checks.md

Back to overview

Available Checks

Check	Category	Description	Documentation
i18n_usage	general, plugin_repo	Checks for various internationalization best practices.	Learn more
code_obfuscation	plugin_repo	Detects the usage of code obfuscation tools.	Learn more
plugin_content	plugin_repo	Detects content that does not comply with the WordPress.org plugin guidelines.	Learn more
direct_file_access	security, plugin_repo	Checks that plugin files include proper security validation using the ABSPATH constant to prevent direct file access.	Learn more
file_type	plugin_repo	Detects the usage of hidden and compressed files, VCS directories, application files, badly named files, AI development directories (.cursor, .claude, .aider, .continue, .windsurf, .ai, .github), and unexpected markdown files in plugin root.	Learn more
plugin_header_fields	plugin_repo	Checks adherence to the Headers requirements, including validation of "Tested up to" header matching between plugin file and readme.txt.	Learn more
late_escaping	security, plugin_repo	Checks that all output is escaped before being sent to the browser.	Learn more
safe_redirect	security, plugin_repo	Checks that redirects use wp_safe_redirect() instead of wp_redirect() for security.	Learn more
plugin_updater	plugin_repo	Prevents altering WordPress update routines or using custom updaters, which are not allowed on WordPress.org.	Learn more
plugin_uninstall	plugin_repo	Checks related to plugin uninstallation.	Learn more
external_admin_menu_links	plugin_repo	Detects external URLs used in top-level WordPress admin menu, which disrupts the expected user experience.	Learn more
plugin_review_phpcs	plugin_repo	Runs PHP_CodeSniffer to detect certain best practices plugins should follow for submission on WordPress.org, including heredoc usage detection.	Learn more
direct_db_queries	security, plugin_repo	Checks the usage of direct database queries, which should be avoided.	Learn more
direct_db	security, plugin_repo	Checks the escaping in direct database queries.	Learn more
performant_wp_query_params	performance	Checks for potentially slow database queries when using WP_Query	Learn more
enqueued_scripts_in_footer	performance	Checks whether a loading strategy is explicitly set for JavaScript files, as loading scripts in the footer is usually desired.	Learn more
enqueued_resources	plugin_repo, performance	Checks whether scripts and styles are properly enqueued using the recommended way.	Learn more
plugin_readme	plugin_repo	Checks adherence to the readme.txt requirements.	Learn more
localhost	plugin_repo	Detects the usage of Localhost/127.0.0.1 in the plugin.	Learn more
minified_files	plugin_repo	Detects minified PHP files and tokenization errors.	Learn more
no_unfiltered_uploads	plugin_repo	Detects disallowed usage of ALLOW_UNFILTERED_UPLOADS.	Learn more
trademarks	plugin_repo	Checks the usage of trademarks or other projects in the plugin slug.	Learn more
offloading_files	plugin_repo	Prevents using remote services that are not necessary.	Learn more
setting_sanitization	plugin_repo	Ensures sanitization in register_setting().	Learn more
prefixing	plugin_repo	Checks plugin for unique prefixing for everything the plugin defines in the public namespace.	Learn more
enqueued_scripts_size	performance	Checks whether the cumulative size of all scripts enqueued on a page exceeds 293 KB.	Learn more
enqueued_styles_size	performance	Checks whether the cumulative size of all stylesheets enqueued on a page exceeds 293 KB.	Learn more
enqueued_styles_scope	performance	Checks whether any stylesheets are loaded on all pages, which is usually not desirable and can lead to performance issues.	Learn more
enqueued_scripts_scope	performance	Checks whether any scripts are loaded on all pages, which is usually not desirable and can lead to performance issues.	Learn more
non_blocking_scripts	performance	Checks whether scripts and styles are enqueued using a recommended loading strategy.	Learn more