Title: PreFlight Scanner
Author: Tim Boulley
Published: <strong>Òkúdù 29, 2026</strong>
Last modified: Òkúdù 26, 2026

---

Ṣàwárí àwọn plugin

![](https://ps.w.org/preflight-scanner/assets/banner-772x250.png?rev=3590462)

![](https://ps.w.org/preflight-scanner/assets/icon.svg?rev=3590462)

# PreFlight Scanner

 Láti ọwọ́ [Tim Boulley](https://profiles.wordpress.org/tboulley/)

[Ṣe ìgbàsílẹ̀](https://downloads.wordpress.org/plugin/preflight-scanner.1.0.3.zip)

 * [Àwọn àlàyé](https://yor.wordpress.org/plugins/preflight-scanner/#description)
 * [Àwọn àgbéyẹ̀wò](https://yor.wordpress.org/plugins/preflight-scanner/#reviews)
 *  [Ìgbéwọlẹ̀](https://yor.wordpress.org/plugins/preflight-scanner/#installation)
 * [Ìdàgbàsókè](https://yor.wordpress.org/plugins/preflight-scanner/#developers)

 [Ìrànlọ́wọ́](https://wordpress.org/support/plugin/preflight-scanner/)

## Àpèjúwe

PreFlight Scanner lets you upload any plugin .zip and run a comprehensive static
safety scan before it ever touches your live WordPress environment. **No plugin 
code is executed during the scan.**

One bad plugin can white-screen an entire e-commerce store. PreFlight catches the
problems before they happen.

#### What PreFlight Scanner checks

**Version Compatibility**

 * PHP version compatibility — reads the plugin header and detects modern syntax
   your server cannot run (match expressions, nullsafe operators, typed properties,
   arrow functions, etc.)
 * WordPress version compatibility — validates Requires At Least and Tested Up To
   headers against the running site

**Collision Detection**

 * Function name collisions — detects global functions that already exist in the
   active environment; a guaranteed PHP fatal error
 * Class name collisions — same result, often harder to diagnose
 * Hook priority conflicts — two plugins registering the same add_filter() hook 
   at the same priority silently overwrite each otherÌtumọ̀ Yorùbá: ’s return value;
   a common source of checkout and pricing bugs on WooCommerce sites

**Security — Critical**

 * Obfuscated and malicious code patterns (eval/base64, compressed payloads, preg_replace/
   e modifier, large base64 blobs)
 * Dangerous PHP functions — shell_exec, exec, system, passthru, proc_open, popen,
   pcntl_exec
 * Suspicious file types inside the ZIP — .exe, .sh, .bat, .cmd, .py, .rb, .pl, .
   vbs

**Warnings & Best Practices**

 * Missing PHP namespaces — files that define global functions or classes without
   a namespace declaration are at elevated collision risk as the site grows
 * Deprecated WordPress functions — code that generates notices or breaks on current
   and future WordPress versions
 * Suspicious outbound HTTP calls — wp_remote_get/post(), curl_exec(), file_get_contents()
   with hardcoded external URLs
 * Direct database queries — raw $wpdb->query() and string-concatenated SELECT statements
   that risk SQL injection
 * Missing nonce and capability checks — files that read $_POST/$_GET without check_admin_referer()
   or current_user_can()

#### After the scan

 * **ALL CLEAR** — one click to install immediately, then activate from the Plugins
   page.
 * **WARNINGS FOUND** — advisory issues; review and decide whether to proceed.
 * **CRITICAL ISSUES** — a confirmation dialog warns you before proceeding; installing
   is strongly discouraged.

#### Privacy

PreFlight Scanner performs all analysis locally on your own server. No data is sent
anywhere. No external HTTP requests are made.

#### PreFlight Pro

Upgrade to [PreFlight Pro](https://boulleytechnology.ca/preflight-scanner.php) for
continuous monitoring of your already-installed plugins:

 * **Scheduled background scans** — automatically re-scan all active plugins daily
   or weekly
 * **Site risk score** — dashboard widget with a 0–100 risk score across all active
   plugins
 * **WooCommerce hook rules** — deeper conflict detection for checkout, cart, pricing,
   and payment hooks
 * **Scan history** — every scan saved and browsable with full results
 * **Email alerts** — get notified when a scheduled scan finds critical issues or
   warnings
 * **CSV export** — export scan history for client reports

Lite ($39 / 1 site) • Plus ($79 / 3 sites) • Pro ($149 / unlimited sites)

## Ìgbéwọlẹ̀

 1. Upload the `preflight-scanner` folder to the `/wp-content/plugins/` directory, 
    or install via the WordPress Plugins screen.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Navigate to **Tools  PreFlight Scanner**.
 4. Upload any plugin .zip file and click **Run Pre-Flight Scan**.

## FAQ

### Does this plugin execute the uploaded pluginÌtumọ̀ Yorùbá: ’s code?

No. PreFlight Scanner performs static analysis only — it reads and parses PHP files
as plain text without executing them. The ZIP is opened entirely in memory using
PHPÌtumọ̀ Yorùbá: ’s ZipArchive. No files are extracted to disk.

### Can I install a plugin that has warnings?

Yes. Warnings are advisory — the plugin may still work correctly on your site. The
scan results give you the information to make an informed decision.

### Can I install a plugin that has critical (DANGER) issues?

You can, but a confirmation dialog warns you strongly against it. Critical issues
typically mean a PHP fatal error is guaranteed on activation.

### Does it scan plugins already installed on my site?

No. PreFlight Scanner is a pre-installation tool. To audit an already-installed 
plugin, deactivate it, download its ZIP, and upload that ZIP for scanning.

### How long are scan results stored?

Scan results and the temporary staging directory are automatically deleted after
5 minutes. If you close the browser mid-scan, leftover data is cleaned up on the
next page load.

### Is PreFlight Scanner safe to use on production sites?

Yes. The scanner is fully read-only. It never modifies any plugin files, settings,
or database values outside of its own short-lived transients.

### What user role is required?

The Tools  PreFlight Scanner page requires the `install_plugins` capability, which
is reserved for Administrators by default.

### Why are some common hooks like “init” not flagged even when active plugins use them?

Hooks that every WordPress install registers many callbacks on (init, wp_head, admin_init,
etc.) are excluded from hook-conflict reporting to avoid noise. The conflict check
focuses on non-core hooks — plugin-specific filters, WooCommerce hooks, and other
hooks where a collision is genuinely surprising.

### What happens to the uploaded ZIP after scanning?

The ZIP is read entirely in memory and never written to disk. PHPÌtumọ̀ Yorùbá: ’
s standard file upload handling manages the temporary file and deletes it automatically
at the end of the request.

## Àwọn àgbéyẹ̀wò

Kò sí àwọn àgbéyẹ̀wò fún plugin yìí.

## Àwọn Olùkópa & Olùgbéejáde

“PreFlight Scanner” jẹ́ ètò ìṣàmúlò orísun ṣíṣí sílẹ̀. Àwọn ènìyàn wọ̀nyí ti ṣe 
ìkópa sí plugin yìí.

Àwọn Olùkópa

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

[Túmọ̀ “PreFlight Scanner” sí èdè rẹ.](https://translate.wordpress.org/projects/wp-plugins/preflight-scanner)

### Ṣe o nífẹ̀ẹ́ sí ìdàgbàsókè?

[Ṣàwárí koodu](https://plugins.trac.wordpress.org/browser/preflight-scanner/), ṣàyẹ̀wò
[ibi ìpamọ́ SVN](https://plugins.svn.wordpress.org/preflight-scanner/), tàbí ṣe 
àgbékalẹ̀ sí [àkọsílẹ̀ ìdàgbàsókè](https://plugins.trac.wordpress.org/log/preflight-scanner/)
nípasẹ̀ [RSS](https://plugins.trac.wordpress.org/log/preflight-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Àkọsílẹ̀ àwọn àyípadà

#### 1.0.3

 * ZIP is now read entirely in memory via ZipArchive — no files are extracted to
   disk, eliminating staging directory and .htaccess requirements.
 * Added PreFlight Pro upsell in the admin UI.

#### 1.0.1

 * Use `wp_handle_upload()` for file uploads instead of `move_uploaded_file()`.
 * Use `Plugin_Upgrader` (WordPress standard API) for plugin installation instead
   of direct filesystem copy.
 * Use `wp_upload_dir()` for staging directory path to respect custom upload locations.
 * Remove `load_plugin_textdomain()` call — handled automatically by WordPress since
   4.6.
 * Installation no longer auto-activates the plugin; user activates from the Plugins
   page.

#### 1.0.0

 * Initial release.
 * 13 checks across version compatibility, collision detection, security, and best
   practices.
 * Pre-install ZIP upload pipeline with static analysis and one-click installation.
 * Hook priority conflict detection against the live active-plugin environment.
 * PHP namespace check for global function and class declarations.

## Àkójọpọ̀ Meta

 *  Ẹ̀yà **1.0.3**
 *  Ìgbàgbọ́hùn tó kẹ́yìn **ọjọ́ 5 sẹ́yìn**
 *  Àwọn ìgbéwọlẹ̀ tó ṣiṣẹ́ **Tó kéré sí 10**
 *  Ẹ̀yà WordPress ** 5.9 tàbí ju bẹ́ẹ̀ lọ **
 *  Dánwò dé **7.0**
 *  Ẹ̀yà PHP ** 7.4 tàbí ju bẹ́ẹ̀ lọ **
 *  Èdè
 * [English (US)](https://wordpress.org/plugins/preflight-scanner/)
 * Àwọn àmì
 * [conflict](https://yor.wordpress.org/plugins/tags/conflict/)[malware](https://yor.wordpress.org/plugins/tags/malware/)
   [plugin check](https://yor.wordpress.org/plugins/tags/plugin-check/)[scanner](https://yor.wordpress.org/plugins/tags/scanner/)
   [security](https://yor.wordpress.org/plugins/tags/security/)
 *  [Ìwòye Tó Péye](https://yor.wordpress.org/plugins/preflight-scanner/advanced/)

## Àwọn ìbò

Kò sí ìwádìí tí a tíì fi ránṣẹ́.

[Your review](https://wordpress.org/support/plugin/preflight-scanner/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/preflight-scanner/reviews/)

## Àwọn Olùkópa

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

## Ìrànlọ́wọ́

Nǹkan wà tí o fẹ́ sọ? Ṣé o nílò ìrànlọ́wọ́?

 [Wo àpéjọ ìrànlọ́wọ́](https://wordpress.org/support/plugin/preflight-scanner/)