PluginScore

SiteLock Security – WP Hardening, Login Security & Malware Scans

Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.

v5.1.2SiteLockUpdated Added 1k+ installs68% rating
login securitymalware scansite healthvulnerability scannerwordpress security
89
Score
44
Errors
9
Warnings
+0
Change

Category Scores

Security88
Repo100
Performance100
Maintainability80

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

53 findings

I18n

36

1 issue group

Maintainability

15

8 issue groups

Security

2

2 issue groups

ERRORI18nText Domain MismatchMismatched text domain. Expected 'sitelock' but got 'sitelock-wordpress-plugin'.36
Category
I18n
Occurrences
36
Severity
error

Sample message

Mismatched text domain. Expected 'sitelock' but got 'sitelock-wordpress-plugin'.

WordPress.WP.I18n.TextDomainMismatchReference
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "ApiHelper".3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "ApiHelper".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityunlink unlinkunlink() is discouraged. Use wp_delete_file() to delete a file.3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "SiteLock Security – WP Hardening, Login Security & Malware Scans" - contains the restricted term "wp" which cannot be used at all in your plugin name.2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "SiteLock Security – WP Hardening, Login Security & Malware Scans" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_SERVER['HTTP_HOST']1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['HTTP_HOST']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed$_SERVER['HTTP_HOST'] not unslashed before sanitization. Use wp_unslash() or similar1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_SERVER['HTTP_HOST'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
Show 1 more
ERRORMaintainabilitywp function not compatible with requires wp1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Function "wp_set_option_autoload()" requires WordPress 6.4.0, but your plugin minimum supported version is WordPress 5.6.0.

wp_function_not_compatible_with_requires_wpReference

External Connections

Potential connections found in static code analysis.

30 domains

Outbound calls

88

External assets

0

Incoming endpoints

8

Notable Domains

sitelock.com15 · outbound
php.net6 · outbound
swetake.com4 · outbound
aspell.net3 · outbound
bugs.chromium.org2 · outbound
bugs.webkit.org2 · outbound

Platform / Reference Domains

github.com17 · platform/reference
w3.org10 · platform/reference
wordpress.org4 · platform/reference
opensource.org3 · platform/reference
developer.wordpress.org1 · platform/reference
gnu.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints8
admin_post_activate_email_keyauthenticated

admin_post

admin_post_handle_auth_keyauthenticated

admin_post

admin_post_sitelock_security_form_dataauthenticated

admin_post

wp_ajax_sitelock_disable_2faauthenticated

wp_ajax

wp_ajax_sitelock_dismiss_noticeauthenticated

wp_ajax

wp_ajax_sitelock_regenerate_backup_codesauthenticated

wp_ajax

wp_ajax_sitelock_scanauthenticated

wp_ajax

wp_ajax_sitelock_verify_2faauthenticated

wp_ajax

Score History

First score snapshot

v5.1.2

89

Latest

Findings
53
Errors
44
Warnings
9
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related

Performance Lab99 scoreYoast SEO – Advanced SEO with real-time guidance and built-in AI24 scoreWordfence Security – Firewall, Malware Scan, and Login Security21 scoreJetpack – WP Security, Backup, Speed, & Growth23 scoreElementor Website Builder – more than just a page builder35 scoreLiteSpeed Cache35 scoreWooCommerce22 scoreSite Kit by Google – Analytics, Search Console, AdSense, Speed25 scoreReally Simple Security – Simple and Performant Security (formerly Really Simple SSL)19 scoreWPCode – Insert Headers and Footers + Custom Code Snippets – WordPress Code Manager89 scoreAll-In-One Security (AIOS) – Security and Firewall24 scoreLimit Login Attempts Security – Login Security, 2FA, Firewall, Brute Force Prevention25 scoreDefender Security – Malware Scanner, Login Security & Firewall24 scoreWordfence Login Security25 score

Related Plugins

Performance Lab

100k+ active installs

99
Remove Site Health From Dashboard

1k+ active installs

99
Block wp-login

600 active installs

98
Plugin Detective – Troubleshooting Conflicts

5k+ active installs

98
WPVulnerability

10k+ active installs

96
Malcure Malware Shield — Removal, Repair, Monitor

10k+ active installs

95