Secure your WordPress site from brute-force attacks, threats, malware, and bots. Free to use and easy to set up.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
64
5 issue groups
Maintainability
53
17 issue groups
I18n
2
2 issue groups
Repo Compliance
1
1 issue group
WARNINGSecurityRequest data is not unslashed$_COOKIE[$sg_2fa_user_cookie] not unslashed before sanitization. Use wp_unslash() or similar22
- Category
- Security
- Occurrences
- 22
- Severity
- warning
Sample message
$_COOKIE[$sg_2fa_user_cookie] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$sg_2fa_user_cookie]21
- Category
- Security
- Occurrences
- 21
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[$sg_2fa_user_cookie]
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;20
- Category
- Maintainability
- Occurrences
- 20
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['HTTP_HOST']. Check that the array index exists before using it.
WARNINGMaintainabilityslow db query meta queryDetected usage of meta_query, possible slow query.7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Detected usage of meta_query, possible slow query.
WARNINGSecuritywp redirect wp redirectwp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.6
- Category
- Security
- Occurrences
- 6
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.5
- Category
- Security
- Occurrences
- 5
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityfile system operations fopenFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
Show 15 moreShow less
WARNINGMaintainabilityNo Caching2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORMaintainabilityparse url parse url2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
ERRORMaintainabilityNon Enqueued Stylesheet2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
Stylesheets must be registered/enqueued via wp_enqueue_style()
WARNINGMaintainabilityerror log debug backtrace1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
debug_backtrace() found. Debug code should not normally be used in production.
WARNINGMaintainabilityprevent path disclosure error reporting1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
error_reporting() can lead to full path disclosure.
ERRORMaintainabilityfile system operations fputs1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fputs().
ERRORMaintainabilityfile system operations fwrite1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilityfile system operations is writable1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORMaintainabilityrand rand1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORI18nMissing Arg Domain1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
ERRORI18nNon Singular String Literal Text1
- Category
- I18n
- Occurrences
- 1
- Severity
- error
Sample message
The $text parameter must be a single text string literal. Found: $entry['visitor_type']
WARNINGMaintainabilitymismatched plugin name1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Plugin name "Security Optimizer - The All-In-One Protection Plugin" is different from the name declared in plugin header "Security Optimizer".
WARNINGMaintainabilitymissing composer json file1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The "/vendor" directory using composer exists, but "composer.json" file is missing.
WARNINGRepo Complianceplugin header nonexistent domain path1
- Category
- Repo Compliance
- Occurrences
- 1
- Severity
- warning
Sample message
The "Domain Path" header in the plugin file must point to an existing folder. Found: "languages"
WARNINGMaintainabilitytrademarked term1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "Security Optimizer - The All-In-One Protection Plugin" - contains the restricted term "plugin" which cannot be used at all in your plugin name.
External Connections
Not analyzed yet.
Score History
2 score snapshots
v1.6.3
35
Latest
- Findings
- 122
- Errors
- 40
- Warnings
- 82
- Check
- 2.0.0
v1.6.2
35
Score
- Findings
- 122
- Errors
- 40
- Warnings
- 82
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 35 | 122 | 40 | 82 | v1.6.3 | 2.0.0 |
| 35 | 122 | 40 | 82 | v1.6.2 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
1k+ active installs
10k+ active installs
1k+ active installs
3k+ active installs
5k+ active installs
6k+ active installs