Scans plugin files for matches to custom regex patterns. Useful for checking whether your plugins don’t do anything shady.
Default search patterns match the following:
- Exploitable PHP and JS functions and HTML tags
- Code (de)obfuscation
- Remote requests (including pingbacks, trackbacks and mail sending)
- Filesystem modification
- Direct database queries
- User creation
- Inline and enqueued scripts
- Unicode and ASCII character literals, integer literals
- URL addresses
- Strings containing “swf”
- Google Analytics and AdSense IDs
This plugin is available for download to be used on your WordPress self-hosted installation.