PluginScore

WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite

This plug-in can exhaustively scan program files on the site to detect malware and vulnerability. Also record hacking attempts against your site and b …

v1.2.3WP DoctorワードプレスドクターUpdated Added 600 installs0% rating
blockhackmalwarescanningvulnerability
31
Score
133
Errors
438
Warnings
+0
Change

Category Scores

Security0
Repo91
Performance100
Maintainability37

Issues to Review

Prioritized issue groups from the latest Plugin Check scan

571 findings

Security

286

12 issue groups

Maintainability

281

13 issue groups

WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accessedfile".116
Category
Maintainability
Occurrences
116
Severity
warning

Sample message

Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$accessedfile".

WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedVariableFound
WARNINGMaintainabilityDirect QueryUse of a direct database call is discouraged.67
Category
Maintainability
Occurrences
67
Severity
warning

Sample message

Use of a direct database call is discouraged.

WordPress.DB.DirectDatabaseQuery.DirectQuery
WARNINGMaintainabilityNo CachingDirect database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().67
Category
Maintainability
Occurrences
67
Severity
warning

Sample message

Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().

WordPress.DB.DirectDatabaseQuery.NoCaching
ERRORSecuritySQL query is not preparedUse placeholders and $wpdb->prepare(); found $getTest67
Category
Security
Occurrences
67
Severity
error

Sample message

Use placeholders and $wpdb->prepare(); found $getTest

WordPress.DB.PreparedSQL.NotPrepared
WARNINGSecurityUnquoted Complex PlaceholderComplex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.63
Category
Security
Occurrences
63
Severity
warning

Sample message

Complex placeholders used for values in the query string in $wpdb->prepare() will NOT be quoted automagically. Found: %1s.

WordPress.DB.PreparedSQLPlaceholders.UnquotedComplexPlaceholder
WARNINGSecurityRequest data is not unslashed$_POST['chackdata'] not unslashed before sanitization. Use wp_unslash() or similar40
Category
Security
Occurrences
40
Severity
warning

Sample message

$_POST['chackdata'] not unslashed before sanitization. Use wp_unslash() or similar

WordPress.Security.ValidatedSanitizedInput.MissingUnslash
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_POST['chackdata']. Check that the array index exists before using it.27
Category
Security
Occurrences
27
Severity
warning

Sample message

Detected usage of a possibly undefined superglobal array index: $_POST['chackdata']. Check that the array index exists before using it.

WordPress.Security.ValidatedSanitizedInput.InputNotValidated
ERRORSecurityQuoted Simple PlaceholderSimple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%d'.23
Category
Security
Occurrences
23
Severity
error

Sample message

Simple placeholders should not be quoted in the query string in $wpdb->prepare(). Found: '%d'.

WordPress.DB.PreparedSQLPlaceholders.QuotedSimplePlaceholder
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_REQUEST['action']19
Category
Security
Occurrences
19
Severity
warning

Sample message

Detected usage of a non-sanitized input variable: $_REQUEST['action']

WordPress.Security.ValidatedSanitizedInput.InputNotSanitized
WARNINGSecurityMissing nonce verificationProcessing form data without nonce verification.15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Missing
Show 15 more
WARNINGSecurityNonce verification recommended15
Category
Security
Occurrences
15
Severity
warning

Sample message

Processing form data without nonce verification.

WordPress.Security.NonceVerification.Recommended
ERRORMaintainabilitydate date13
Category
Maintainability
Occurrences
13
Severity
error

Sample message

date() is affected by runtime timezone changes which can cause date/time to be incorrectly displayed. Use gmdate() instead.

WordPress.DateTime.RestrictedFunctions.date_date
ERRORSecuritySetting is missing a sanitization callback10
Category
Security
Occurrences
10
Severity
error

Sample message

Sanitization missing for register_setting().

PluginCheck.CodeAnalysis.SettingSanitization.register_settingMissingReference
ERRORSecurityOutput is not escaped5
Category
Security
Occurrences
5
Severity
error

Sample message

All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$cvetxt'.

WordPress.Security.EscapeOutput.OutputNotEscapedReference
WARNINGMaintainabilityDiscouraged PHP function3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The use of function ini_set() is discouraged

Squiz.PHP.DiscouragedFunctions.Discouraged
WARNINGMaintainabilitytrademarked term3
Category
Maintainability
Occurrences
3
Severity
warning

Sample message

The plugin name includes a restricted term. Your chosen plugin name - "WPDoctor Malware Scanner & Vulnerability Checker & IP blocker with Hack monitor Lite" - contains the restricted term "wp" which cannot be used at all in your plugin name.

trademarked_term
ERRORMaintainabilityForbidden PHP function found2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

The use of function str_rot13() is forbidden

Generic.PHP.ForbiddenFunctions.Found
ERRORMaintainabilityfile system operations chmod2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: chmod().

WordPress.WP.AlternativeFunctions.file_system_operations_chmod
ERRORMaintainabilityparse url parse url2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.

WordPress.WP.AlternativeFunctions.parse_url_parse_url
ERRORMaintainabilityNon Enqueued Script2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Scripts must be registered/enqueued via wp_enqueue_script()

WordPress.WP.EnqueuedResources.NonEnqueuedScript
ERRORMaintainabilityNon Enqueued Stylesheet2
Category
Maintainability
Occurrences
2
Severity
error

Sample message

Stylesheets must be registered/enqueued via wp_enqueue_style()

WordPress.WP.EnqueuedResources.NonEnqueuedStylesheet
ERRORSecurityDatabase parameter is not escaped1
Category
Security
Occurrences
1
Severity
error

Sample message

Unescaped parameter $getTest used in $wpdb->get_results()\n$getTest assigned unsafely at line 250.

PluginCheck.Security.DirectDB.UnescapedDBParameter
WARNINGMaintainabilitySchema Change1
Category
Maintainability
Occurrences
1
Severity
warning

Sample message

Attempting a database schema change is discouraged.

WordPress.DB.DirectDatabaseQuery.SchemaChange
ERRORSecurityLike Wildcards In Query1
Category
Security
Occurrences
1
Severity
error

Sample message

SQL wildcards for a LIKE query should be passed in through a replacement parameter. Found: LIKE 'wpinfectlitescan_last_login'.

WordPress.DB.PreparedSQLPlaceholders.LikeWildcardsInQuery
ERRORMaintainabilityDeprecated function: get_userdatabylogin1
Category
Maintainability
Occurrences
1
Severity
error

Sample message

get_userdatabylogin() has been deprecated since WordPress version 3.3.0. Use get_user_by('login') instead.

WordPress.WP.DeprecatedFunctions.get_userdatabyloginFound

External Connections

Potential connections found in static code analysis.

20 domains

Outbound calls

130

External assets

7

Incoming endpoints

8

Notable Domains

apple.com4 · outbound
java.sun.com4 · outbound
abuseipdb.com2 · outbound
fontawesome.io2 · outbound
getbootstrap.com2 · outbound
nvd.nist.gov2 · outbound

Platform / Reference Domains

w3.org98 · platform/reference
github.com3 · platform/reference

External Asset Domains

youtube.com7 · asset

Incoming Endpoints

No public endpoints detected.

Admin AJAX endpoints8
wp_ajax_wpinfectlitescanner_blockipauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_changepageauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_deletewhitelistauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_getscanprocessauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_infeccodegetterauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_infecwhitelistauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_realtimerunauthenticated

wp_ajax

wp_ajax_wpinfectlitescanner_valncheckauthenticated

wp_ajax

Score History

First score snapshot

v1.2.3

31

Latest

Findings
571
Errors
133
Warnings
438
Check
2.0.0

Relationship Map

Author, categories, issues, domains, and nearby plugins.

37 nodes

Related Plugins

Advance Custom HTML – Show Live Code, Share Snippets, Embed Code, and Style Them Your Way.

10k+ active installs

100
Audio Player Block – Advanced Block for Embedding Audio Files

2k+ active installs

100
Block Editor: Reverse Columns on Mobile

500 active installs

100
Block for Mailchimp – Add Email Subscription Forms and Collect Leads

2k+ active installs

100
Breadcrumb Block

3k+ active installs

100
Button Block – Design Stylish, Interactive, and Multi-Functional Buttons

5k+ active installs

100