
外掛標籤
開發者團隊
原文外掛簡介
PreFlight Scanner lets you upload any plugin .zip and run a comprehensive static safety scan before it ever touches your live WordPress environment. No plugin code is executed during the scan.
One bad plugin can white-screen an entire e-commerce store. PreFlight catches the problems before they happen.
What PreFlight Scanner checks
Version Compatibility
PHP version compatibility — reads the plugin header and detects modern syntax your server cannot run (match expressions, nullsafe operators, typed properties, arrow functions, etc.)
WordPress version compatibility — validates Requires At Least and Tested Up To headers against the running site
Collision Detection
Function name collisions — detects global functions that already exist in the active environment; a guaranteed PHP fatal error
Class name collisions — same result, often harder to diagnose
Hook priority conflicts — two plugins registering the same add_filter() hook at the same priority silently overwrite each other’s return value; a common source of checkout and pricing bugs on WooCommerce sites
Security — Critical
Obfuscated and malicious code patterns (eval/base64, compressed payloads, preg_replace /e modifier, large base64 blobs)
Dangerous PHP functions — shell_exec, exec, system, passthru, proc_open, popen, pcntl_exec
Suspicious file types inside the ZIP — .exe, .sh, .bat, .cmd, .py, .rb, .pl, .vbs
Warnings & Best Practices
Missing PHP namespaces — files that define global functions or classes without a namespace declaration are at elevated collision risk as the site grows
Deprecated WordPress functions — code that generates notices or breaks on current and future WordPress versions
Suspicious outbound HTTP calls — wp_remote_get/post(), curl_exec(), file_get_contents() with hardcoded external URLs
Direct database queries — raw $wpdb->query() and string-concatenated SELECT statements that risk SQL injection
Missing nonce and capability checks — files that read $_POST/$_GET without check_admin_referer() or current_user_can()
After the scan
ALL CLEAR — one click to install immediately, then activate from the Plugins page.
WARNINGS FOUND — advisory issues; review and decide whether to proceed.
CRITICAL ISSUES — a confirmation dialog warns you before proceeding; installing is strongly discouraged.
Privacy
PreFlight Scanner performs all analysis locally on your own server. No data is sent anywhere. No external HTTP requests are made.
PreFlight Pro
Upgrade to PreFlight Pro for continuous monitoring of your already-installed plugins:
Scheduled background scans — automatically re-scan all active plugins daily or weekly
Site risk score — dashboard widget with a 0–100 risk score across all active plugins
WooCommerce hook rules — deeper conflict detection for checkout, cart, pricing, and payment hooks
Scan history — every scan saved and browsable with full results
Email alerts — get notified when a scheduled scan finds critical issues or warnings
CSV export — export scan history for client reports
Lite ($39 / 1 site) • Plus ($79 / 3 sites) • Pro ($149 / unlimited sites)
