WP SEO Keyword Optimizer

WSKO shows you all relevant SEO data from your Google Search Console and identifies optimization potentials, so you can improve your content easily.
WordPress Plugins » Tag: seo – Recent Posts

WP SEO Keyword Optimizer

WP SEO Keyword Optimizer

Emailed Author: There are issues with your plugin code. Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.

## Please sanitize, escape, and validate your POST calls

When you include POST/GET/REQUEST calls in your plugin, it’s important to sanitize, validate, and escape them. The goal here is to prevent a user from accidentally sending trash data through the system, as well as protecting them from potential security issues.

SANITIZE: All instances where generated content is inserted into the database, or into a file, or being otherwise processed by WordPress, the data MUST be properly sanitized for security. By sanitizing your POST data when used to make action calls or URL redirects, you will lessen the possibility of XSS vulnerabilities. You should never have a raw data inserted into the database, even by a update function, and even with a prepare() call.

VALIDATE: In addition to sanitization, you should validate all your calls. If a $ _POST call should only be a number, ensure it’s an int() before you pass it through anything. Even if you’re sanitizing or using WordPress functions to ensure things are safe, we ask you please validate for sanity’s sake. Any time you are adding data to the database, it should be the right data.

ESCAPE: Similarly, when you’re outputting data, make sure to escape it properly, so it can’t hijack admin screens. There are many esc_*() functions you can use to make sure you don’t show people the wrong data.

In all cases, using stripslashes or strip_tags is not enough. You need to use the most appropriate method associated with the type of content you’re processing. Check that a URL is a URL and don’t just be lazy and use sanitize_text please. The ultimate goal is that you should ensure that invalid and unsafe data is NEVER processed or displayed. Clean everything, check everything, escape everything, and never trust the users to always have input sane data.

Please review this document and update your code accordingly: http://codex.wordpress.org/Validating_Sanitizing_and_Escaping_User_Data

Example:

$ post = $ _POST[‘post’];

$ data = $ _REQUEST[‘form_data’];

and so on.

## Not using Nonces and/or checking permissions

Please add a nonce to your POST calls to prevent unauthorized access.

Keep in mind, check_admin_referer alone is NOT bulletproof security. Do not rely on nonces for authorization purposes. Use current_user_can() in order to prevent users without the right permissions from accessing things.

https://codex.wordpress.org/WordPress_Nonces

## Allowing Direct File Access to plugin files

Direct file access is when someone directly queries your file. This can be done by simply entering the complete path to the file in the URL bar of the browser but can also be done by doing a POST request directly to the file. For files that only contain a PHP class the risk of something funky happening when directly accessed is pretty small. For files that contain procedural code, functions and function calls, the chance of security risks is a lot bigger.

You can avoid this by putting this code at the top of all php files:

if ( ! defined( ‘ABSPATH’ ) ) exit; // Exit if accessed directly

—-

Please make sure you’ve addressed ALL issues brought up in this email. When you’ve corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.

(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)

WordPress Plugins » Tag: seo – Recent Posts

WP SEO Keyword Optimizer

LC Scripts Optimizer

Lightweight plugin aiming to solve one of most tedious WordPress issues: amount of different scripts added by theme or plugins.
WordPress Plugins » Tag: seo – Recent Posts

LC Scripts Optimizer

WP SEO Plugin Optimizer

This tool gives you the opportunity to automatically scan your website for needlessly running plugins and afterwards deactivate them on these particu
WordPress Plugins » Tag: seo – Recent Posts

WP SEO Plugin Optimizer

WP SEO Plugin Optimizer

Emailed Author: There are issues with your plugin code. Please read this ENTIRE email, address all listed issues, and reply to this email with your corrected code attached. It is required for you to read and reply to these emails, and failure to do so will result in significant delays with your plugin being accepted.

## Hardcoded plugin folder name

Your plugin won’t work via our directory because you hardcoded in the plugin’s folder. You’ve defined your plugin name like this:

require (WP_PLUGIN_DIR . ‘/wspo/wspo-mu.php’);

Problem is? That won’t be the folder name. The plugin folder name is derived from the name you used to submit your plugin. So if you submitted it as ‘Joe’s Cool Nameapp’ then the folder will be joes-cool-nameapp and not cool-nameapp.

Please read http://codex.wordpress.org/Function_Reference/plugins_url – you’ll notice how we have a __FILE__ parameter used in most examples. If you change your plugin to use that, it will work no matter what the folder name is.

Since you’re in the same folder, you can do this:

require (‘wspo-mu.php’);

## Including your own update checker

Please remove the checks you have in your plugin to provide for updates.

We do not permit plugins to phone home to other servers for updates, as we are providing that service for you with WordPress.org hosting. One of our guidelines is that you actually use our hosting, so we need you to remove that code.

## Making license checks

We do not permit plugins to phone home for license validation unless the plugin is providing a service that cannot be completed on the user’s server.

For example, a plugin like Akismet is processing spam on their own servers, and passing the data back to the users via an API. This is a service.

On the other hand, a plugin that simply validates a license and ‘unlocks’ functionality that’s already in the plugin is not a service.

This is explained in more detail in our guidelines (http://wordpress.org/plugins/about/guidelines/) under “Serviceware”

Please remove the license check from your plugin. Alternately, you may provide more information as to how you are providing a service. Remember. The service needs to be running from an external server.

—-

Please make sure you’ve addressed ALL issues brought up in this email. When you’ve corrected your code, reply to this email with the updated code attached as a zip, or provide a link to the new code for us to review. If you have questions, concerns, or need clarification, please reply to this email and just ask us.

(While we have tried to make this review as exhaustive as possible we, like you, are humans and may have missed things. As such, we will re-review the ENTIRE plugin when you send it back to us. We appreciate your patience and understanding in this.)

WordPress Plugins » Tag: seo – Recent Posts

WP SEO Plugin Optimizer

SEO Image Optimizer

SEO Image Optimizer is dynamically insert Seo Friendly alt attributes and title attributes to your Images. You can also manually changed the alt and title attributes of images.

WordPress Plugins » Tag: seo – Recent Posts

SEO Image Optimizer