Security against brute force attacks by tracking IP, name, password; requiring very strong passwords. Idle timeout. Maintenance mode lockdown.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
139
12 issue groups
Security
125
9 issue groups
I18n
92
4 issue groups
ERRORSecurityOutput Not EscapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"NOTICE: disable_logins = '$input' already. No action needed.\n"'.64
- Category
- Security
- Occurrences
- 64
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"NOTICE: disable_logins = '$input' already. No action needed.\n"'.
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.40
- Category
- Maintainability
- Occurrences
- 40
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.40
- Category
- I18n
- Occurrences
- 40
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().38
- Category
- Maintainability
- Occurrences
- 38
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: self::ID33
- Category
- I18n
- Occurrences
- 33
- Severity
- error
Sample message
The $domain parameter must be a single text string literal. Found: self::ID
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bigger_file".23
- Category
- Maintainability
- Occurrences
- 23
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bigger_file".
ERRORMaintainabilitymissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $lss13
- Category
- Security
- Occurrences
- 13
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $lss
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().10
- Category
- I18n
- Occurrences
- 10
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGSecurityInput Not SanitizedDetected usage of a non-sanitized input variable: $_COOKIE[AUTH_COOKIE]9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[AUTH_COOKIE]
Show 15 moreShow less
WARNINGSecurityMissing Unslash9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
$_COOKIE[AUTH_COOKIE] not unslashed before sanitization. Use wp_unslash() or similar
ERRORI18nUnordered Placeholders Text9
- Category
- I18n
- Occurrences
- 9
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1\$5d, %2\$s, %3\$5d, %4\$s, %5\$5d, %6\$s", but got "%5d, %s, %5d, %s, %5d, %s" in "\nComponent Count Value from Current Attempt\n------------------------ ----- --------------------------------\nNetwork IP %5d %s\nUsername %5d %s\nPassword MD5 %5d %s\n".
ERRORSecurityUnescaped DBParameter7
- Category
- Security
- Occurrences
- 7
- Severity
- error
Sample message
Unescaped parameter $days used in $wpdb->query()\n$days assigned unsafely at line 1079.
WARNINGSecurityRecommended7
- Category
- Security
- Occurrences
- 7
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityMissing6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInterpolated Not Prepared5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $days at \t\t\tWHERE date_failed < DATE_SUB(CURDATE(), INTERVAL '$days' DAY)"
WARNINGSecurityInput Not Validated5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_COOKIE[AUTH_COOKIE]. Check that the array index exists before using it.
WARNINGMaintainabilitySchema Change4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Attempting a database schema change is discouraged.
ERRORMaintainabilityfile system operations fclose4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityrand rand3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORMaintainabilityapplication detected3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Application files are not permitted.
ERRORMaintainabilitymysql mysql close1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysql_close.
ERRORMaintainabilitymysql mysqli close1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: mysqli_close.
ERRORMaintainabilitydate date1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
Score History
First score snapshot
v0.56.0
27
Latest
- Findings
- 370
- Errors
- 216
- Warnings
- 154
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 27 | 370 | 216 | 154 | v0.56.0 | 2.0.0 |
Related Plugins
2k+ active installs
10k+ active installs
3k+ active installs
5k+ active installs
4k+ active installs
1k+ active installs