A better way to manage dozens of WordPress websites.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Maintainability
621
18 issue groups
Security
327
7 issue groups
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "Gelf_Message".169
- Category
- Maintainability
- Occurrences
- 169
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Gelf_Message".
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$transport://$hostPort"'.167
- Category
- Security
- Occurrences
- 167
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$transport://$hostPort"'.
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "MWP_FixCompatibility_ICWP_WPSF".68
- Category
- Maintainability
- Occurrences
- 68
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "MWP_FixCompatibility_ICWP_WPSF".
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "MAX_PRIORITY_HOOK".63
- Category
- Maintainability
- Occurrences
- 63
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "MAX_PRIORITY_HOOK".
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.57
- Category
- Maintainability
- Occurrences
- 57
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().55
- Category
- Maintainability
- Occurrences
- 55
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$data is not a valid file"'.54
- Category
- Security
- Occurrences
- 54
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"$data is not a valid file"'.
ERRORMaintainabilityfile system operations fcloseFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().31
- Category
- Maintainability
- Occurrences
- 31
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations freadFile operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().26
- Category
- Maintainability
- Occurrences
- 26
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fread().
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;25
- Category
- Maintainability
- Occurrences
- 25
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
Show 15 moreShow less
ERRORSecurityDatabase parameter is not escaped23
- Category
- Security
- Occurrences
- 23
- Severity
- error
Sample message
Unescaped parameter $deleteTransients used in $wpdb->query()\n$deleteTransients assigned unsafely at line 61.
ERRORSecuritySQL query is not prepared23
- Category
- Security
- Occurrences
- 23
- Severity
- error
Sample message
Use placeholders and $wpdb->prepare(); found $deleteTransients
ERRORMaintainabilityfile system operations fopen22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilitywp function not compatible with requires wp22
- Category
- Maintainability
- Occurrences
- 22
- Severity
- error
Sample message
Function "get_sites()" requires WordPress 4.6.0, but your plugin minimum supported version is WordPress 3.1.0.
WARNINGSecurityInput is not sanitized21
- Category
- Security
- Occurrences
- 21
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_ENV['SSH_AUTH_SOCK']
WARNINGSecurityInterpolated SQL is not prepared20
- Category
- Security
- Occurrences
- 20
- Severity
- warning
Sample message
Use placeholders and $wpdb->prepare(); found interpolated variable $commentIdsList at "DELETE FROM {$wpdb->commentmeta} WHERE comment_id IN ($commentIdsList)"
WARNINGSecurityRequest data is not unslashed19
- Category
- Security
- Occurrences
- 19
- Severity
- warning
Sample message
$_GET['connection_id'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGMaintainabilityNon-prefixed interface14
- Category
- Maintainability
- Occurrences
- 14
- Severity
- warning
Sample message
Interfaces declared by a theme/plugin should start with the theme/plugin prefix. Found: "MWP_Crypter_Interface".
ERRORMaintainabilityNot Allowed13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- error
Sample message
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
ERRORMaintainabilityfile system operations fwrite12
- Category
- Maintainability
- Occurrences
- 12
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fwrite().
ERRORMaintainabilitydate date10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.
ERRORMaintainabilityfile system operations fputs10
- Category
- Maintainability
- Occurrences
- 10
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fputs().
WARNINGMaintainabilityDiscouraged PHP function8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
ERRORMaintainabilitymysql PDO8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- error
Sample message
Accessing the database directly should be avoided. Please use the $wpdb object and associated functions instead. Found: \PDO.
WARNINGMaintainabilityNon-prefixed global variable8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$$name".
Score History
First score snapshot
v4.9.34
22
Latest
- Findings
- 1,072
- Errors
- 507
- Warnings
- 565
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 22 | 1,072 | 507 | 565 | v4.9.34 | 2.0.0 |
Related Plugins
2k+ active installs
60k+ active installs
50k+ active installs
60k+ active installs
1k+ active installs
100k+ active installs