PluginScore

WebToffee WP Backup and Migration

Easily backup, restore, or migrate. Supports one-click backup and scheduled backup. Backup selected content to Amazon S3, Google Drive, FTP/SFTP, etc.

v1.5.9WebToffeeUpdated Added 5k+ installs90% rating
cloud backupdatabase restorewordpress backupwordpress migrationwordpress restore
33
Score
132
Errors
222
Warnings
+0
Change

Category Scores

Security3
Repo100
Performance100
Maintainability30

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

354 findings

Maintainability

320

13 issue groups

Security

34

6 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alias".126
Category
Maintainability
Occurrences
126
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$alias".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
ERRORMaintainabilitywp function not compatible with requires wpFunction "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.3.0.101
Category
Maintainability
Occurrences
101
Severity
error

Sample message

Function "mb_strlen()" requires WordPress 4.2.0, but your plugin minimum supported version is WordPress 3.3.0.

wp_function_not_compatible_with_requires_wpReference
WARNINGMaintainabilityNon-prefixed hook nameHook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wt_migrator_after_setting_page_content_' . $target_id".35
Category
Maintainability
Occurrences
35
Severity
warning

Sample message

Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "'wt_migrator_after_setting_page_content_' . $target_id".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "Webtoffe_logger".20
Category
Maintainability
Occurrences
20
Severity
warning

Sample message

Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "Webtoffe_logger".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedClassFound
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"($name) missing required param: '$paramName'"'.17
Category
Security
Occurrences
17
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"($name) missing required param: '$paramName'"'.

WordPress.Security.EscapeOutput.ExceptionNotEscapedReference
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CRYPT_RSA_MODE".14
Category
Maintainability
Occurrences
14
Severity
warning

Sample message

Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "CRYPT_RSA_MODE".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedConstantFound
WARNINGSecurityDatabase parameter is not escapedUnescaped parameter $qry used in $wpdb->get_results()\n$qry assigned unsafely at line 313.13
Category
Security
Occurrences
13
Severity
warning

Sample message

Unescaped parameter $qry used in $wpdb->get_results()\n$qry assigned unsafely at line 313.

PluginCheck.Security.DirectDB.UnescapedDBParameter
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;8
Category
Maintainability
Occurrences
8
Severity
error

Sample message

PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;

missing_direct_file_access_protectionReference
WARNINGMaintainabilityNon-prefixed functionFunctions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_wp_migration_duplicator".5
Category
Maintainability
Occurrences
5
Severity
warning

Sample message

Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "activate_wp_migration_duplicator".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound
ERRORMaintainabilityrand mt randmt_rand() is discouraged. Use the far less predictable wp_rand() instead.4
Category
Maintainability
Occurrences
4
Severity
error

Sample message

mt_rand() is discouraged. Use the far less predictable wp_rand() instead.

WordPress.WP.AlternativeFunctions.rand_mt_rand
Show 9 more
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WebToffee WP Backup and Migration" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
WARNINGMaintainabilityNo PHP code found1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

No PHP code was found in this file and short open tags are not allowed by this install of PHP. This file may be using short open tags but PHP does not allow them.

Internal.NoCodeFound
ERRORMaintainabilityNot Allowed1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead

PluginCheck.CodeAnalysis.Heredoc.NotAllowed
WARNINGMaintainabilityerror log trigger error1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

trigger_error() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_trigger_error
WARNINGMaintainabilityerror log var export1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

var_export() found. Debug code should not normally be used in production.

WordPress.PHP.DevelopmentFunctions.error_log_var_export
ERRORSecurityOutput is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$errorMessage'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGSecuritywp redirect wp redirect1
Category
Security
Occurrences
1
Severity
warning

Sample message

wp_redirect() found. Using wp_safe_redirect(), along with the &quot;allowed_redirect_hosts&quot; filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.

WordPress.Security.SafeRedirect.wp_redirect_wp_redirectReference
WARNINGSecurityInput is not sanitized1
Category
Security
Occurrences
1
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_SERVER[&#039;SERVER_SOFTWARE&#039;]

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityRequest data is not unslashed1
Category
Security
Occurrences
1
Severity
warning

Sample message

$_SERVER[&#039;SERVER_SOFTWARE&#039;] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash

External Connections

Not analyzed yet.

Score History

First score snapshot

v1.5.9

33

Latest

Findings
354
Errors
132
Warnings
222
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

29 nodes

Related Plugins

WP Database Backup – Unlimited Database & Files Backup by Backup for WP

30k+ active installs

89
BlogVault Backup & Staging

80k+ active installs

82
Royal WordPress Backup, Restore & Migration Plugin – Backup WordPress Sites Safely

20k+ active installs

53
BackWPup – WordPress Backup & Restore Plugin

500k+ active installs

35
FastDup – Fastest WordPress Migration & Duplicator

5k+ active installs

31
Backup, Restore and Migrate your sites with XCloner

10k+ active installs

25