Merge pull request #1138 from WordPress/chore/v1-8

Release Plugin Check 1.8.0

Co-authored-by: davidperezgar <davidperez@git.wordpress.org>
Co-authored-by: frantorres <frantorres@git.wordpress.org>
Co-authored-by: ernilambar <nilambar@git.wordpress.org>

Author: 4 people

docs/checks.md

@@ -6,13 +6,14 @@
 | --- | --- | --- | --- |
 | i18n_usage | general, plugin_repo | Checks for various internationalization best practices. | [Learn more](https://developer.wordpress.org/plugins/internationalization/how-to-internationalize-your-plugin/) |
 | code_obfuscation | plugin_repo | Detects the usage of code obfuscation tools. | [Learn more](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/) |
+| direct_file_access | security, plugin_repo | Checks that plugin files include proper security validation using the ABSPATH constant to prevent direct file access. | [Learn more](https://developer.wordpress.org/plugins/plugin-basics/best-practices/#file-security) |
 | file_type | plugin_repo | Detects the usage of hidden and compressed files, VCS directories, application files, badly named files, AI development directories (.cursor, .claude, .aider, .continue, .windsurf, .ai, .github), and unexpected markdown files in plugin root. | [Learn more](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/) |
-| plugin_header_fields | plugin_repo | Checks adherence to the Headers requirements. | [Learn more](https://developer.wordpress.org/plugins/plugin-basics/header-requirements/) |
+| plugin_header_fields | plugin_repo | Checks adherence to the Headers requirements, including validation of "Tested up to" header matching between plugin file and readme.txt. | [Learn more](https://developer.wordpress.org/plugins/plugin-basics/header-requirements/) |
 | late_escaping | security, plugin_repo | Checks that all output is escaped before being sent to the browser. | [Learn more](https://developer.wordpress.org/apis/security/escaping/) |
 | safe_redirect | security, plugin_repo | Checks that redirects use wp_safe_redirect() instead of wp_redirect() for security. | [Learn more](https://developer.wordpress.org/reference/functions/wp_safe_redirect/) |
 | nonce_verification | security, plugin_repo | Checks for proper usage of <code>wp_verify_nonce()</code> to prevent CSRF vulnerabilities. | [Learn more](https://developer.wordpress.org/apis/security/nonces/) |
 | plugin_updater | plugin_repo | Prevents altering WordPress update routines or using custom updaters, which are not allowed on WordPress.org. | [Learn more](https://developer.wordpress.org/plugins/wordpress-org/detailed-plugin-guidelines/) |
-| plugin_review_phpcs | plugin_repo | Runs PHP_CodeSniffer to detect certain best practices plugins should follow for submission on WordPress.org. | [Learn more](https://developer.wordpress.org/plugins/plugin-basics/best-practices/) |
+| plugin_review_phpcs | plugin_repo | Runs PHP_CodeSniffer to detect certain best practices plugins should follow for submission on WordPress.org, including heredoc usage detection. | [Learn more](https://developer.wordpress.org/plugins/plugin-basics/best-practices/) |
 | direct_db_queries | security, plugin_repo | Checks the usage of direct database queries, which should be avoided. | [Learn more](https://developer.wordpress.org/apis/database/) |
 | direct_db | security, plugin_repo | Checks the escaping in direct database queries. | [Learn more](https://developer.wordpress.org/apis/database/) |
 | performant_wp_query_params | performance | Checks for potentially slow database queries when using <code>WP_Query</code> | [Learn more](https://developer.wordpress.org/apis/database/) |

plugin.php

@@ -5,7 +5,7 @@
  * Description: Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.
  * Requires at least: 6.3
  * Requires PHP: 7.4
- * Version: 1.7.0
+ * Version: 1.8.0
  * Author: WordPress Performance Team and Plugin Review Team
  * License: GPLv2 or later
  * License URI: https://www.gnu.org/licenses/old-licenses/gpl-2.0.html
@@ -16,7 +16,7 @@
 
 use WordPress\Plugin_Check\Plugin_Main;
 
-define( 'WP_PLUGIN_CHECK_VERSION', '1.7.0' );
+define( 'WP_PLUGIN_CHECK_VERSION', '1.8.0' );
 define( 'WP_PLUGIN_CHECK_MINIMUM_PHP', '7.4' );
 define( 'WP_PLUGIN_CHECK_MAIN_FILE', __FILE__ );
 define( 'WP_PLUGIN_CHECK_PLUGIN_DIR_PATH', plugin_dir_path( WP_PLUGIN_CHECK_MAIN_FILE ) );

readme.txt

@@ -2,7 +2,7 @@
 
 Contributors:      wordpressdotorg
 Tested up to:      6.9
-Stable tag:        1.7.0
+Stable tag:        1.8.0
 License:           GPLv2 or later
 License URI:       https://www.gnu.org/licenses/gpl-2.0.html
 Tags:              plugin best practices, testing, accessibility, performance, security
@@ -28,6 +28,19 @@ Keep in mind that this plugin is not a replacement for the manual review process
 
 Even if you do not intend to host your plugin in the WordPress.org directory, you are encouraged to use Plugin Check so that your plugin follows the base requirements and best practices for WordPress plugins.
 
+**Plugin Namer Tool**
+
+Plugin Check now includes an AI-powered Plugin Namer tool (accessible via _Tools > Plugin Check Namer_) that helps plugin authors evaluate plugin names before submission. This tool checks for:
+
+* Similarity to existing plugins in the WordPress.org directory
+* Potential trademark conflicts with well-known brands
+* Compliance with WordPress plugin naming guidelines
+* Generic or overly broad naming issues
+
+The Plugin Namer provides instant feedback with actionable suggestions, helping you choose a clear, unique, and policy-compliant name that stands out in the plugin directory. This feature requires AI provider configuration in the settings.
+
+**Important:** The Plugin Namer tool provides guidance only and is not definitive. All plugin name decisions are subject to final review and approval by the WordPress.org Plugins team reviewers.
+
 == Installation ==
 
 = Installation from within WordPress =
@@ -68,6 +81,19 @@ In any case, passing the checks in this tool likely helps to achieve a smooth pl
 
 == Changelog ==
 
+= 1.8.0 =
+
+* Enhancement - Add AI-powered Plugin Namer tool to evaluate plugin names for trademark conflicts and naming best practices.
+* Enhancement - Add AI Instructions Detection Check to identify AI tool configuration files and development-only directories.
+* Enhancement - Add support for exporting check results in CSV, JSON, and Markdown formats.
+* Enhancement - Add check type filter to allow filtering results by errors and warnings.
+* Enhancement - Add Direct File Access check to ensure proper security validation with ABSPATH constant.
+* Enhancement - Add check for mismatched "Tested up to" header between plugin header and readme.txt.
+* Enhancement - Update trademark check to remove acronym exceptions and improve flexibility.
+* Enhancement - Add heredoc sniff to detect and restrict heredoc usage (nowdoc allowed).
+* Fix - Update Playground integration blueprint for compatibility.
+* Fix - Force correct plugin slug detection in WP-CLI command.
+
 = 1.7.0 =
 
 * Enhancement - Add Minified File Detection Check to identify and handle minified files in plugins.