Описание

Проверка плагинов – это инструмент для проверки соответствия вашего плагина стандартам, предъявляемым к каталогу плагинов WordPress.org. С помощью этого плагина вы сможете запустить большинство проверок, используемых для новых материалов, и проверить, соответствует ли ваш плагин требованиям.

Кроме того, инструмент выявляет нарушения или проблемы, связанные с лучшими практиками разработки плагинов, от базовых требований, таких как правильное использование функций интернационализации, до доступности, производительности и лучших практик безопасности.

Проверки можно запускать как через панель администратора WP, так и через WP-CLI:

To check a plugin using WP Admin, please navigate to the Tools > Plugin Check menu. You need to be able to manage plugins on your site in order to access that screen.
To check a plugin using WP-CLI, please use the wp plugin check command. For example, to check the «Hello Dolly» plugin: wp plugin check hello.php
- Note that by default when using WP-CLI, only static checks can be executed. In order to also include runtime checks, a workaround is currently necessary using the --require argument of WP-CLI, to manually load the cli.php file within the plugin checker directory before WordPress is loaded. For example: wp plugin check hello.php --require=./wp-content/plugins/plugin-check/cli.php
- You could use arbitrary path or URL to check a plugin. For example, to check a plugin from a URL: wp plugin check https://example.com/plugin.zip or to check a plugin from a path: wp plugin check /path/to/plugin

The checks are grouped into several categories, so that you can customize which kinds of checks you would like to run on a plugin.

Keep in mind that this plugin is not a replacement for the manual review process, but it will help you speed up the process of getting your plugin approved for the WordPress.org plugin repository, and it will also help you avoid some common mistakes.

Even if you do not intend to host your plugin in the WordPress.org directory, you are encouraged to use Plugin Check so that your plugin follows the base requirements and best practices for WordPress plugins.

Установка

Установка с помощью WordPress

Перейдите в Плагины > Добавить новый.
Найдите Plugin Check.
Установите и активируйте плагин Проверка плагинов.

Ручная установка

Загрузите всю папку plugin-check в каталог /wp-content/plugins/.
Перейдите в Плагины.
Активируйте плагин Проверка плагинов.

Часто задаваемые вопросы

Где я могу внести свой вклад в разработку плагина?

All development for this plugin is handled via GitHub any issues or pull requests should be posted there.

Что делать, если плагин сообщает об ошибке или предупреждении?

We strive to write a plugin in a way that minimizes false positives but if you find one, please report it in the GitHub repo. For certain false positives, such as those detected by PHPCodeSniffer, you may be able to annotate the code to ignore the specific problem for a specific line.

Why does it flag something as bad?

It’s not flagging «bad» things, as such. Plugin Check is designed to be a non-perfect way to test for compliance with the Plugin Review guidelines, as well as additional plugin development best practices in accessibility, performance, security and other areas. Not all plugins must adhere to these guidelines. The purpose of the checking tool is to ensure that plugins uploaded to the central WordPress.org plugin repository meet the latest standards of WordPress plugin and will work on a wide variety of sites.

Many sites use custom plugins, and that’s perfectly okay. But plugins that are intended for use on many different kinds of sites by the public need to have a certain minimum level of capabilities, in order to ensure proper functioning in many different environments. The Plugin Review guidelines are created with that goal in mind.

This plugin checker is not perfect, and never will be. It is only a tool to help plugin authors, or anybody else who wants to make their plugin more capable. All plugins submitted to WordPress.org are hand-reviewed by a team of experts. The automated plugin checker is meant to be a useful tool only, not an absolute system of measurement.

Должен ли плагин пройти все проверки, чтобы быть одобренным в каталоге плагинов WordPress.org?

To be approved in the WordPress.org plugin directory, a plugin must typically pass all checks in the «Plugin repo» category. Other checks are additional and may not be required to pass.

In any case, passing the checks in this tool likely helps to achieve a smooth plugin review process, but is no guarantee that a plugin will be approved in the WordPress.org plugin directory.

Отзывы

polyxgo 25.02.2025

This plugin is extremely helpful for developers and is indispensable for reviewing and refining code before release. Thank you to the WordPress team for developing such a truly useful plugin. I have a suggestion regarding the code inspection feature—it would be beneficial to integrate function call analysis. For example, when source code calls intermediary functions that handle nonce verification, sanitization, and other input validations within shared classes, it may result in false positives. This could potentially impact the efficiency of the plugin review process. Overall, this plugin is fantastic for me! Many thanks to the WordPress Team! Warm regards,

Anne-Mieke Bovelett 19.01.2025

I’m working on a Block plugin, for the first time in my life, with the intention to share it in the repo. As I’m walking uncharted territory, The PCP is a real blessing! Thank you, dear Review Team, for creating this.

Njengah 04.01.2025

This plugin is excellent for catching common mistakes before submission. It significantly saves time by reducing the back-and-forth process. I used it for the first time, and I really liked how efficiently it worked.

Samsul Islam Rana 12.12.2024 1 ответ

The best tool for WordPress plugin developers

Carlos Longarela 07.12.2024 1 ответ

This tool is a must for every WordPress plugin developer. You can use phpcs with WordPress standards and other useful tools, but this is an essential step to check your plugin, not only if your intention is to publish to WordPress public repo. Accomplish these standards is a must for everyone who works as plugin developer. Thanks, plugin team, for this powerful tool. Now our developer lives are easier.

Bob 15.11.2024

Run it on any plugin, including popular ones like Woo and you’ll see tons of nonsense «Error» messages about inescaped output. This doesn’t help anyone. These so-called error messages appear even for static text or well trusted data. Just a random example from Woo:The plugin reports «WordPress.Security.EscapeOutput.ExceptionNotEscaped» for this:throw new \Exception( sprintf( __( ‘Could not find classname for order ID %d’, ‘woocommerce’ ), $order_id ) );$order_id is already int, ensured by the function, and additionally %d ensures it cannot output anything dangerous. You have to either make this smart enough to find real issues or remove these nonsense messages entirely.How is this helping anyone?

Посмотреть все 24 отзыва

Участники и разработчики

«Проверка плагинов (PCP)» — проект с открытым исходным кодом. В развитие плагина внесли свой вклад следующие участники:

WordPress.org

«Проверка плагинов (PCP)» переведён на 15 языков. Благодарим переводчиков за их работу.

Перевести «Проверка плагинов (PCP)» на ваш язык.

Заинтересованы в разработке?

Посмотрите код, проверьте SVN репозиторий, или подпишитесь на журнал разработки по RSS.

Журнал изменений

1.4.0

Enhancement — Allow ISC license in the License check.
Enhancement — Added check for use of settings with sanitization callback.
Enhancement — Added —ignore-codes in CLI to introduce a mechanism to ignore specific error codes.
Enhancement — New utils for fetching necessary version info details.
Enhancement — Added check for unsupported plugin name in plugin header field.
Enhancement — Segregate the severity of i18n checks. Make sure that is giving errors in the right context.
Enhancement — Provide more detailed information about checks when the README does not include a tested version or a list of contributors.
Enhancement — Added rules from WPCS to prevent issues with content being sent before headers and warn about the use of Call-time pass-by-reference.
Enhancement — Give more context in the error of check wrong named files.
Enhancement — Simplified PHPUnit setup. Now it does not depend of running inside a WordPress installation.
Enhancement — Added new check for restricted contributors.
Fix — Delete transients in unit tests to avoid false positives.
Fix — Incorrect Tested up to version comparison will make error for two major versions up.
Fix — Excluded the use of functions file_get_contents and file_put_contents in the check to prevent false positives.
Fix — Duplicated error message in the check for wrong named files.
Fix — Use of Json encode wasn’t firing the error message.
Fix — Change error type of NonEnqueuedImage in ImageFunctions sniff from ERROR to WARNING.

1.3.1

Улучшение — Добавлены утилиты версий.
Исправление — Экранирование сообщений об ошибках.
Fix — Renamed error type to ERROR_LOW_SEVERITY and WARNING_LOW_SEVERITY.
Fix — Fix PHPCS checks on unwritable filesystems.

1.3.0

Enhancement — Update disallowed domains for Plugin URI check.
Enhancement — Added new checks for Plugin Header fields: missing plugin description, missing plugin version and invalid plugin version.
Enhancement — New check for validation of donate link in the readme file.
Enhancement — Increased severity for wrong Plugin Requires.
Enhancement — Added check Restrict parse_str() without second argument.
Enhancement — New check for Disallow usage of HEREDOC and NOWDOC.
Enhancement — Added acronyms allowed in Trademark checks.
Enhancement — Added option in CLI to add low severity errors and warnings.
Enhancement — Change error type for License check error codes.
Enhancement — Always use prefixed tables during runtime check requests.
Улучшение — Создан новый класс для проверки лицензий.
Улучшение — Добавлена поддержка лицензии MPL-2.0.
Enhancement — Implement gherkin linter in GH action.
Enhancement — Update check for Contributors in markdown readme files.
Enhancement — CLI: Fix confusing runtime environment setup order.
Enhancement — Allow custom checks to provide installed_paths.
Enhancement — Improved the use of localhost URLs in the Plugin.
Enhancement — Documented checks in the plugin.
Enhancement — Increased severity for Code obfuscation checks.
Enhancement — Diffentiate between no existent readme and default readme file.
Enhancement — Encourage developers to use native functions for loading images in templates.
Enhancement — Added a check for not allowing include libraries already in WordPress core.
Enhancement — Warning for usage of query_posts() in favor of WP_Query.
Fix — Fix for the local environment is set up before testing.
Fix — Fix addon checks not being executed when running runtime checks.
Fix — Allow default as a text domain in the text domain check.
Fix — Allow GitHub URLs in the Plugin URI field.
Fix — Don’t flag Apache license. It’s allowed in the WordPress.org plugin repository.
Fix — Removes the path before the plugin, so it won’t affect to badly named files.

1.2.0

Enhancement — Added a check for badly used names in files.
Enhancement — Increased severity for BacktickOperator, DisallowShortOpenTag, DisallowAlternativePHPTags, RestrictedClasses, and RestrictedFunctions.
Enhancement — Added security checks to the Plugin repository category.
Enhancement — Allowed runtime-set in code sniffer checks.
Enhancement — Changed warnings to errors in plugin header checks.
Enhancement — Detect forbidden plugin headers such as repository URIs in the Directory.
Enhancement — Added a new check for development functions that are not allowed in final plugins.
Улучшение — Созданы новые изображения и иконки для плагина.
Enhancement — Introduced a slug argument in the CLI.
Enhancement — Added a check for discouraged PHP functions.
Enhancement — Added validation for Contributors in the readme file.
Enhancement — Added a warning for mismatched plugin names in the plugin header and readme file.
Enhancement — Checked for validation of Plugin Header fields: Name, Plugin URI, Description, Author URI, Requires at least, Requires PHP, and Requires Plugins.
Enhancement — Added a warning if the «Tested up to» value in the readme file exceeds the released version of WordPress.
Fix — Display a success message if no errors or warnings are found.
Fix — Made table results responsive.
Fix — Prevent proceeding to the next check if the Stable Tag value is set to trunk.
Fix — Allow runtime initialization even when only add-on checks are requested.
Fix — Fixed an SPDX warning for the GPL version 3 license.
Fix — Prevent runtime checks in the CLI context when they cannot be used.

1.1.0

Feature — New Non_Blocking_Scripts_Check (non_blocking_scripts) runtime check to warn about enqueued scripts that use neither defer nor async.
Enhancement — Changed the namespace of included checks.
Enhancement — Introduced severity levels for all errors and warnings.
Enhancement — CLI: Support checking a plugin from a path or URL.
Enhancement — Added short descriptions and URLs for each check.
Улучшение — Улучшено отображение сообщений в результатах проверки.
Enhancement — Updated code obfuscation check with more accurate results.
Enhancement — Updated plugin review check to flag missing input sanitization (WordPress.Security.ValidatedSanitizedInput).
Fix — Improve readme checks to exclude invalid files.
Исправление — Показывать ссылку редактирования только если файлы действительно можно редактировать.

1.0.2

Feature — New Enqueued_Scripts_Scope_Check (enqueued_scripts_scope), Enqueued_Styles_Size_Check (enqueued_styles_size) and Enqueued_Resources_Check (enqueued_resources) performance checks.
Enhancement — Improved readme check and added a new wp_plugin_check_ignored_readme_warnings filter.
Enhancement — New wp_plugin_check_default_categories filter to change the categories which are selected by default.
Enhancement — New wp_plugin_check_ignore_files filter to allow ignoring specific files.
Fix — Correct detection of readme files in Windows by normalizing file paths.

1.0.1

Fix — Add missing test-content folder needed for runtime checks.
Fix — Do not send emails when setting up test environment.
Fix — Prevent PHP warning when the argv variable isn’t set.

1.0.0

Feature — Complete overhaul of the plugin, its architecture, and all checks.
Feature — Added new WP-CLI commands for running checks and listing available options.
Enhancement — Added option to only run checks for a specific category.

0.2.3

Tweak — Use version 3.8.0 of the PHP_CodeSniffer library, moving away from squizlabs/PHP_CodeSniffer to use PHPCSStandards/PHP_CodeSniffer.
Fix — Ensure the plugin works as expected on the WP playground environment to enable reviewers to use PCP. Props @tellyworth.
Fix — Undefined array key «argv» when running the plugin check in certain environments. Props @afragen. #340

0.2.2

Улучшение — Включена поддержка серверов Windows.
Enhancement — Avoid using PHP CLI directly, which enables plugin developers to use PCP in a variety of new environments.
Fix — Remove dependency on shell_exec and exec functions, which enables plugin developers to use PCP in a variety of new environments.
Fix — Prevent problems with Readme parser warning related to contributor_ignored for when running the check outside WP.org. Props @dev4press. #276
Fix — Remove extra period on the end of the sentence for Phar warning. Props @pixolin. #275

0.2.1

Added — ‘View in code editor’ link beneath each PHPCS error or warning. Props @EvanHerman, @westonruter, @felixarntz, @mukeshpanchal27 #262
Fix — Ensure readme.txt has priority over readme.md when both are present. Props @bordoni, @afragen #258
Fix — Ensure that the PHPCS check runs even when the PHPCS binary is not executable. Props @bordoni, @shawn-digitalpoint, @mrfoxtalbot #254
Fix — Readme changes and typos. Props @aaronjorbin. #261
Fix — Long lines of code with PHPCS check no longer expand over the size of the notice. Props @bordoni, @felixarntz. #263
Fix — Ensure that we have PHP 7.2 compatibility remove trailing comma. Props @bordoni, @leoloso. #265
Fix — Include all strings that were missed in the previous release. Props @bordoni, @pixolin. #270

0.2.0

Feature — Enable modification of the PHP Binary path used by the plugin with PLUGIN_CHECK_PHP_BIN constant.
Feature — Include a check for the usage of ALLOW_UNFILTERED_UPLOADS on any PHP files — Props EvanHerman at #45
Feature — Include a check for the presence of the application files (.a, .bin, .bpk, .deploy, .dist, .distz, .dmg, .dms, .DS_Store, .dump, .elc, .exe, .iso, .lha, .lrf, .lzh, .o, .obj, .phar, .pkg, .sh, ‘.so`) — Props EvanHerman at #43
Feature — Include a check for the presence of the readme.txt or readme.md file — Props EvanHerman at #42
Fix — Ensure that Readme parsing is included properly when a readme.md or readme.txt file is present. Props Bordoni #52
Tweak — Disallow functions move_uploaded_file, passthru, proc_open — Props alexsanford at #50
Tweak — Change the message type for using functions WordPress already includes from Warning to Error. Props davidperezgar at #18
Tweak — Change the message type for incorrect usage of Stable tag from Notice/Warning to Error. Props davidperezgar at #3

[0.1] 2011-09-04

Original version of the plugin check tool, not a released version of the plugin, this changelog is here for historical purposes only.

Проверка плагинов (PCP)

Описание