RSFirewall!

Sample message

Use placeholders and $wpdb->prepare(); found $column

Sample message

Missing $domain parameter in function call to __().

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['action']. Check that the array index exists before using it.

Sample message

Multiple placeholders in translatable strings should be ordered. Expected "%1$2F, %2$2F, %3$2F, %4$2F", but got "%2F, %2F, %2F, %2F" in 'Stops malicious scripts scanning the site for user data by requesting numerical user IDs even in REST API calls. (EX: ?author=1, example.com/wp-json/oembed/1.0/embed?url=http%3A%2F%2Fexample.com%2Fhello-world%2F, example.com/wp-json/wp/v2/users)'.

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $table at FROM $table\n

Sample message

The $text parameter must be a single text string literal. Found: $description

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

Sample message

Unescaped parameter $table used in $wpdb->get_results()\n$table assigned unsafely at line 140.

Sample message

Unescaped parameter $column->Field used in $wpdb->query()\n$column->Field used without escaping.

Sample message

Attempting a database schema change is discouraged.

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

Sample message

Detected usage of meta_query, possible slow query.