PluginScore

Security Ninja For MainWP

See Security Ninja vulnerabilities and security test results in your MainWP dashboard.

v2.1.0Lars KoudalUpdated Added 500 installs100% rating
MainWPmalwaresecuritysecurity scanvulnerability
47
Score
246
Errors
71
Warnings
+0
Change

Category Scores

Security14
Repo94
Performance100
Maintainability75

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

317 findings

I18n

241

4 issue groups

Maintainability

43

7 issue groups

Security

32

5 issue groups

Repo Compliance

1

1 issue group

ERRORI18nText Domain MismatchMismatched text domain. Expected 'security-ninja-for-mainwp' but got 'security-ninja-mainwp'.238
Category
I18n
Occurrences
238
Severity
error

Sample message

Mismatched text domain. Expected 'security-ninja-for-mainwp' but got 'security-ninja-mainwp'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.17
Category
Maintainability
Occurrences
17
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().17
Category
Maintainability
Occurrences
17
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $events_table used in $wpdb->get_results()13
Category
Security
Occurrences
13
Severity
warning

Sample message

Unescaped parameter $events_table used in $wpdb->get_results()

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$cs_summary'.6
Category
Security
Occurrences
6
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$cs_summary'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.6
Category
Security
Occurrences
6
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityInterpolated SQL is not preparedUse placeholders and $wpdb->prepare(); found interpolated variable {$events_table} at "SELECT DISTINCT action FROM {$events_table} WHERE action IS NOT NULL AND action != '' ORDER BY action ASC"4
Category
Security
Occurrences
4
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable {$events_table} at "SELECT DISTINCT action FROM {$events_table} WHERE action IS NOT NULL AND action != '' ORDER BY action ASC"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
WARNINGSecurityUnfinished PrepareReplacement variables found, but no valid placeholders found in the query.3
Category
Security
Occurrences
3
Severity
warning

Sample message

Replacement variables found, but no valid placeholders found in the query.

WordPress.DB.PreparedSQLPlaceholders.UnfinishedPrepare
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$child_enabled".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$child_enabled".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "Security Ninja For MainWP" - contains the restricted term "wp" which cannot be used at all in your plugin name.3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "Security Ninja For MainWP" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
Show 7 more
WARNINGI18nDiscouraged text-domain loading1
Category
I18n
Occurrences
1
Severity
warning

Sample message

load_plugin_textdomain() has been discouraged since WordPress version 4.6. When your plugin is hosted on WordPress.org, you no longer need to manually include this function call for translations under your plugin slug. WordPress will automatically load the translations for you as needed.

PluginCheck.CodeAnalysis.DiscouragedFunctions.load_plugin_textdomainFoundReference
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WP_FS__PRODUCT_14707_MULTISITE".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon-prefixed hook name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "snmwp_fs_loaded".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORI18nMissing Translators Comment1
Category
I18n
Occurrences
1
Severity
error

Sample message

A function call to __() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.

WordPress.WP.I18n.MissingTranslatorsCommentReference
ERRORRepo Compliancelicense mismatch1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Your plugin has a different license declared in the readme file and plugin header. Please update your readme with a valid GPL license identifier.

license_mismatchReference
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Security Ninja For MainWP" is different from the name declared in plugin header "Security Ninja for MainWP".

mismatched_plugin_nameReference
WARNINGI18ntextdomain mismatch1
Category
I18n
Occurrences
1
Severity
warning

Sample message

The "Text Domain" header in the plugin file does not match the slug. Found "security-ninja-mainwp", expected "security-ninja-for-mainwp".

textdomain_mismatchReference

External Connections

Potential connections found in static code analysis.

34 domains

Outbound calls

183

External assets

2

Incoming endpoints

4

Notable Domains

freemius.com8 · outbound
php.net6 · outbound
wpsecurityninja.com4 · outbound
security-ninja.net3 · outbound
benalman.com2 · outbound
checkout.freemius-local.com2 · outbound

Platform / Reference Domains

gnu.org111 · platform/reference
wordpress.org7 · platform/reference
w3.org6 · platform/reference
github.com4 · platform/reference
api.wordpress.org2 · platform/reference
make.wordpress.org2 · platform/reference
core.trac.wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints4
admin_post_fs_clone_resolutionauthenticated

admin_post

wp_ajax_fs_dismiss_notice_action_{$ajax_action_suffix}authenticated

wp_ajax

wp_ajax_fs_toggle_debug_modeauthenticated

wp_ajax

wp_ajax_secnin_run_remote_security_testsauthenticated

wp_ajax

Score History

First score snapshot

v2.1.0

47

Latest

Findings
317
Errors
246
Warnings
71
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Dam Spam

1k+ active installs

100
Login Security Captcha

10k+ active installs

100
Protect Login

600 active installs

100
Remove XML-RPC Methods

1k+ active installs

100
Stop XML-RPC Attacks

6k+ active installs

100
Vigilant – 100% Free Security Suite: Firewall, 2FA, Login, Headers, Scanner…

1k+ active installs

100