Skip to content
This repository

Scan all sorts of themes and files and things!

branch: master

VIP Scanner Build Status

A WordPress plugin that enables you to scan all sorts of themes and files and things.

Contributors: Mohammad Jangda, Automattic, Thorsten Ott, Michael Fields, Filipe Varela, Josh Betz, Mike Blouin, and Nick Daugherty

Requires WordPress version 3.4 or greater.


The plugin itself is simple a UI for the VIP Scanner library, which does all the heavy lifting. The library allows you to create arbitrary "Checks" (e.g. UndefinedFunctionCheck), group them together as Reviews ( Theme Review), and run them against themes, plugins, directories, single files, and even diffs.

This plugin is based on code from the Theme Check (written by Pross and Otto42) and Exploit Scanner (written by donncha) plugins.


  1. Upload the plugin folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the 'Plugins' menu in WordPress
  3. Tools > VIP Scanner


Install using the Plugin Installer.



  • Analysis tab for analysing functions, classes, namespaces, shortcodes, actions, filters, capabilities, roles, CPTs, taxonomies, scripts, and styles.
  • WP CLI command for analysis: wp vip-scanner analyze-theme
  • New checks, including VCMergeConflictCheck, WordPressCodingStandardsCheck
  • PHP Code Sniffer integration using the WordPress Coding Standards
  • Check improvements: VIPRestrictedCommandsCheck, VIPRestrictedPatternsCheck, PHPShortTagsCheck
  • Added unit testing for some tests


  • ClamAV Integration
  • New checks, including VIPInitCheck, filter_input, WP_Widget_Tag_Cloud, and more!
  • WP CLI Support (using vip-scanner command)
  • Reducing false positives
  • Adjusting severity of several checks


  • UI Refresh
  • Exports
  • Auto scan


  • Various bug fixes, including preventing the annoying upgrade nag between the main VIP Scanner plugin and Rules.


  • New checks and scans! VIP_PregFile, EscapingCheck, etc.
  • PHP 5.2 compatibility, props kevinmcgillivray and chrisguitarguy
  • Bump WP version requirement (3.4)
  • Code cleanup, props lance


  • Initial version, using slightly older versions of the Theme Check plugin's checks.
Something went wrong with that request. Please try again.