VIP Scanner


Scan all sorts of themes and files and things.

The plugin itself is simple a UI for the VIP Scanner library, which does all the heavy lifting. The library allows you to create arbitrary “Checks” (e.g. UndefinedFunctionCheck), group them together as Reviews ( Theme Review), and run them against themes, plugins, directories, single files, and even diffs.

This plugin is based on code from the Theme Check (written by Pross and Otto42) and Exploit Scanner (written by donncha) plugins.


  • The VIP Scanner has a slick UI. Slicker than your average.


  1. Upload the plugin folder to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Tools > VIP Scanner


Install using the Plugin Installer.


To come…

Contributors & Developers

“VIP Scanner” is open source software. The following people have contributed to this plugin.




  • Modified analyzer to use PHP tokens rather than regular expressions
  • New checks, including white/blacklist checking for file types and names
  • Added basic async scanning as an admin bar node
  • WP CLI scan commands now support paths in addition to theme slugs
  • WP CLI scan_type argument is now optional


  • Analysis tab for analysing functions, classes, namespaces, shortcodes, actions, filters, capabilities, roles, CPTs, taxonomies, scripts, and styles.
  • WP CLI command for analysis: wp vip-scanner analyze-theme
  • New checks, including VCMergeConflictCheck, WordPressCodingStandardsCheck
  • PHP Code Sniffer integration using the WordPress Coding Standards
  • Check improvements: VIPRestrictedCommandsCheck, VIPRestrictedPatternsCheck, PHPShortTagsCheck
  • Added unit testing for some tests


  • ClamAV Integration
  • New checks, including VIPInitCheck, filter_input, WP_Widget_Tag_Cloud, and more!
  • WP CLI Support (using vip-scanner command)
  • Reducing false positives
  • Adjusting severity of several checks


  • UI Refresh
  • Exports
  • Auto scan


  • Various bug fixes, including preventing the annoying upgrade nag between the main VIP Scanner plugin and Rules.


  • New checks and scans! VIP_PregFile, EscapingCheck, etc.
  • PHP 5.2 compatibility, props kevinmcgillivray and chrisguitarguy
  • Bump WP version requirement (3.4)
  • Code cleanup, props lance


  • Initial version, using slightly older versions of the Theme Check plugin’s checks.