Title: PreFlight Scanner
Author: Tim Boulley
Published: <strong>29 de junio de  2026</strong>
Last modified: 26 de junio de  2026

---

Buscar plugins

![](https://ps.w.org/preflight-scanner/assets/banner-772x250.png?rev=3590462)

![](https://ps.w.org/preflight-scanner/assets/icon.svg?rev=3590462)

# PreFlight Scanner

 Por [Tim Boulley](https://profiles.wordpress.org/tboulley/)

[Descargar](https://downloads.wordpress.org/plugin/preflight-scanner.1.0.3.zip)

 * [Detalles](https://es-ar.wordpress.org/plugins/preflight-scanner/#description)
 * [Valoraciones](https://es-ar.wordpress.org/plugins/preflight-scanner/#reviews)
 *  [Instalación](https://es-ar.wordpress.org/plugins/preflight-scanner/#installation)
 * [Desarrollo](https://es-ar.wordpress.org/plugins/preflight-scanner/#developers)

 [Soporte](https://wordpress.org/support/plugin/preflight-scanner/)

## Descripción

PreFlight Scanner lets you upload any plugin .zip and run a comprehensive static
safety scan before it ever touches your live WordPress environment. **No plugin 
code is executed during the scan.**

One bad plugin can white-screen an entire e-commerce store. PreFlight catches the
problems before they happen.

#### What PreFlight Scanner checks

**Version Compatibility**

 * PHP version compatibility — reads the plugin header and detects modern syntax
   your server cannot run (match expressions, nullsafe operators, typed properties,
   arrow functions, etc.)
 * WordPress version compatibility — validates Requires At Least and Tested Up To
   headers against the running site

**Collision Detection**

 * Function name collisions — detects global functions that already exist in the
   active environment; a guaranteed PHP fatal error
 * Class name collisions — same result, often harder to diagnose
 * Hook priority conflicts — two plugins registering the same add_filter() hook 
   at the same priority silently overwrite each other’s return value; a common source
   of checkout and pricing bugs on WooCommerce sites

**Security — Critical**

 * Obfuscated and malicious code patterns (eval/base64, compressed payloads, preg_replace/
   e modifier, large base64 blobs)
 * Dangerous PHP functions — shell_exec, exec, system, passthru, proc_open, popen,
   pcntl_exec
 * Suspicious file types inside the ZIP — .exe, .sh, .bat, .cmd, .py, .rb, .pl, .
   vbs

**Warnings & Best Practices**

 * Missing PHP namespaces — files that define global functions or classes without
   a namespace declaration are at elevated collision risk as the site grows
 * Deprecated WordPress functions — code that generates notices or breaks on current
   and future WordPress versions
 * Suspicious outbound HTTP calls — wp_remote_get/post(), curl_exec(), file_get_contents()
   with hardcoded external URLs
 * Direct database queries — raw $wpdb->query() and string-concatenated SELECT statements
   that risk SQL injection
 * Missing nonce and capability checks — files that read $_POST/$_GET without check_admin_referer()
   or current_user_can()

#### After the scan

 * **ALL CLEAR** — one click to install immediately, then activate from the Plugins
   page.
 * **WARNINGS FOUND** — advisory issues; review and decide whether to proceed.
 * **CRITICAL ISSUES** — a confirmation dialog warns you before proceeding; installing
   is strongly discouraged.

#### Privacy

PreFlight Scanner performs all analysis locally on your own server. No data is sent
anywhere. No external HTTP requests are made.

#### PreFlight Pro

Upgrade to [PreFlight Pro](https://boulleytechnology.ca/preflight-scanner.php) for
continuous monitoring of your already-installed plugins:

 * **Scheduled background scans** — automatically re-scan all active plugins daily
   or weekly
 * **Site risk score** — dashboard widget with a 0–100 risk score across all active
   plugins
 * **WooCommerce hook rules** — deeper conflict detection for checkout, cart, pricing,
   and payment hooks
 * **Scan history** — every scan saved and browsable with full results
 * **Email alerts** — get notified when a scheduled scan finds critical issues or
   warnings
 * **CSV export** — export scan history for client reports

Lite ($39 / 1 site) • Plus ($79 / 3 sites) • Pro ($149 / unlimited sites)

## Instalación

 1. Upload the `preflight-scanner` folder to the `/wp-content/plugins/` directory, 
    or install via the WordPress Plugins screen.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Navigate to **Tools  PreFlight Scanner**.
 4. Upload any plugin .zip file and click **Run Pre-Flight Scan**.

## Preguntas frecuentes

### Does this plugin execute the uploaded plugin’s code?

No. PreFlight Scanner performs static analysis only — it reads and parses PHP files
as plain text without executing them. The ZIP is opened entirely in memory using
PHP’s ZipArchive. No files are extracted to disk.

### Can I install a plugin that has warnings?

Yes. Warnings are advisory — the plugin may still work correctly on your site. The
scan results give you the information to make an informed decision.

### Can I install a plugin that has critical (DANGER) issues?

You can, but a confirmation dialog warns you strongly against it. Critical issues
typically mean a PHP fatal error is guaranteed on activation.

### Does it scan plugins already installed on my site?

No. PreFlight Scanner is a pre-installation tool. To audit an already-installed 
plugin, deactivate it, download its ZIP, and upload that ZIP for scanning.

### How long are scan results stored?

Scan results and the temporary staging directory are automatically deleted after
5 minutes. If you close the browser mid-scan, leftover data is cleaned up on the
next page load.

### Is PreFlight Scanner safe to use on production sites?

Yes. The scanner is fully read-only. It never modifies any plugin files, settings,
or database values outside of its own short-lived transients.

### What user role is required?

The Tools  PreFlight Scanner page requires the `install_plugins` capability, which
is reserved for Administrators by default.

### Why are some common hooks like “init” not flagged even when active plugins use them?

Hooks that every WordPress install registers many callbacks on (init, wp_head, admin_init,
etc.) are excluded from hook-conflict reporting to avoid noise. The conflict check
focuses on non-core hooks — plugin-specific filters, WooCommerce hooks, and other
hooks where a collision is genuinely surprising.

### What happens to the uploaded ZIP after scanning?

The ZIP is read entirely in memory and never written to disk. PHP’s standard file
upload handling manages the temporary file and deletes it automatically at the end
of the request.

## Reseñas

No hay reseñas para este plugin.

## Colaboradores y desarrolladores

“PreFlight Scanner” es un software de código abierto. Las siguientes personas han
colaborado con este plugin.

Colaboradores

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

[Traduce “PreFlight Scanner” a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/preflight-scanner)

### ¿Interesado en el desarrollo?

[Revisa el código](https://plugins.trac.wordpress.org/browser/preflight-scanner/),
echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/preflight-scanner/),
o suscríbete al [log de desarrollo](https://plugins.trac.wordpress.org/log/preflight-scanner/)
por [RSS](https://plugins.trac.wordpress.org/log/preflight-scanner/?limit=100&mode=stop_on_copy&format=rss).

## Registro de cambios

#### 1.0.3

 * ZIP is now read entirely in memory via ZipArchive — no files are extracted to
   disk, eliminating staging directory and .htaccess requirements.
 * Added PreFlight Pro upsell in the admin UI.

#### 1.0.1

 * Use `wp_handle_upload()` for file uploads instead of `move_uploaded_file()`.
 * Use `Plugin_Upgrader` (WordPress standard API) for plugin installation instead
   of direct filesystem copy.
 * Use `wp_upload_dir()` for staging directory path to respect custom upload locations.
 * Remove `load_plugin_textdomain()` call — handled automatically by WordPress since
   4.6.
 * Installation no longer auto-activates the plugin; user activates from the Plugins
   page.

#### 1.0.0

 * Initial release.
 * 13 checks across version compatibility, collision detection, security, and best
   practices.
 * Pre-install ZIP upload pipeline with static analysis and one-click installation.
 * Hook priority conflict detection against the live active-plugin environment.
 * PHP namespace check for global function and class declarations.

## Meta

 *  Versión **1.0.3**
 *  Última actualización **hace 5 días**
 *  Instalaciones activas **Menos de 10**
 *  Versión de WordPress ** 5.9 o superior **
 *  Testeado hasta **7.0**
 *  Versión de PHP ** 7.4 o superior **
 *  Idioma
 * [English (US)](https://wordpress.org/plugins/preflight-scanner/)
 * Etiquetas:
 * [conflict](https://es-ar.wordpress.org/plugins/tags/conflict/)[malware](https://es-ar.wordpress.org/plugins/tags/malware/)
   [plugin check](https://es-ar.wordpress.org/plugins/tags/plugin-check/)[scanner](https://es-ar.wordpress.org/plugins/tags/scanner/)
   [security](https://es-ar.wordpress.org/plugins/tags/security/)
 *  [Vista avanzada](https://es-ar.wordpress.org/plugins/preflight-scanner/advanced/)

## Valoraciones

Todavía no se enviaron reseñas.

[Your review](https://wordpress.org/support/plugin/preflight-scanner/reviews/#new-post)

[Ver todas las reseñas](https://wordpress.org/support/plugin/preflight-scanner/reviews/)

## Colaboradores

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

## Soporte

¿Tenés algo que decir? ¿Necesitás ayuda?

 [Ver el foro de asistencia](https://wordpress.org/support/plugin/preflight-scanner/)