When a code base is ready for automated scanning, the repository is checked by PHPCS scan using the
WordPress-VIP-Go standard. The initial scan will include a report that categorizes the scan’s results based on the severity of the errors and warnings the scan found.
Errors with severity level 6 and above
ERROR with severity level 6 through 10 may indicates code that may not function on VIP Go. This could be due to:
While some may be false positives, not addressing the valid ones in this category will likely result in a loss of functionality.
We don’t recommend fixing these errors found in third-party code like plugins and themes. Instead, consider looking for an alternative that provides the same functionality. If there isn’t an alternative that meets your needs, consider whether you truly need the code and thoroughly test its functionality if you do.
Errors at severity level 5
Code that triggers an
ERROR with severity level 5 may have issues such as (but not limited to):
- Incorrectly escaped output
- Using a high number of posts per page
Especially with escaping errors, there may be false positives. The only way to know for sure is by inspecting these lines further. Errors at this level expose the site to security and performance problems.
Warnings at severity 6 and above
Code that triggers a
WARNING with severity level 6 through 10 may expose the site to performance and security problems. This includes (but not limited to):
- Custom Database Tables
- Using $wpdb directly
- Using wp_mail()
- User provided data not properly sanitized
Warnings at severity 6 and above are addressed to prevent poor performance and security vulnerabilities.
Warnings at severity level 5
Code that triggers a
WARNING with severity level 5 may cause problems in certain circumstances, such as high traffic events. This warning level includes issues such as (but not limited to):
- Uncached functions
- Functions with poor performance
- Database queries with poor performance
- Using strip_tags instead of wp_kses
VIP recommends that warnings at severity level 5 are addressed.
Warnings at severity level 4 and under
WARNINGs with severity level 4 through 1 are triggered when the code is not adhering to VIP’s recommended best practices. This includes issues such as:
- Including files without a full path
- Using loose comparisons
- Having an undefined variable
- Not enqueuing scripts
These warnings will be included in the report. Addressing them will help keep the code base clean and prevent unexpected bugs or side effects.