GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → Automattic → Vip Scanner

Automattic / Vip Scanner

Deprecated: Scan all sorts of themes and files and things! Use PHPCS and the VIP coding standards instead

Labels

wordpressdeprecated

Projects that are alternatives of or similar to Vip Scanner

Vip Quickstart
Retired
Stars: ✭ 268 (+87.41%)
Mutual labels:  wordpress, deprecated
Navi
A developer-friendly alternative to the WordPress NavWalker.
Stars: ✭ 140 (-2.1%)
Mutual labels:  wordpress
Fragment Cache
WordPress plugin for partial and async caching.
Stars: ✭ 135 (-5.59%)
Mutual labels:  wordpress
Google Docs Add On
Publish to WordPress from Google Docs
Stars: ✭ 140 (-2.1%)
Mutual labels:  wordpress
Wprecon
WPrecon (WordPress Recon), is a vulnerability recognition tool in CMS Wordpress, developed in Go and with scripts in Lua.
Stars: ✭ 135 (-5.59%)
Mutual labels:  wordpress
Wp Api Menus
🔡 Menu routes for WordPress JSON REST API.
Stars: ✭ 140 (-2.1%)
Mutual labels:  wordpress
Wp Tailwind
A WordPress starter theme that utilizes Tailwind + PurgeCSS.
Stars: ✭ 135 (-5.59%)
Mutual labels:  wordpress
Bootstrap Blocks Wordpress Plugin
Bootstrap Gutenberg Blocks for WordPress
Stars: ✭ 143 (+0%)
Mutual labels:  wordpress
Activello
WordPress Bootstrap blog theme with doeznes of options using WordPress Customizer
Stars: ✭ 141 (-1.4%)
Mutual labels:  wordpress
Health Check
Health Check is a WordPress plugin that will perform a number of checks on your WordPress install to detect common configuration errors and known issues.
Stars: ✭ 139 (-2.8%)
Mutual labels:  wordpress
Core
All of the required core code
Stars: ✭ 139 (-2.8%)
Mutual labels:  wordpress
Image Optimize Command
Easily optimize images using WP CLI
Stars: ✭ 138 (-3.5%)
Mutual labels:  wordpress
Wp Toolbelt
A lightweight, multi-purpose, WordPress plugin with a focus on privacy and speed
Stars: ✭ 141 (-1.4%)
Mutual labels:  wordpress
Wordpress Scanner
Wordpress Vulnerability Scanner
Stars: ✭ 137 (-4.2%)
Mutual labels:  wordpress
Wonolog
Monolog-based logging package for WordPress.
Stars: ✭ 142 (-0.7%)
Mutual labels:  wordpress
React With Wordpress
🔥 Example of react application to access WordPress REST API
Stars: ✭ 137 (-4.2%)
Mutual labels:  wordpress
Httpserver.jl
DEPRECATED! Basic, non-blocking HTTP server in Julia.
Stars: ✭ 138 (-3.5%)
Mutual labels:  deprecated
Setup Ghost Blog
Script to install your own Ghost blog, with Nginx and ModSecurity/Naxsi web application firewall. Supports multiple blogs.
Stars: ✭ 140 (-2.1%)
Mutual labels:  wordpress
Live Composer Page Builder
Free page builder plugin for WordPress http://livecomposerplugin.com
Stars: ✭ 143 (+0%)
Mutual labels:  wordpress
Data.gov
Data.gov source code and issue tracker
Stars: ✭ 1,856 (+1197.9%)
Mutual labels:  wordpress
View All Similar Projects ➔

VIP Scanner Build Status

DEPRECATED: This plugin is no longer used by VIP, instead, use PHP Code Sniffer with the VIP Coding standards available here

A WordPress plugin that enables you to scan all sorts of themes and files and things.

Contributors: Mohammad Jangda, Automattic, Thorsten Ott, Michael Fields, Filipe Varela, Josh Betz, Mike Blouin, Nick Daugherty and Fränk Klein.

Requires WordPress version 3.4 or greater and PHP >= 5.4.

About

The plugin itself is simply a UI for the VIP Scanner library, which does all the heavy lifting. The library allows you to create arbitrary "Checks" (e.g. UndefinedFunctionCheck), group them together as Reviews (e.g. WP.com Theme Review), and run them against themes, plugins, directories, single files, and even diffs.

This plugin is based on code from the Theme Check (written by Pross and Otto42) and Exploit Scanner (written by donncha) plugins.

Requirements

For parsing PHP files, VIP Scanner uses PHP-Parser, which it includes as a git submodule. When cloning VIP Scanner's git repo, use the --recursive parameter to include PHP-Parser, i.e. git clone --recursive [email protected]:Automattic/vip-scanner.git If you have already cloned the repo without the --recursive parameter and find yourself with an empty vendor/PHP-Parser directory, run git submodule update --init --recursive.

Installation

  1. Upload the plugin folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress

or

Install using the Plugin Installer.

Usage

You can find the tool under Tools > VIP Scanner. There, you can choose what type of scan you'd like to perform -- there's a dropdown list on the right hand side, just next to the "Scan" button.

The dropdown allows you to choose between three types of scan:

  1. Undefined Function Check
  2. WP.com Theme Review
  3. VIP Theme Review

Once you have selected a scan type, you can hit the "Scan" button and see the results in the tabbed view below.

WP-CLI

If you prefer to use the wp-cli tool for your check, there's a vip-scanner command with two main actions:

  1. analyze-theme
  2. scan-theme
$ wp vip-scanner
usage: wp vip-scanner analyze-theme [--theme=<theme>] [--scan_type=<scan-type>] [--depth=<depth>]
   or: wp vip-scanner scan-theme [--theme=<theme>] [--scan_type=<scan_type>] [--summary] [--format=<format>]
  • --theme is the theme's path relative to the WP themes directory, for example, vip/test-theme or pub/twentyfourteen. Defaults to the current theme.
  • --scan_type expects one of the following options: "Undefined Function Check", "WP.com Theme Review" or "VIP Theme Review". Defaults to "VIP Theme Review".
  • --depth expects an integer. You can change the parameter to indicate how many levels of hierarchy you would like outputted. 0 outputs everything. Defaults to 1.
  • --summary gives you just an overview of how many files were checked, how many checks were done and how many errors, warnings and blockers were found.
  • --format allows you to select a output format: table, JSON, CSV. Defaults to table.

Changelog

0.8

  • Modified check for pre_option_* to also include option_*

0.7

  • Modified analyzer to use PHP tokens rather than regular expressions
  • New checks, including white/blacklist checking for file types and names
  • Added basic async scanning as an admin bar node
  • WP CLI scan commands now support paths in addition to theme slugs
  • WP CLI scan_type argument is now optional

0.6

  • Analysis tab for analysing functions, classes, namespaces, shortcodes, actions, filters, capabilities, roles, CPTs, taxonomies, scripts, and styles.
  • WP CLI command for analysis: wp vip-scanner analyze-theme
  • New checks, including VCMergeConflictCheck, WordPressCodingStandardsCheck
  • PHP Code Sniffer integration using the WordPress Coding Standards
  • Check improvements: VIPRestrictedCommandsCheck, VIPRestrictedPatternsCheck, PHPShortTagsCheck
  • Added unit testing for some tests

0.5

  • ClamAV Integration
  • New checks, including VIPInitCheck, filter_input, WP_Widget_Tag_Cloud, and more!
  • WP CLI Support (using vip-scanner command)
  • Reducing false positives
  • Adjusting severity of several checks

0.4

  • UI Refresh
  • Exports
  • Auto scan

0.3

  • Various bug fixes, including preventing the annoying upgrade nag between the main VIP Scanner plugin and WP.com Rules.

0.2

  • New checks and scans! VIP_PregFile, EscapingCheck, etc.
  • PHP 5.2 compatibility, props kevinmcgillivray and chrisguitarguy
  • Bump WP version requirement (3.4)
  • Code cleanup, props lance

0.1

  • Initial version, using slightly older versions of the Theme Check plugin's checks.
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].