PluginScore

WP Discourse

This plugin allows you to use Discourse as a community engine for your WordPress website. The plugin is not a substitute for Disqus type commenting sy …

v2.6.3scossarUpdated Added 1k+ installs90% rating0% support resolved
commentsdiscourseforumsso
24
Score
103
Errors
114
Warnings
+0
Change

Category Scores

Security0
Repo71
Performance100
Maintainability16

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

217 findings

Maintainability

92

18 issue groups

Security

51

3 issue groups

I18n

47

3 issue groups

Supply Chain

3

1 issue group

WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.31
Category
Security
Occurrences
31
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORI18nMissing Arg DomainMissing $domain parameter in function call to __().23
Category
I18n
Occurrences
23
Severity
error

Sample message

Missing $domain parameter in function call to __().

WordPress.WP.I18n.MissingArgDomainReference
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "get_the_excerpt".18
Category
Maintainability
Occurrences
18
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "get_the_excerpt".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
ERRORI18nText Domain MismatchMismatched text domain. Expected 'wp-discourse' but got 'discourse-integration'.16
Category
I18n
Occurrences
16
Severity
error

Sample message

Mismatched text domain. Expected 'wp-discourse' but got 'discourse-integration'.

WordPress.WP.I18n.TextDomainMismatchReference
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$dir'.15
Category
Security
Occurrences
15
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$dir'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;11
Category
Maintainability
Occurrences
11
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.8
Category
Maintainability
Occurrences
8
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGI18nNo Html Wrapped StringsTranslatable string should not be wrapped in HTML. Found: '<div class="notice notice-error is-dismissible"><p>There has been an error linking this post with Discourse. Make sure you are supplying the URL of an existing topic on your forum.</p></div>'8
Category
I18n
Occurrences
8
Severity
warning

Sample message

Translatable string should not be wrapped in HTML. Found: '<div class="notice notice-error is-dismissible"><p>There has been an error linking this post with Discourse. Make sure you are supplying the URL of an existing topic on your forum.</p></div>'

WordPress.WP.I18n.NoHtmlWrappedStringsReference
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".7
Category
Maintainability
Occurrences
7
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_tests_dir".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
Show 15 more
ERRORMaintainabilityfile system operations chmod6
Category
Maintainability
Occurrences
6
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
WARNINGSecurityDatabase parameter is not escaped5
Category
Security
Occurrences
5
Severity
warning

Sample message

Unescaped parameter $query used in $wpdb->get_var()\n$query assigned unsafely at line 98.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilityerror log var export5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

var_export() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_export
ERRORMaintainabilityunlink unlink5
Category
Maintainability
Occurrences
5
Severity
error

Sample message

unlink() is discouraged. Use wp_delete_file() to delete a file.

WordPress.WP.AlternativeFunctions.unlink_unlink
ERRORMaintainabilityfile system operations is writable4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().

WordPress.WP.AlternativeFunctions.file_system_operations_is_writable
WARNINGMaintainabilityNon-prefixed function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "_manually_load_plugin".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
ERRORMaintainabilityfile system operations fopen3
Category
Maintainability
Occurrences
3
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().

WordPress.WP.AlternativeFunctions.file_system_operations_fopen
ERRORSupply ChainHidden files included3
Category
Supply Chain
Occurrences
3
Severity
error

Sample message

Hidden files are not permitted.

hidden_files
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WP Discourse" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGMaintainabilitySchema Change2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
WARNINGMaintainabilityslow db query meta key2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_key, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_key
WARNINGMaintainabilityslow db query meta value2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Detected usage of meta_value, possible slow query.

WordPress.DB.SlowDBQuery.slow_db_query_meta_value
WARNINGMaintainabilityDynamic hook name2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "$filter".

WordPress.NamingConventions.PrefixAllGlobals.DynamicHooknameFound
WARNINGMaintainabilityNon-prefixed constant2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "MIN_PHP_VERSION".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGMaintainabilityerror log set error handler2
Category
Maintainability
Occurrences
2
Severity
warning

Sample message

set_error_handler() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_set_error_handler

External Connections

Potential connections found in static code analysis.

18 domains

Outbound calls

74

External assets

0

Incoming endpoints

16

Notable Domains

meta.discourse.org16 · outbound
forum.example.com5 · outbound
discourse.example.com3 · outbound
discourse.mysite.com2 · outbound
wpml.org2 · outbound
a-basketful-of-papayas.net1 · outbound

Platform / Reference Domains

github.com24 · platform/reference
w3.org7 · platform/reference
core.trac.wordpress.org4 · platform/reference
codex.wordpress.org2 · platform/reference
make.wordpress.org1 · platform/reference
wordpress.org1 · platform/reference

External Asset Domains

No external asset domains detected.

Incoming Endpoints

/wp-json/wp-discourse/v1/discourse-commentsREST

register_rest_route

/wp-json/wp-discourse/v1/get-discourse-categoriesREST

register_rest_route

/wp-json/wp-discourse/v1/link-topicREST

register_rest_route

/wp-json/wp-discourse/v1/publish-topicREST

register_rest_route

/wp-json/wp-discourse/v1/set-category-metaREST

register_rest_route

/wp-json/wp-discourse/v1/set-pin-metaREST

register_rest_route

Admin AJAX endpoints4
wp_ajax_text_options_resetauthenticated

wp_ajax

wp_ajax_wpdc_download_logsauthenticated

wp_ajax

wp_ajax_wpdc_view_logauthenticated

wp_ajax

wp_ajax_wpdc_view_logs_metafileauthenticated

wp_ajax

Score History

First score snapshot

v2.6.3

24

Latest

Findings
217
Errors
103
Warnings
114
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

36 nodes

Related Plugins

Really Simple Disable Comments

400 active installs

100
Simply Disable Comments

6k+ active installs

100
Turn Comments Off

1k+ active installs

100
Block List Updater

4k+ active installs

99
Lazy Load for Comments

2k+ active installs

99
One Click Close Comments

4k+ active installs

99