PluginScore

HTTP Authentication

Use an external authentication source in WordPress.

v4.6Daniel Westermann-ClarkUpdated Added 600 installs100% rating
authentication
35
Score
23
Errors
6
Warnings
+0
Change

Category Scores

Security29
Repo69
Performance100
Maintainability97

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

29 findings

Security

20

5 issue groups

I18n

3

1 issue group

Repo Compliance

3

3 issue groups

Supply Chain

2

1 issue group

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'.14
Category
Security
Occurrences
14
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$user'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().3
Category
I18n
Occurrences
3
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_SERVER[$server_key]2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER[$server_key]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_SERVER[$server_key] not unslashed before sanitization. Use wp_unslash() or similar2
Category
Security
Occurrences
2
Severity
warning

Sample message

$_SERVER[$server_key] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORSupply ChainHidden files includedHidden files are not permitted.2
Category
Supply Chain
Occurrences
2
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
ERRORRepo Complianceno licenseMissing "License". Please update your readme with a valid GPLv2 (or later) compatible license.1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License". Please update your readme with a valid GPLv2 (or later) compatible license.

no_licenseReference
ERRORRepo Complianceoutdated tested upto headerTested up to: 6.5 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.5 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference
Show 1 more
ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_licenseReference

External Connections

Potential connections found in static code analysis.

2 domains

Outbound calls

3

External assets

0

Incoming endpoints

0

Notable Domains

danieltwc.com2 · outbound
gatorlink.ufl.edu1 · outbound

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Score History

First score snapshot

v4.6

35

Latest

Findings
29
Errors
23
Warnings
6
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

27 nodes

Related Plugins

Active Directory Integration / LDAP Integration

4k+ active installs

100
Firebase Authentication

500 active installs

100
Logged-in-only

700 active installs

100
Shibboleth

3k+ active installs

100
WP Basic Authentication

2k+ active installs

100
HivePress Authentication

1k+ active installs

98