Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
312
13 issue groups
Security
302
7 issue groups
I18n
157
4 issue groups
Supply Chain
11
1 issue group
ERRORI18nMissing Translators CommentA function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.96
- Category
- I18n
- Occurrences
- 96
- Severity
- error
Sample message
A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$checked_attribute'.70
- Category
- Security
- Occurrences
- 70
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$checked_attribute'.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.69
- Category
- Security
- Occurrences
- 69
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilitycurl curl setoptUsing cURL functions is highly discouraged. Use wp_remote_get() instead.68
- Category
- Maintainability
- Occurrences
- 68
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
WARNINGSecurityRequest data is not unslashed$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar64
- Category
- Security
- Occurrences
- 64
- Severity
- warning
Sample message
$_GET['_wpnonce'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['_wpnonce']58
- Category
- Security
- Occurrences
- 58
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['_wpnonce']
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$autoloader".42
- Category
- Maintainability
- Occurrences
- 42
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$autoloader".
ERRORMaintainabilityfile system operations is writableFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().35
- Category
- Maintainability
- Occurrences
- 35
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORI18nUnordered Placeholders TextMultiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$d", but got "%s, %d" in 'Reached %s, but received an error response code: %d. HTTPS is not properly configured.'.33
- Category
- I18n
- Occurrences
- 33
- Severity
- error
Sample message
Multiple placeholders in translatable strings should be ordered. Expected "%1$s, %2$d", but got "%s, %d" in 'Reached %s, but received an error response code: %d. HTTPS is not properly configured.'.
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;30
- Category
- Maintainability
- Occurrences
- 30
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Show 15 moreShow less
WARNINGMaintainabilityNon-prefixed hook name25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "login_body_class".
ERRORI18nMissing Arg Domain18
- Category
- I18n
- Occurrences
- 18
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORMaintainabilityunlink unlink17
- Category
- Maintainability
- Occurrences
- 17
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
WARNINGMaintainabilityDirect Query16
- Category
- Maintainability
- Occurrences
- 16
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
ERRORSecurityException output is not escaped16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Email address \"$email\" not valid in "'.
ERRORSecurityUnsafe printing function16
- Category
- Security
- Occurrences
- 16
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
ERRORMaintainabilityfile system operations fclose15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityShort PHP open tag found14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- error
Sample message
Short PHP opening tag used with echo; expected "<?php echo $this ..." but found "<?= $this ..."
WARNINGMaintainabilityerror log error log14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
WARNINGMaintainabilityNo Caching13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityslow db query meta query13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
ERRORSupply ChainHidden files included11
- Category
- Supply Chain
- Occurrences
- 11
- Severity
- error
Sample message
Hidden files are not permitted.
ERRORMaintainabilityfile system operations mkdir10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
ERRORI18nNo Empty Strings10
- Category
- I18n
- Occurrences
- 10
- Severity
- error
Sample message
The $text text string should have translatable content. Found: ''
WARNINGSecurityInput is not validated9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.
External Connections
Not analyzed yet.
Score History
First score snapshot
v9.6.0
19
Latest
- Findings
- 926
- Errors
- 541
- Warnings
- 385
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 19 | 926 | 541 | 385 | v9.6.0 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.