No CAPTCHA reCAPTCHA

Protect WordPress login, registration, comment and BuddyPress registration forms with Google's No CAPTCHA reCAPTCHA.

v1.3.4Collins AgbonghamaUpdated 6 years agoAdded 12 years ago4k+ installs86% rating

comment form login recaptcha registration form security

Score

112

Errors

Warnings

Change

Category Scores

Security0

Repo91

Performance100

Maintainability82

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

138 findings

Security

8 issue groups

I18n

5 issue groups

Maintainability

5 issue groups

Repo Compliance

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'no-captcha-recaptcha' but got 'ncr-captcha'.42

Category: I18n
Occurrences: 42
Severity: error

Sample message

Mismatched text domain. Expected 'no-captcha-recaptcha' but got 'ncr-captcha'.

WordPress.WP.I18n.TextDomainMismatch Reference

ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.38

Category: Security
Occurrences: 38
Severity: error

Sample message

All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.

WordPress.Security.EscapeOutput.UnsafePrintingFunction Reference

ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$activate_url'.14

Category: Security
Occurrences: 14
Severity: error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$activate_url'.

WordPress.Security.EscapeOutput.OutputNotEscaped Reference

WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.6

Category: Security
Occurrences: 6
Severity: warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended

ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.5

Category: I18n
Occurrences: 5
Severity: error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsComment Reference

WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['settings-updated']4

Category: Security
Occurrences: 4
Severity: warning

Sample message

Detected usage of a non-sanitized input variable: $_GET['settings-updated']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized

WARNINGSecurityRequest data is not unslashed$_GET['settings-updated'] not unslashed before sanitization. Use wp_unslash() or similar4

Category: Security
Occurrences: 4
Severity: warning

Sample message

$_GET['settings-updated'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().4

Category: I18n
Occurrences: 4
Severity: error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomain Reference

ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;3

Category: Maintainability
Occurrences: 3
Severity: error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protection Reference

Show 10 more

WARNINGSecuritywp redirect wp redirect2

Category: Security
Occurrences: 2
Severity: warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirect Reference

WARNINGSecurityInput is not validated2

Category: Security
Occurrences: 2
Severity: warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['ncr_options']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated

ERRORMaintainabilityOffloaded Content1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent

ERRORMaintainabilityNo Explicit Version1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Version parameter is not explicitly set or has been set to an equivalent of "false" for wp_enqueue_script; This means that the WordPress core version will be used which is not recommended for plugin or theme development.

WordPress.WP.EnqueuedResourceParameters.NoExplicitVersion

ERRORMaintainabilityNon Enqueued Script1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript

ERRORI18nNon Singular String Literal Domain1

Category: I18n
Occurrences: 1
Severity: error

Sample message

The $domain parameter must be a single text string literal. Found: self::$textdomain

WordPress.WP.I18n.NonSingularStringLiteralDomain Reference

ERRORMaintainabilityinvalid plugin name1

Category: Maintainability
Occurrences: 1
Severity: error

Sample message

Plugin name header in your readme is missing or invalid. Please update your readme with a valid plugin name header. Eg: "=== Example Name ==="

invalid_plugin_name Reference

ERRORRepo Complianceoutdated tested upto header1

Category: Repo Compliance
Occurrences: 1
Severity: error

Sample message

Tested up to: 5.4 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_header Reference

WARNINGRepo Compliancereadme parser warnings too many tags1

Category: Repo Compliance
Occurrences: 1
Severity: warning

Sample message

One or more tags were ignored. Please limit your plugin to 5 tags.

readme_parser_warnings_too_many_tags

WARNINGI18ntextdomain mismatch1

Category: I18n
Occurrences: 1
Severity: warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "ncr-captcha", expected "no-captcha-recaptcha".

textdomain_mismatch Reference

External Connections

Not analyzed yet.

Score History

First score snapshot

3 days ago

v1.3.4

Latest

Findings: 138
Errors: 112
Warnings: 26
Check: 2.0.0

Scan	Score	Findings	Errors	Warnings	Plugin	Check
3 days agoLatest	40	138	112	26	v1.3.4	2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Loading map

PluginAuthorCategoryIssueRelated

Relationship links

Issue

Related Plugins

10k+ active installs

100

Shibboleth

3k+ active installs

100

Simple Login Log

5k+ active installs

100

Customize Admin

4k+ active installs

Disable Login Language Switcher

1k+ active installs

Easy Hide Login

20k+ active installs