Title: PreFlight Scanner
Author: Tim Boulley
Published: <strong>2026년 6월 29일</strong>
Last modified: 2026년 6월 26일

---

플러그인 검색

![](https://ps.w.org/preflight-scanner/assets/banner-772x250.png?rev=3590462)

![](https://ps.w.org/preflight-scanner/assets/icon.svg?rev=3590462)

# PreFlight Scanner

 작성자: [Tim Boulley](https://profiles.wordpress.org/tboulley/)

[다운로드](https://downloads.wordpress.org/plugin/preflight-scanner.1.0.3.zip)

 * [세부사항](https://ko.wordpress.org/plugins/preflight-scanner/#description)
 * [평가](https://ko.wordpress.org/plugins/preflight-scanner/#reviews)
 *  [설치](https://ko.wordpress.org/plugins/preflight-scanner/#installation)
 * [개발](https://ko.wordpress.org/plugins/preflight-scanner/#developers)

 [지원](https://wordpress.org/support/plugin/preflight-scanner/)

## 설명

PreFlight Scanner lets you upload any plugin .zip and run a comprehensive static
safety scan before it ever touches your live WordPress environment. **No plugin 
code is executed during the scan.**

One bad plugin can white-screen an entire e-commerce store. PreFlight catches the
problems before they happen.

#### What PreFlight Scanner checks

**Version Compatibility**

 * PHP version compatibility — reads the plugin header and detects modern syntax
   your server cannot run (match expressions, nullsafe operators, typed properties,
   arrow functions, etc.)
 * WordPress version compatibility — validates Requires At Least and Tested Up To
   headers against the running site

**Collision Detection**

 * Function name collisions — detects global functions that already exist in the
   active environment; a guaranteed PHP fatal error
 * Class name collisions — same result, often harder to diagnose
 * Hook priority conflicts — two plugins registering the same add_filter() hook 
   at the same priority silently overwrite each other’s return value; a common source
   of checkout and pricing bugs on WooCommerce sites

**Security — Critical**

 * Obfuscated and malicious code patterns (eval/base64, compressed payloads, preg_replace/
   e modifier, large base64 blobs)
 * Dangerous PHP functions — shell_exec, exec, system, passthru, proc_open, popen,
   pcntl_exec
 * Suspicious file types inside the ZIP — .exe, .sh, .bat, .cmd, .py, .rb, .pl, .
   vbs

**Warnings & Best Practices**

 * Missing PHP namespaces — files that define global functions or classes without
   a namespace declaration are at elevated collision risk as the site grows
 * Deprecated WordPress functions — code that generates notices or breaks on current
   and future WordPress versions
 * Suspicious outbound HTTP calls — wp_remote_get/post(), curl_exec(), file_get_contents()
   with hardcoded external URLs
 * Direct database queries — raw $wpdb->query() and string-concatenated SELECT statements
   that risk SQL injection
 * Missing nonce and capability checks — files that read $_POST/$_GET without check_admin_referer()
   or current_user_can()

#### After the scan

 * **ALL CLEAR** — one click to install immediately, then activate from the Plugins
   page.
 * **WARNINGS FOUND** — advisory issues; review and decide whether to proceed.
 * **CRITICAL ISSUES** — a confirmation dialog warns you before proceeding; installing
   is strongly discouraged.

#### Privacy

PreFlight Scanner performs all analysis locally on your own server. No data is sent
anywhere. No external HTTP requests are made.

#### PreFlight Pro

Upgrade to [PreFlight Pro](https://boulleytechnology.ca/preflight-scanner.php) for
continuous monitoring of your already-installed plugins:

 * **Scheduled background scans** — automatically re-scan all active plugins daily
   or weekly
 * **Site risk score** — dashboard widget with a 0–100 risk score across all active
   plugins
 * **WooCommerce hook rules** — deeper conflict detection for checkout, cart, pricing,
   and payment hooks
 * **Scan history** — every scan saved and browsable with full results
 * **Email alerts** — get notified when a scheduled scan finds critical issues or
   warnings
 * **CSV export** — export scan history for client reports

Lite ($39 / 1 site) • Plus ($79 / 3 sites) • Pro ($149 / unlimited sites)

## 설치

 1. Upload the `preflight-scanner` folder to the `/wp-content/plugins/` directory, 
    or install via the WordPress Plugins screen.
 2. Activate the plugin through the **Plugins** menu in WordPress.
 3. Navigate to **Tools  PreFlight Scanner**.
 4. Upload any plugin .zip file and click **Run Pre-Flight Scan**.

## FAQ

### Does this plugin execute the uploaded plugin’s code?

No. PreFlight Scanner performs static analysis only — it reads and parses PHP files
as plain text without executing them. The ZIP is opened entirely in memory using
PHP’s ZipArchive. No files are extracted to disk.

### Can I install a plugin that has warnings?

Yes. Warnings are advisory — the plugin may still work correctly on your site. The
scan results give you the information to make an informed decision.

### Can I install a plugin that has critical (DANGER) issues?

You can, but a confirmation dialog warns you strongly against it. Critical issues
typically mean a PHP fatal error is guaranteed on activation.

### Does it scan plugins already installed on my site?

No. PreFlight Scanner is a pre-installation tool. To audit an already-installed 
plugin, deactivate it, download its ZIP, and upload that ZIP for scanning.

### How long are scan results stored?

Scan results and the temporary staging directory are automatically deleted after
5 minutes. If you close the browser mid-scan, leftover data is cleaned up on the
next page load.

### Is PreFlight Scanner safe to use on production sites?

Yes. The scanner is fully read-only. It never modifies any plugin files, settings,
or database values outside of its own short-lived transients.

### What user role is required?

The Tools  PreFlight Scanner page requires the `install_plugins` capability, which
is reserved for Administrators by default.

### Why are some common hooks like “init” not flagged even when active plugins use them?

Hooks that every WordPress install registers many callbacks on (init, wp_head, admin_init,
etc.) are excluded from hook-conflict reporting to avoid noise. The conflict check
focuses on non-core hooks — plugin-specific filters, WooCommerce hooks, and other
hooks where a collision is genuinely surprising.

### What happens to the uploaded ZIP after scanning?

The ZIP is read entirely in memory and never written to disk. PHP’s standard file
upload handling manages the temporary file and deletes it automatically at the end
of the request.

## 후기

이 플러그인에 대한 평가가 없습니다.

## 기여자 & 개발자

“PreFlight Scanner”(은)는 오픈 소스 소프트웨어입니다. 다음의 사람들이 이 플러그인에
기여하였습니다.

기여자

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

[자국어로 “PreFlight Scanner”(을)를 번역하세요.](https://translate.wordpress.org/projects/wp-plugins/preflight-scanner)

### 개발에 관심이 있으십니까?

[코드 탐색하기](https://plugins.trac.wordpress.org/browser/preflight-scanner/)는,
[SVN 저장소](https://plugins.svn.wordpress.org/preflight-scanner/)를 확인하시거나,
[개발 기록](https://plugins.trac.wordpress.org/log/preflight-scanner/)을 [RSS](https://plugins.trac.wordpress.org/log/preflight-scanner/?limit=100&mode=stop_on_copy&format=rss)
로 구독하세요.

## 변경이력

#### 1.0.3

 * ZIP is now read entirely in memory via ZipArchive — no files are extracted to
   disk, eliminating staging directory and .htaccess requirements.
 * Added PreFlight Pro upsell in the admin UI.

#### 1.0.1

 * Use `wp_handle_upload()` for file uploads instead of `move_uploaded_file()`.
 * Use `Plugin_Upgrader` (WordPress standard API) for plugin installation instead
   of direct filesystem copy.
 * Use `wp_upload_dir()` for staging directory path to respect custom upload locations.
 * Remove `load_plugin_textdomain()` call — handled automatically by WordPress since
   4.6.
 * Installation no longer auto-activates the plugin; user activates from the Plugins
   page.

#### 1.0.0

 * Initial release.
 * 13 checks across version compatibility, collision detection, security, and best
   practices.
 * Pre-install ZIP upload pipeline with static analysis and one-click installation.
 * Hook priority conflict detection against the live active-plugin environment.
 * PHP namespace check for global function and class declarations.

## 기초

 *  버전 **1.0.3**
 *  최근 업데이트: **2주 전**
 *  활성화된 설치 **10보다 적음**
 *  워드프레스 버전 ** 5.9 또는 그 이상 **
 *  다음까지 시험됨: **7.0.1**
 *  PHP 버전 ** 7.4 또는 그 이상 **
 *  언어
 * [English (US)](https://wordpress.org/plugins/preflight-scanner/)
 * 태그:
 * [conflict](https://ko.wordpress.org/plugins/tags/conflict/)[malware](https://ko.wordpress.org/plugins/tags/malware/)
   [plugin check](https://ko.wordpress.org/plugins/tags/plugin-check/)[scanner](https://ko.wordpress.org/plugins/tags/scanner/)
   [security](https://ko.wordpress.org/plugins/tags/security/)
 *  [고급 보기](https://ko.wordpress.org/plugins/preflight-scanner/advanced/)

## 평점

아직 제출된 리뷰가 없습니다.

[Your review](https://wordpress.org/support/plugin/preflight-scanner/reviews/#new-post)

[모든  리뷰 보기](https://wordpress.org/support/plugin/preflight-scanner/reviews/)

## 기여자

 *   [ Tim Boulley ](https://profiles.wordpress.org/tboulley/)

## 지원

할 말 있으신가요? 도움이 필요하신가요?

 [지원 포럼 보기](https://wordpress.org/support/plugin/preflight-scanner/)