PluginScore

Link in Bio Creator – Social

Build link in bio pages directly on your site. Customizable, accessible and SEO-friendly.

v1.8.3Chadwick MarketingUpdated Added 2k+ installs86% rating
AIInstagramLinktreeTiktoklink in bio
46
Score
52
Errors
36
Warnings
+0
Change

Category Scores

Security16
Repo94
Performance100
Maintainability67

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

88 findings

Maintainability

34

12 issue groups

I18n

27

3 issue groups

Security

26

6 issue groups

Repo Compliance

1

1 issue group

ERRORI18nNon Singular String Literal DomainThe $domain parameter must be a single text string literal. Found: SOCIAL_LITE_TD11
Category
I18n
Occurrences
11
Severity
error

Sample message

The $domain parameter must be a single text string literal. Found: SOCIAL_LITE_TD

WordPress.WP.I18n.NonSingularStringLiteralDomainReference
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bio_link_data".10
Category
Maintainability
Occurrences
10
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$bio_link_data".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'BioLinkShortcodes'.8
Category
Security
Occurrences
8
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found 'BioLinkShortcodes'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to esc_attr_e().8
Category
I18n
Occurrences
8
Severity
error

Sample message

Missing $domain parameter in function call to esc_attr_e().

WordPress.WP.I18n.MissingArgDomainReference
ERRORI18nNon Singular String Literal TextThe $text parameter must be a single text string literal. Found: $bio_link_data['data']['meta']['description']8
Category
I18n
Occurrences
8
Severity
error

Sample message

The $text parameter must be a single text string literal. Found: $bio_link_data['data']['meta']['description']

WordPress.WP.I18n.NonSingularStringLiteralTextReference
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.7
Category
Security
Occurrences
7
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGSecurityRequest data is not unslashed$_GET['shortcode'] not unslashed before sanitization. Use wp_unslash() or similar7
Category
Security
Occurrences
7
Severity
warning

Sample message

$_GET['shortcode'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORMaintainabilityrand randrand() is discouraged. Use the far less predictable wp_rand() instead.6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_rand
ERRORMaintainabilityrand mt randmt_rand() is discouraged. Use the far less predictable wp_rand() instead.4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
Show 12 more
WARNINGMaintainabilityNon-prefixed hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "spotlight/instagram/enqueue_front_app".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityInput is not validated2
Category
Security
Occurrences
2
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_GET['shortcode']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
WARNINGMaintainabilityunexpected markdown file2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Unexpected markdown file "LICENSE_3RD_PARTY_JS.md" detected in plugin root. Only specific markdown files are expected in production plugins.

unexpected_markdown_file
WARNINGMaintainabilityNo PHP code found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Internal.NoCodeFound
ERRORMaintainabilityOffloaded Content1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Offloading images, js, css, and other scripts to your servers or any remote service is disallowed.

PluginCheck.CodeAnalysis.Offloading.OffloadedContent
WARNINGMaintainabilityNon-prefixed constant1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "WP_FS__PRODUCT_10702_MULTISITE".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['REQUEST_URI']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
ERRORMaintainabilityparse url parse url1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
WARNINGMaintainabilitymismatched plugin name1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Plugin name "Link in Bio Creator – Social" is different from the name declared in plugin header "Social".

mismatched_plugin_nameReference
WARNINGMaintainabilitymissing composer json file1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

The "/vendor" directory using composer exists, but "composer.json" file is missing.

missing_composer_json_fileReference
ERRORRepo Complianceplugin header no license1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Missing "License" in Plugin Header. Please update your Plugin Header with a valid GPLv2 (or later) compatible license.

plugin_header_no_licenseReference

Score History

First score snapshot

v1.8.3

46

Latest

Findings
88
Errors
52
Warnings
36
Check
2.0.0

Related Plugins

AI Puffer – Chat. Create. Automate. (formerly AI Power)

10k+ active installs

100
Easy MCP AI – Connector for Claude, ChatGPT & SEO Data

2k+ active installs

100
PufferSights – AI Crawler Insights

0 active installs

100
AIKTP

3k+ active installs

99
Block AI Crawlers

1k+ active installs

99
ShopWriter Lite

0 active installs

99