.7.0.42
Category
Maintainability
Occurrences
42
Severity
error

Sample message

Function "esc_attr()" requires WordPress 2.8.0, but your plugin minimum supported version is WordPress 2.7.0.

WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_hits_gf_before_email".25
Category
Maintainability
Occurrences
25
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_hits_gf_before_email".

WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "automatic_updates_complete".14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "automatic_updates_complete".

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.13
Category
Security
Occurrences
13
Severity
error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_hitsteps_jetpack_init".8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_hitsteps_jetpack_init".

Show 15 more
ERRORMaintainabilityMissing direct file access protection7
Category
Maintainability
Occurrences
7
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

ERRORMaintainabilityNon Enqueued Script5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WARNINGMaintainabilityDeprecated function: get_currentuserinfo3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

get_currentuserinfo() has been deprecated since WordPress version 4.5.0. Use wp_get_current_user() instead.

ERRORI18nMissing Arg Domain3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WARNINGI18nNo Html Wrapped Strings3
Category
I18n
Occurrences
3
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: "<h2>Nonce is not valid.</h2>"

ERRORMaintainabilityForbidden PHP function found2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

The use of function create_function() is forbidden

WARNINGMaintainabilityNon-prefixed class2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "hst_STATS".

WARNINGSecurityNonce verification recommended2
Category
Security
Occurrences
2
Severity
warning

Sample message

Processing form data without nonce verification.

ERRORI18nMissing Translators Comment2
Category
I18n
Occurrences
2
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WARNINGSecurityPlugin menu slug uses __FILE__1
Category
Security
Occurrences
1
Severity
warning

Sample message

Using __FILE__ for menu slugs risks exposing filesystem structure.

ERRORMaintainabilityrand mt rand1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WARNINGI18nDeprecated parameter: load_plugin_textdomain parameter 21
Category
I18n
Occurrences
1
Severity
warning

Sample message

The parameter "FALSE" at position #2 of load_plugin_textdomain() has been deprecated since WordPress version 2.7.0. Use "" instead.

ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

WARNINGRepo Compliancereadme parser warnings too many tags1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

WARNINGRepo Compliancereadme parser warnings trimmed short description1
Category
Repo Compliance
Occurrences
1
Severity
warning

Sample message

The "Short Description" section is too long and was truncated. A maximum of 150 characters is supported.

External Connections

Potential connections found in static code analysis.

13 domains

Outbound calls

44

External assets

9

Incoming endpoints

0

Notable Domains

addons.mozilla.org2 · outbound
chrome.google.com2 · outbound
144.76.44.1111 · outbound
46.4.176.1511 · outbound
facebook.com1 · outbound

Platform / Reference Domains

wordpress.org1 · platform/reference

External Asset Domains

hitsteps.com29 · asset + outbound
edgecdnplus.com9 · asset + outbound
hitsteps.pro3 · asset + outbound
apis.google.com1 · asset
hitsteps.net1 · asset

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v5.93

34

Latest

Findings
683
Errors
370
Warnings
313
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

36 nodes

Related Plugins

Machete

7k+ active installs

99
Search Analytics for WP

3k+ active installs

99
Web Worker Offloading

10k+ active installs

99
Google Tag Manager

10k+ active installs

98