PluginScore

Traffic Monitor

Lightweight traffic logger for WordPress analytics. View, filter, and export page request data; monitor caching; detect bots; and spot click fraud.

v3.2.7Dmitri MartinUpdated Added 1k+ installs100% rating
analyticsbotfraudloggingtraffic
39
Score
6
Errors
143
Warnings
+0
Change

Category Scores

Security0
Repo94
Performance100
Maintainability75

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

149 findings

Maintainability

115

7 issue groups

Security

33

8 issue groups

Repo Compliance

1

1 issue group

WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.51
Category
Maintainability
Occurrences
51
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().50
Category
Maintainability
Occurrences
50
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGSecurityMissingProcessing form data without nonce verification.14
Category
Security
Occurrences
14
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
WARNINGSecurityRecommendedProcessing form data without nonce verification.8
Category
Security
Occurrences
8
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
WARNINGMaintainabilityerror log error logerror_log() found. Debug code should not normally be used in production.6
Category
Maintainability
Occurrences
6
Severity
warning

Sample message

error_log() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_error_log
WARNINGMaintainabilitySchema ChangeAttempting a database schema change is discouraged.4
Category
Maintainability
Occurrences
4
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
ERRORSecurityUnescaped DBParameterUnescaped parameter $placeholders used in $wpdb->query()\n$placeholders assigned unsafely at line 939.3
Category
Security
Occurrences
3
Severity
error

Sample message

Unescaped parameter $placeholders used in $wpdb->query()\n$placeholders assigned unsafely at line 939.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGSecurityInterpolated Not PreparedUse placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "DELETE FROM %i WHERE id IN ( $placeholders )"3
Category
Security
Occurrences
3
Severity
warning

Sample message

Use placeholders and $wpdb->prepare(); found interpolated variable $placeholders at "DELETE FROM %i WHERE id IN ( $placeholders )"

WordPress.DB.PreparedSQL.InterpolatedNotPrepared
ERRORSecurityNot PreparedUse placeholders and $wpdb->prepare(); found $sql2
Category
Security
Occurrences
2
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $sql

WordPress.DB.PreparedSQL.NotPrepared
WARNINGMaintainabilityNon Prefixed Variable FoundGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cache_check_nonce".2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$cache_check_nonce".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Show 6 more
WARNINGSecurityReplacements Wrong Number1
Category
Security
Occurrences
1
Severity
warning

Sample message

Incorrect number of replacements passed to $wpdb->prepare(). Found 1 replacement parameters, expected 6.

WordPress.DB.PreparedSQLPlaceholders.ReplacementsWrongNumber
WARNINGMaintainabilityNon Prefixed Constant Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "TRAFFIC_MONITOR_VERSION".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityNon Prefixed Hookname Found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "default_hidden_columns".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGSecurityInput Not Sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER['HTTP_USER_AGENT']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing Unslash1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_SERVER['HTTP_USER_AGENT'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
ERRORRepo Complianceoutdated tested upto header1
Category
Repo Compliance
Occurrences
1
Severity
error

Sample message

Tested up to: 6.8 < 7.0. The "Tested up to" value in your plugin is not set to the current version of WordPress. This means your plugin will not show up in searches, as we require plugins to be compatible and documented as tested up to the most recent version of WordPress.

outdated_tested_upto_headerReference

Score History

First score snapshot

v3.2.7

39

Latest

Findings
149
Errors
6
Warnings
143
Check
2.0.0

Related Plugins

Machete

7k+ active installs

99
Search Analytics for WP

3k+ active installs

99
Web Worker Offloading

10k+ active installs

99
Google Tag Manager

10k+ active installs

98
Wp Post Views – WordPress Post views counter

4k+ active installs

98
HubSpot All-In-One Marketing – Forms, Popups, Live Chat

200k+ active installs

97