analyze_wordpress_security
Analyze WordPress code for security vulnerabilities including OWASP Top 10 risks, SQL injection, and WordPress-specific security issues in plugins, themes, and core implementations.
Instructions
Comprehensive WordPress security analysis for plugins, themes, and core implementations with OWASP and WordPress-specific vulnerability detection
WORKFLOW: Perfect for understanding complex code, identifying issues, and technical debt assessment TIP: Use Desktop Commander to read files, then pass content here for analysis SAVES: Claude context for strategic decisions
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| analysisDepth | No | Level of security analysis detail | detailed |
| analysisType | No | Type of security analysis to perform | comprehensive |
| auditDatabaseQueries | No | Audit database queries for SQL injection vulnerabilities | |
| checkCapabilities | No | Analyze WordPress capability and role management | |
| code | No | The WordPress code to analyze (for single-file analysis) | |
| filePath | No | Path to single WordPress file to analyze | |
| files | No | Array of specific file paths (for multi-file analysis) | |
| includeOwaspTop10 | No | Include OWASP Top 10 vulnerability checks | |
| maxDepth | No | Maximum directory depth for multi-file discovery (1-5) | |
| projectPath | No | Path to WordPress plugin/theme root (for multi-file analysis) | |
| wpType | No | WordPress component type | plugin |
| wpVersion | No | Target WordPress version for compatibility checks | 6.4 |
Input Schema (JSON Schema)
{
"properties": {
"analysisDepth": {
"default": "detailed",
"description": "Level of security analysis detail",
"enum": [
"basic",
"detailed",
"comprehensive"
],
"type": "string"
},
"analysisType": {
"default": "comprehensive",
"description": "Type of security analysis to perform",
"enum": [
"owasp",
"wordpress",
"comprehensive"
],
"type": "string"
},
"auditDatabaseQueries": {
"default": true,
"description": "Audit database queries for SQL injection vulnerabilities",
"type": "boolean"
},
"checkCapabilities": {
"default": true,
"description": "Analyze WordPress capability and role management",
"type": "boolean"
},
"code": {
"description": "The WordPress code to analyze (for single-file analysis)",
"type": "string"
},
"filePath": {
"description": "Path to single WordPress file to analyze",
"type": "string"
},
"files": {
"description": "Array of specific file paths (for multi-file analysis)",
"type": "array"
},
"includeOwaspTop10": {
"default": true,
"description": "Include OWASP Top 10 vulnerability checks",
"type": "boolean"
},
"maxDepth": {
"default": 3,
"description": "Maximum directory depth for multi-file discovery (1-5)",
"type": "number"
},
"projectPath": {
"description": "Path to WordPress plugin/theme root (for multi-file analysis)",
"type": "string"
},
"wpType": {
"default": "plugin",
"description": "WordPress component type",
"enum": [
"plugin",
"theme",
"core",
"mu-plugin",
"dropin"
],
"type": "string"
},
"wpVersion": {
"default": "6.4",
"description": "Target WordPress version for compatibility checks",
"type": "string"
}
},
"required": [],
"type": "object"
}