Website LLMs.txt
Slug: website-llms-txt · Ryan Howard · 40,000+
Overall Score
Excellent quality and security
What this score means
Scores are calculated on a 100-point scale by analysing six weighted categories: Security, WP.org Readiness, Performance, Code Quality, Accessibility, and Vulnerabilities. Open vulnerabilities are weighted by severity, CVSS, and patch availability, and incomplete source data can reduce confidence slightly.
-
Excellent The plugin follows best practices across every measured category. It is well-maintained, low-risk, and recommended for production use.
-
Good Strong overall quality with minor areas for improvement. Generally safe to use on most sites.
-
Needs Review Some areas of concern detected. Review the full issues report and weigh the risks before installing on production.
-
High Risk Significant quality or security problems found. Exercise caution — check the details carefully before using this plugin.
High confidence (100/100) based on metadata completeness and vulnerability evidence quality.
Open vulnerabilities are weighted by severity, CVSS, and patch availability, then adjusted slightly when the source data is incomplete.
- Wordfence: June 28, 2026 6:47 pm (27 minutes ago)
AI-Generated Summary
Website LLMs.txt currently scores 94/100 (excellent). Latest scan findings include 0 errors and 7 warnings.
Strengths
- Overall score is in a strong range for production use.
- No open vulnerabilities are currently recorded in tracked sources.
Risks
- Tested-up-to metadata is behind the current WordPress version.
Recommended Next Actions
- Address warning-level findings to improve maintainability and reduce future risk.
- Validate compatibility against the latest WordPress core and refresh tested-up-to metadata.
Generated from latest scan and metadata signals. Validate in staging before production changes.
Score Breakdown
Why this score?
Top deductions are based on 1 affected rules, reducing this category by 12 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Security issue: Warning | 3 | -12 | 100% |
Why this score?
Top deductions are based on 3 affected rules, reducing this category by 8 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Repo issue: Warning | 1 | -3 | 37.5% |
| Tested up to version is behind current WordPress | 1 | -3 | 37.5% |
| Repo issue: Notice | 2 | -2 | 25% |
Why this score?
Top deductions are based on 1 affected rules, reducing this category by 9 total points.
| Rule | Hits | Impact | Share |
|---|---|---|---|
| Performance issue: Warning | 3 | -9 | 100% |
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Why this score?
Top deductions are based on 0 affected rules, reducing this category by 0 total points.
No deductions were applied for this category in the latest score run.
Plugin Details
- Version: 8.5.0
- Active Installs: 40,000+
- Last Updated: 2026-06-15 02:17:00
- Tested up to: 6.9.4
- Requires PHP: 7.2
- Rating: 4.6/5 (12 ratings)
- Support: 6/6 resolved (100%)
- View on WordPress.org
- Download Plugin
Scan Summary
- Errors: 0
- Warnings: 7
- Notices: 2
- Last Scanned: 2026-05-23 23:10:39
- Score confidence: 100/100
What Changed Since Last Scan
Run at least two completed scans to view issue deltas.
Detected Issues
| Severity | Category | Message | File | Fix Guidance |
|---|---|---|---|---|
| WARNING | SECURITY | Declared minimum PHP 7.2 is end-of-life and no longer receives security updates. |
Quick
Increase minimum PHP version to a currently supported branch.
Moderate
Audit dependencies and code for compatibility with modern PHP runtime behavior.
Advanced
Track upstream PHP lifecycle changes and schedule proactive baseline upgrades.
|
|
| WARNING | REPO | Plugin package is missing readme.txt. |
Quick
Add a readme.txt file so repository metadata, installation instructions, and compatibility information are available.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
|
| NOTICE | REPO | Plugin package does not include a license file. |
Quick
Add a LICENSE or COPYING file so distribution terms are explicit.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
|
| WARNING | SECURITY | Direct database query detected without an immediately visible $wpdb->prepare() wrapper. | includes/class-llms-core.php |
Quick
Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query.
Moderate
Refactor repeated SQL into repository/helper methods that enforce prepared statements by default.
Advanced
Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
|
| WARNING | PERFORMANCE | flush_rewrite_rules() detected. | includes/class-llms-core.php |
Quick
Only flush rewrite rules during activation or explicit maintenance flows.
Moderate
Apply the same remediation pattern across performance findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
| WARNING | SECURITY | Direct database query detected without an immediately visible $wpdb->prepare() wrapper. | includes/class-llms-generator.php |
Quick
Wrap dynamic SQL arguments with $wpdb->prepare() in the flagged query.
Moderate
Refactor repeated SQL into repository/helper methods that enforce prepared statements by default.
Advanced
Add integration tests and static checks that fail builds when direct dynamic SQL is introduced.
|
| WARNING | PERFORMANCE | flush_rewrite_rules() detected. | uninstall.php |
Quick
Only flush rewrite rules during activation or explicit maintenance flows.
Moderate
Apply the same remediation pattern across performance findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
| WARNING | PERFORMANCE | flush_rewrite_rules() detected. | website-llms-txt.php |
Quick
Only flush rewrite rules during activation or explicit maintenance flows.
Moderate
Apply the same remediation pattern across performance findings and re-scan to confirm warning issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
| NOTICE | REPO | Translation functions are present, but no textdomain loader was detected. |
Quick
Call load_plugin_textdomain() during plugin bootstrap so translations can be loaded.
Moderate
Apply the same remediation pattern across repo findings and re-scan to confirm notice issues drop.
Advanced
Add automated linting, CI checks, and team review guidance so this issue class is prevented in future releases.
|
Score History
No history available yet. · All-Time High: N/A
All Past Vulnerabilities
Showing all known historical vulnerabilities for this plugin, including open and closed records.
| Vulnerability | CVE | Severity | Status | Affected Versions | Patched Version | Updated | Source |
|---|---|---|---|---|---|---|---|
| Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting | N/A | LOW | Closed | *-8.2.6 | 8.2.7 | 2026-04-20 00:00:00 | Wordfence |
| Website LLMs.txt <= 8.2.6 - Reflected Cross-Site Scripting | N/A | LOW | Closed | *-8.2.6 | 8.2.7 | 2026-03-12 00:00:00 | Wordfence |
| Website LLMs.txt <= 8.2.6 - Authenticated (Admin+) Stored Cross-Site Scripting | N/A | LOW | Closed | *-8.2.6 | 8.2.7 | 2026-04-20 18:26:20 | Wordfence |