WhitneyLAQ: PHP Coverage
One more question: what does your PHP rule coverage looks like? Specifically WordPress-flavored PHP (nonce verification, capability checks, $wpdb->prepare(), escaping/sanitization functions). Most of my builds are plugins so I just want to make sure that is thoroughly covered.
Rome_Rafter
May 30, 2026A: Great question! We do thoroughly cover PHP, but I had a look through our rules and wasn't satisfied with our Wordpress coverage, so I just shipped a bunch of additional, WP-specific rules—that's why this took a few hours to respond to. They changes are deployed and live!
Verified purchaser
How well does it scan WordPress site's vulnerabilities when using the (public) Site option as opposed scanning a repo?
Verified purchaser
The Site analysis is not (yet) tailored to WP, unlike the codebase scanning—which now absolutely is. The Site audits is mostly framework agnostic, but includes a growing number of platform-specific analyses for tools commonly used by vibe coding platforms (e.g. Supabase). This is because we see the most variability in such projects, whereas the WP community is more standardized and mature.
Verified purchaser
The Site analysis is not (yet) tailored to WP, unlike the codebase scanning—which now absolutely is. The Site audits is mostly framework agnostic, but includes a growing number of platform-specific analyses for tools commonly used by vibe coding platforms (e.g. Supabase). This is because we see the most variability in such projects, whereas the WP community is more standardized and mature.
Verified purchaser
@Rome_Rafter really appreciate you! Just purchased. ✨
Verified purchaser
Thanks Whitney, don't hesitate to reach out ([email protected]) with any questions/feedback/requests, always happy to help!