Automatically Catching Bugs in Plugins


A Problem

There are times when it’s difficult for a plugin developer to know the most secure way to implement something (e.g., preparing a SQL query with conditional clauses), and it can be easy to overlook bugs and bad practices when there are thousands of lines of code.

That creates bad experiences for users when something breaks or their site is hacked.

A Potential Solution

Static code analysis could help to catch bugs, and inform developers how to fix them. It could also reduce the amount of time the Plugin team spends doing manual reviews.

The Coding Standards project has

This is the first part of the article “Automatically Catching Bugs in Plugins“
written by WordPress.org.