Adds an extra layer of security to your Wordpress Account. Same as Google 2-step verification.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
151
9 issue groups
Maintainability
49
14 issue groups
I18n
5
2 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$__template_file'.81
- Category
- Security
- Occurrences
- 81
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$__template_file'.
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.33
- Category
- Security
- Occurrences
- 33
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$codes".18
- Category
- Maintainability
- Occurrences
- 18
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$codes".
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_COOKIE[$cookie_name]12
- Category
- Security
- Occurrences
- 12
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_COOKIE[$cookie_name]
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityRequest data is not unslashed$_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar11
- Category
- Security
- Occurrences
- 11
- Severity
- warning
Sample message
$_COOKIE[$cookie_name] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.8
- Category
- Security
- Occurrences
- 8
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().3
- Category
- I18n
- Occurrences
- 3
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilitytrademarked termThe plugin name includes a restricted term. Your chosen plugin name - "WP 2-step verification" - contains the restricted term "wp" which cannot be used at all in your plugin name.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The plugin name includes a restricted term. Your chosen plugin name - "WP 2-step verification" - contains the restricted term "wp" which cannot be used at all in your plugin name.
ERRORMaintainabilitywp function not compatible with requires wpFunction "wp_doing_ajax()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 4.5.0.3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Function "wp_doing_ajax()" requires WordPress 4.7.0, but your plugin minimum supported version is WordPress 4.5.0.
Show 15 moreShow less
ERRORMaintainabilitydate date2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
WARNINGMaintainabilityNon-prefixed hook name2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "logout_redirect".
WARNINGSecurityMissing nonce verification2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGSecurityInput is not validated2
- Category
- Security
- Occurrences
- 2
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['REQUEST_URI']. Check that the array index exists before using it.
ERRORMaintainabilityrand rand2
- Category
- Maintainability
- Occurrences
- 2
- Severity
- error
Sample message
rand() is discouraged. Use the far less predictable wp_rand() instead.
ERRORI18nText Domain Mismatch2
- Category
- I18n
- Occurrences
- 2
- Severity
- error
Sample message
Mismatched text domain. Expected 'wordpress-2-step-verification' but got 'woocommerce'.
WARNINGMaintainabilityNo PHP code found1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.
ERRORMaintainabilityNot Allowed1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
WARNINGMaintainabilityslow db query meta key1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Detected usage of meta_key, possible slow query.
ERRORMaintainabilitytimezone change date default timezone set1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
Using date_default_timezone_set() and similar isn't allowed, instead use WP internal timezone support.
WARNINGMaintainabilityNon-prefixed class1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Wordpress2StepVerification".
ERRORSecurityException output is not escaped1
- Category
- Security
- Occurrences
- 1
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"Unable to create socket: '{$errno}' '{$errstr}'"'.
WARNINGSecuritywp redirect wp redirect1
- Category
- Security
- Occurrences
- 1
- Severity
- warning
Sample message
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
ERRORMaintainabilityfile system operations fclose1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fread1
- Category
- Maintainability
- Occurrences
- 1
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
External Connections
Not analyzed yet.
Score History
First score snapshot
v2.6.4
32
Latest
- Findings
- 219
- Errors
- 154
- Warnings
- 65
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 32 | 219 | 154 | 65 | v2.6.4 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Category
Issue
Related
Author
Category
Issue
Related
Related Plugins
4k+ active installs
3k+ active installs
1k+ active installs
2k+ active installs
1k+ active installs
30k+ active installs