Description
Plugin Check is a tool for testing whether your plugin meets the required standards for the www.ads-software.com plugin directory. With this plugin you will be able to run most of the checks used for new submissions, and check if your plugin meets the requirements.
Additionally, the tool flags violations or concerns around plugin development best practices, from basic requirements like correct usage of internationalization functions to accessibility, performance, and security best practices.
The checks can be run either using the WP Admin user interface or WP-CLI:
- To check a plugin using WP Admin, please navigate to the Tools > Plugin Check menu. You need to be able to manage plugins on your site in order to access that screen.
- To check a plugin using WP-CLI, please use the
wp plugin check
command. For example, to check the “Hello Dolly” plugin:wp plugin check hello.php
- Note that by default when using WP-CLI, only static checks can be executed. In order to also include runtime checks, a workaround is currently necessary using the
--require
argument of WP-CLI, to manually load thecli.php
file within the plugin checker directory before WordPress is loaded. For example:wp plugin check hello.php --require=./wp-content/plugins/plugin-check/cli.php
- You could use arbitrary path or URL to check a plugin. For example, to check a plugin from a URL:
wp plugin check https://example.com/plugin.zip
or to check a plugin from a path:wp plugin check /path/to/plugin
- Note that by default when using WP-CLI, only static checks can be executed. In order to also include runtime checks, a workaround is currently necessary using the
The checks are grouped into several categories, so that you can customize which kinds of checks you would like to run on a plugin.
Keep in mind that this plugin is not a replacement for the manual review process, but it will help you speed up the process of getting your plugin approved for the www.ads-software.com plugin repository, and it will also help you avoid some common mistakes.
Even if you do not intend to host your plugin in the www.ads-software.com directory, you are encouraged to use Plugin Check so that your plugin follows the base requirements and best practices for WordPress plugins.
Installation
Installation from within WordPress
- Visit Plugins > Add New.
- Search for Plugin Check.
- Install and activate the Plugin Check plugin.
Manual installation
- Upload the entire
plugin-check
folder to the/wp-content/plugins/
directory. - Visit Plugins.
- Activate the Plugin Check plugin.
FAQ
-
Where can I contribute to the plugin?
-
All development for this plugin is handled via GitHub any issues or pull requests should be posted there.
-
What if the plugin reports something that’s correct as an “error” or “warning”?
-
We strive to write a plugin in a way that minimizes false positives but if you find one, please report it in the GitHub repo. For certain false positives, such as those detected by PHPCodeSniffer, you may be able to annotate the code to ignore the specific problem for a specific line.
-
Why does it flag something as bad?
-
It’s not flagging “bad” things, as such. Plugin Check is designed to be a non-perfect way to test for compliance with the Plugin Review guidelines, as well as additional plugin development best practices in accessibility, performance, security and other areas. Not all plugins must adhere to these guidelines. The purpose of the checking tool is to ensure that plugins uploaded to the central www.ads-software.com plugin repository meet the latest standards of WordPress plugin and will work on a wide variety of sites.
Many sites use custom plugins, and that’s perfectly okay. But plugins that are intended for use on many different kinds of sites by the public need to have a certain minimum level of capabilities, in order to ensure proper functioning in many different environments. The Plugin Review guidelines are created with that goal in mind.
This plugin checker is not perfect, and never will be. It is only a tool to help plugin authors, or anybody else who wants to make their plugin more capable. All plugins submitted to www.ads-software.com are hand-reviewed by a team of experts. The automated plugin checker is meant to be a useful tool only, not an absolute system of measurement.
-
Does a plugin need to pass all checks to be approved in the www.ads-software.com plugin directory?
-
To be approved in the www.ads-software.com plugin directory, a plugin must typically pass all checks in the “Plugin repo” category. Other checks are additional and may not be required to pass.
In any case, passing the checks in this tool likely helps to achieve a smooth plugin review process, but is no guarantee that a plugin will be approved in the www.ads-software.com plugin directory.
Reviews
Contributors & Developers
“Plugin Check (PCP)” is open source software. The following people have contributed to this plugin.
Contributors“Plugin Check (PCP)” has been translated into 11 locales. Thank you to the translators for their contributions.
Translate “Plugin Check (PCP)” into your language.
Interested in development?
Browse the code, check out the SVN repository, or subscribe to the development log by RSS.
Changelog
1.2.0
- Enhacement – Added a check for badly used names in files.
- Enhancement – Increased severity for
BacktickOperator
,DisallowShortOpenTag
,DisallowAlternativePHPTags
,RestrictedClasses
, andRestrictedFunctions
. - Enhancement – Added security checks to the Plugin repository category.
- Enhancement – Allowed
runtime-set
in code sniffer checks. - Enhancement – Changed warnings to errors in plugin header checks.
- Enhancement – Detect forbidden plugin headers such as repository URIs in the Directory.
- Enhancement – Added a new check for development functions that are not allowed in final plugins.
- Enhancement – Created new images and icons for the plugin.
- Enhancement – Introduced a slug argument in the CLI.
- Enhancement – Added a check for discouraged PHP functions.
- Enhancement – Added validation for Contributors in the readme file.
- Enhancement – Added a warning for mismatched plugin names in the plugin header and readme file.
- Enhancement – Checked for validation of Plugin Header fields: Name, Plugin URI, Description, Author URI, Requires at least, Requires PHP, and Requires Plugins.
- Enhancement – Added a warning if the “Tested up to” value in the readme file exceeds the released version of WordPress.
- Fix – Display a success message if no errors or warnings are found.
- Fix – Made table results responsive.
- Fix – Prevent proceeding to the next check if the Stable Tag value is set to
trunk
. - Fix – Allow runtime initialization even when only add-on checks are requested.
- Fix – Fixed an SPDX warning for the
GPL version 3
license. - Fix – Prevent runtime checks in the CLI context when they cannot be used.
1.1.0
- Feature – New
Non_Blocking_Scripts_Check
(non_blocking_scripts
) runtime check to warn about enqueued scripts that use neitherdefer
norasync
. - Enhancement – Changed the namespace of included checks.
- Enhancement – Introduced severity levels for all errors and warnings.
- Enhancement – CLI: Support checking a plugin from a path or URL.
- Enhancement – Added short descriptions and URLs for each check.
- Enhancement – Improved messaging in check results.
- Enhancement – Updated code obfuscation check with more accurate results.
- Enhancement – Updated plugin review check to flag missing input sanitization (
WordPress.Security.ValidatedSanitizedInput
). - Fix – Improve readme checks to exclude invalid files.
- Fix – Only show edit link if files are actually editable.
1.0.2
- Feature – New
Enqueued_Scripts_Scope_Check
(enqueued_scripts_scope
),Enqueued_Styles_Size_Check
(enqueued_styles_size
) andEnqueued_Resources_Check
(enqueued_resources
) performance checks. - Enhancement – Improved readme check and added a new
wp_plugin_check_ignored_readme_warnings
filter. - Enhancement – New
wp_plugin_check_default_categories
filter to change the categories which are selected by default. - Enhancement – New
wp_plugin_check_ignore_files
filter to allow ignoring specific files. - Fix – Correct detection of readme files in Windows by normalizing file paths.
1.0.1
- Fix – Add missing
test-content
folder needed for runtime checks. - Fix – Do not send emails when setting up test environment.
- Fix – Prevent PHP warning when the
argv
variable isn’t set.
1.0.0
- Feature – Complete overhaul of the plugin, its architecture, and all checks.
- Feature – Added new WP-CLI commands for running checks and listing available options.
- Enhancement – Added option to only run checks for a specific category.
0.2.3
- Tweak – Use version 3.8.0 of the PHP_CodeSniffer library, moving away from
squizlabs/PHP_CodeSniffer
to usePHPCSStandards/PHP_CodeSniffer
. - Fix – Ensure the plugin works as expected on the WP playground environment to enable reviewers to use PCP. Props @tellyworth.
- Fix – Undefined array key “argv” when running the plugin check in certain environments. Props @afragen. #340
0.2.2
- Enhancement – Include support for Windows Servers.
- Enhancement – Avoid using PHP CLI directly, which enables plugin developers to use PCP in a variety of new environments.
- Fix – Remove dependency on
shell_exec
andexec
functions, which enables plugin developers to use PCP in a variety of new environments. - Fix – Prevent problems with Readme parser warning related to
contributor_ignored
for when running the check outside WP.org. Props @dev4press. #276 - Fix – Remove extra period on the end of the sentence for Phar warning. Props @pixolin. #275
0.2.1
- Added – ‘View in code editor’ link beneath each PHPCS error or warning. Props @EvanHerman, @westonruter, @felixarntz, @mukeshpanchal27 #262
- Fix – Ensure
readme.txt
has priority overreadme.md
when both are present. Props @bordoni, @afragen #258 - Fix – Ensure that the PHPCS check runs even when the PHPCS binary is not executable. Props @bordoni, @shawn-digitalpoint, @mrfoxtalbot #254
- Fix – Readme changes and typos. Props @aaronjorbin. #261
- Fix – Long lines of code with PHPCS check no longer expand over the size of the notice. Props @bordoni, @felixarntz. #263
- Fix – Ensure that we have PHP 7.2 compatibility remove trailing comma. Props @bordoni, @leoloso. #265
- Fix – Include all strings that were missed in the previous release. Props @bordoni, @pixolin. #270
0.2.0
- Feature – Enable modification of the PHP Binary path used by the plugin with
PLUGIN_CHECK_PHP_BIN
constant. - Feature – Include a check for the usage of
ALLOW_UNFILTERED_UPLOADS
on any PHP files – Props EvanHerman at #45 - Feature – Include a check for the presence of the application files (
.a
,.bin
,.bpk
,.deploy
,.dist
,.distz
,.dmg
,.dms
,.DS_Store
,.dump
,.elc
,.exe
,.iso
,.lha
,.lrf
,.lzh
,.o
,.obj
,.phar
,.pkg
,.sh
, ‘.so`) – Props EvanHerman at #43 - Feature – Include a check for the presence of the readme.txt or readme.md file – Props EvanHerman at #42
- Fix – Ensure that Readme parsing is included properly when a readme.md or readme.txt file is present. Props Bordoni #52
- Tweak – Disallow functions
move_uploaded_file
,passthru
,proc_open
– Props alexsanford at #50 - Tweak – Change the message type for using functions WordPress already includes from Warning to Error. Props davidperezgar at #18
- Tweak – Change the message type for incorrect usage of Stable tag from Notice/Warning to Error. Props davidperezgar at #3
[0.1] 2011-09-04
Original version of the plugin check tool, not a released version of the plugin, this changelog is here for historical purposes only.