[WordPress] 外掛分享: PreFlight Scanner

首頁外掛目錄 › PreFlight Scanner
WordPress 外掛 PreFlight Scanner 的封面圖片
全新外掛
安裝啟用
尚無評分
21 天前
最後更新
問題解決
WordPress 5.9+ PHP 7.4+ v1.0.3 上架:2026-06-28

外掛標籤

開發者團隊

⬇ 下載最新版 (v1.0.3) 或搜尋安裝

① 下載 ZIP → 後台「外掛 › 安裝外掛 › 上傳外掛」
② 後台搜尋「PreFlight Scanner」→ 直接安裝(推薦)
📦 歷史版本下載

原文外掛簡介

PreFlight Scanner lets you upload any plugin .zip and run a comprehensive static safety scan before it ever touches your live WordPress environment. No plugin code is executed during the scan.
One bad plugin can white-screen an entire e-commerce store. PreFlight catches the problems before they happen.
What PreFlight Scanner checks
Version Compatibility

PHP version compatibility — reads the plugin header and detects modern syntax your server cannot run (match expressions, nullsafe operators, typed properties, arrow functions, etc.)
WordPress version compatibility — validates Requires At Least and Tested Up To headers against the running site

Collision Detection

Function name collisions — detects global functions that already exist in the active environment; a guaranteed PHP fatal error
Class name collisions — same result, often harder to diagnose
Hook priority conflicts — two plugins registering the same add_filter() hook at the same priority silently overwrite each other’s return value; a common source of checkout and pricing bugs on WooCommerce sites

Security — Critical

Obfuscated and malicious code patterns (eval/base64, compressed payloads, preg_replace /e modifier, large base64 blobs)
Dangerous PHP functions — shell_exec, exec, system, passthru, proc_open, popen, pcntl_exec
Suspicious file types inside the ZIP — .exe, .sh, .bat, .cmd, .py, .rb, .pl, .vbs

Warnings & Best Practices

Missing PHP namespaces — files that define global functions or classes without a namespace declaration are at elevated collision risk as the site grows
Deprecated WordPress functions — code that generates notices or breaks on current and future WordPress versions
Suspicious outbound HTTP calls — wp_remote_get/post(), curl_exec(), file_get_contents() with hardcoded external URLs
Direct database queries — raw $wpdb->query() and string-concatenated SELECT statements that risk SQL injection
Missing nonce and capability checks — files that read $_POST/$_GET without check_admin_referer() or current_user_can()

After the scan

ALL CLEAR — one click to install immediately, then activate from the Plugins page.
WARNINGS FOUND — advisory issues; review and decide whether to proceed.
CRITICAL ISSUES — a confirmation dialog warns you before proceeding; installing is strongly discouraged.

Privacy
PreFlight Scanner performs all analysis locally on your own server. No data is sent anywhere. No external HTTP requests are made.
PreFlight Pro
Upgrade to PreFlight Pro for continuous monitoring of your already-installed plugins:

Scheduled background scans — automatically re-scan all active plugins daily or weekly
Site risk score — dashboard widget with a 0–100 risk score across all active plugins
WooCommerce hook rules — deeper conflict detection for checkout, cart, pricing, and payment hooks
Scan history — every scan saved and browsable with full results
Email alerts — get notified when a scheduled scan finds critical issues or warnings
CSV export — export scan history for client reports

Lite ($39 / 1 site) • Plus ($79 / 3 sites) • Pro ($149 / unlimited sites)

延伸相關外掛

文章
Filter
Mastodon