Scanning doesn’t start

I too had this problem. It worked on one site, with WP 4.9.1 and PHP 7.1. There were 38 active plugins & no inactive. I then tried it on another site, this one a staging site, also with WP 4.9.1, PHP 7.1 and 35 active plugins. There were also 125 inactive plugins. Each site had 1 must-use and 1 drop-in plugin, the same ones.

Like janomi, it just doesn’t run. When I click on scan, the spinner starts up, but disappears after a few seconds and nothing happens after that. I let it run 8 hours with no result. I ran it against active plugins only and against all plugins, but got the same result.

• This reply was modified 6 years, 10 months ago by john-biddle. Reason: additional clarification info

I’m seeing the exact same problem. Also running 4.9.1. My site has 16 plugins but these include 3 or 4 “abandoned” plugins (2 to 4 yrs) that I have had to rename and adopt. I’ve tried scanning for every php version listed. I can’t imagine that there are no deprecated calls. The plugin seems broken.

Me four.

Also running 4.9.1, testing for PHP 7.0. I have 23 active plugins (plus this one), and 1 inactive. Like john-biddle says: “When I click on scan, the spinner starts up, but disappears after a few seconds and nothing happens after that.”

Is anyone monitoring this thread? Has there been any resolution or explanation?

Monitoring? Don’t know but an interesting exercise is to install “Plugin Inspector” and run it on the “PHP Compatibility Checker”. I’ll leave it to someone else to comment on results — but I’ve uninstalled it and am looking elsewhere…

@feralreason, Far be it from me to defend these guys, but the “unsafe” code reported by Plugin Inspector is not necessarily unsafe, it just highlights code which COULD BE used maliciously. The first time I ran it was on PHP Compatibility Checker and the results were a little scary. I then ran it on a whole lot of other plugins with sterling reputations and got similar results.

This could be a problem but I’m not enough of a coder to know one way or the other. Unless you know something specific FeralReason, I think you might be worried a bit too much.

@john-biddle – lol! Could be. I’ve been reading the Wordfence blog posts about (plugin) Supply Chain attacks (worth a read if you haven’t seen them). So I may be a bit paranoid. Your site had many more plugins to check. In contrast to your experience, when I ran Plugin Inspector the few plugins I checked came up fairly clean — which made these results seem more unsettling.

• This reply was modified 6 years, 10 months ago by FeralReason.
• This reply was modified 6 years, 10 months ago by FeralReason.
• This reply was modified 6 years, 10 months ago by FeralReason.

@feralreason Your caution may be justified, but I’d need a lot more than this to keep me from using a plugin that I thought was providing value I could get otherwise.

Here are a few examples of some major plugins that I ran against Plugin Inspector:

Autoptimize	               9	27
EWWW Image Optimizer	       7	50
Gravity Forms	              18	65
iThemes Security Pro	      28	45
JetPack	                      63	111
PHP Compatibility Checker     23	28
Plugin Inspector	       2	4
Pods	                      22	79
SearchWP	              15	37
Ultimate Member	              22	37
wpDataTables	              19	38
Yoast Premium	              24	31

Even Plugin Inspector isn’t perfect, though it does use the suspect coding techniques less often.

I’m not trying to defend PHP Compatibility Checker, but I think it’s important to be careful not to paint plugins as suspect based on so little evidence.

@john-biddle – I see your point. I checked all my plugins this time — shown below sorted by high risk items. Right 3 columns are low, med, high risk. Parentheses just give the origin of the plugin. We wrote (custom) or ‘adopted’ several plugins. We are also fans of S2 Member Framework. The vast majority of their ‘medium’ reports were the same issue (“read entire file into a string”.)

PHP Compatibility Checker	              (wp.org)	5	6	15
S2Member Framework	                      (wp.org)	19    178	10
W3 Total Cache	                              (wp.org)	71    111	9
Custom Sidebars	                              (wp.org)	2	3	2
Yoast SEO	                              (wp.org)	7	18	1
WP Smush	                              (wp.org)	0	9	1
Google Analytics Dashboard for WP	      (wp.org)	1	3	1
Shadowbox JS RTF	                      (adopted)	0	11      0
WP Migrate DB	                              (wp.org)	1	7	0
Akismet Anti-Spam	                      (wp.org)	0	4	0
Plugin Inspector	                      (wp.org)	0	4	0
Responsive Lightbox	                      (wp.org)	2	2	0
Contact Form 7	                              (wp.org)	3	1	0
Metaslider	                              (wp.org)	2	1	0
P3	                                      (wp.org)	1	0	0
APR Button Click Tracking	              (custom)	0	0	0
APR Selector Tools	                      (custom)	0	0	0
BAW Login/Logout menu RTF	              (adopted)	0	0	0
Contact Form 7 - Dynamic Text Extension       (wp.org)	0	0	0
Easy Author Image RTF	                      (adopted)	0	0	0
Export Users to CSV	                      (wp.org)	0	0	0
Magic Liquidizer Responsive Table	      (wp.org)	0	0	0
Responsive Image Maps	                      (wp.org)	0	0	0
APR Site Plugin	                              (custom)	0	0	0
WP125 Ads RTF	                             (adopted)	0	0	0
WP Flyout Tab	                              (custom)	0	0	0

I do, however, like the detail Plugin Inspector provides!

• This reply was modified 6 years, 10 months ago by FeralReason.
• This reply was modified 6 years, 10 months ago by FeralReason.

I like the idea of a plugin like this, that’s why when you mentioned it I loaded it up on my staging site and checked it out. But until it can tell a good use of a powerful coding technique from a bad one, it generates way too much heat for the amount of light it provides.

I’ll keep an eye out for this and/or other plugins that can do more, but as for this one at this time, I’m gonna take a pass.

Thanks for your comments.

Sounds good. If you find a PHP scanner that works — let us all know.

We released a new version of the PHP Compatibility Checker on Tuesday, version 1.4.4. For those of your experiencing the infinite spinner issue, could you please try with this latest version and let me know if you encounter the same problem. I’d love to get to the bottom of the problem.

Generally, when we’ve seen that before, it would indicate there was a fatal error during the scan. Often this is caused another plugin’s autoloader. If the problem persists, having a list of installed and activated plugins would help to reproduce the issue and determine what is happening.

I tried your updated version. When it works at all it seems to work well. It found quite a few things that should be updated in several plugins on a small site of mine with 44 plugins (35 active). It worked in every configuration I tried it in, but sometimes I had to try it several times before it would work at all. I’d hit the scan button and get a spinner for a second or two, then nothing. Other tries worked properly. Sometimes it would get stuck on Updraft Plus version 1.14.2. I’m now on WP 4.9.2 and GeneratePress 2.0.2.

On my other site with far more plugins (dev site, most plugins inactive) it never worked at all. I can’t even get a spinner, on any combo of PHP Version and either all plugins or just active ones. You’re not there yet.

Hi John,

This could be due to the browser caching old versions of Javascript. I just made an update in 1.4.5 to force cache-busting of local assets. Could we please try it one more time?

No change, I’m sorry to report. Still gets stuck on Updraft Plus (37 of 44) and still won’t run at all on my other site.

Hi, Steven.

I just updated to version 1.4.5, cleared my browser’s cache, and ran the scan again. It spins for about 5 seconds and then nothing.

Would it help if I provided a list of my plugins?