Modules Insight
| 开发者 | Pedro Matias |
|---|---|
| 更新时间 | 2026年5月21日 17:51 |
| PHP版本: | 8.0 及以上 |
| WordPress版本: | 7.0 |
| 版权: | GPL-2.0-or-later |
| 版权网址: | 版权信息 |
详情介绍:
Modules Insight helps WordPress developers and site managers audit installed plugins, assess the risk of upgrading PHP, and export complete reports — all from a single on-demand scan.
安装:
- Upload the
modules-insightfolder to the/wp-content/plugins/directory, or install through the WordPress plugin screen directly (Plugins > Add New). - Activate the plugin through the Plugins menu in WordPress.
- Check your Dashboard for the "Modules Insight - Plugin List" widget, or use the shortcode
[plugin_list]on any page or post. - Press Scan Plugins to load the plugin list.
- Press Check PHP 8.3 Compatibility to run the risk evaluation against the WordPress.org API.
- Once the scan is complete, press Download List as JSON or Download List as CSV to export the full report, including the compatibility data.
屏幕截图:
常见问题:
How is the PHP upgrade risk calculated?
Risk is based on two signals pulled from the WordPress.org plugin directory for each plugin:
1. Last Updated — how recently the plugin received a published release.
2. Minimum PHP Declared — the Requires PHP value the author set on WordPress.org.
The rating is assigned as follows:
- High — Not updated in over 3 years, OR declares a minimum PHP below 7.0. Investigate before upgrading.
- Low — Updated within 12–18 months AND declares PHP 7.4 or higher as its minimum.
- Medium — Anything between High and Low. Test on staging before upgrading production.
- Not on WP.org — Plugin not found in the directory. Risk must be assessed manually.
Why is my recently-updated plugin showing as Medium instead of Low?
The most common reason is that the plugin’s Requires PHP field on WordPress.org is set below 7.4 — even if the plugin runs perfectly on modern PHP. Authors often set this conservatively and forget to update it. In this case Medium does not mean the plugin is broken; it means the metadata is incomplete. Check the plugin’s own changelog or test directly on staging.
What does "Not on WP.org" mean in the risk table?
The plugin was not found in the WordPress.org directory. This is normal for premium plugins (WooCommerce extensions, page builder add-ons, etc.) and custom-built plugins. Their compatibility cannot be assessed automatically — check with the vendor or test directly on a staging environment running the target PHP version.
Are the risk ratings a guarantee?
No. They are a triage guide based on publicly available metadata. A Low-rated plugin could still have incompatibilities; a High-rated plugin might work perfectly. The table helps you decide where to focus your testing effort, not whether to skip testing altogether.
Does this plugin make any changes to my site?
No. MI is completely read-only. It does not activate, deactivate, install, or delete any plugins.
Who can see the plugin list and run the compatibility check?
Only users with the activate_plugins capability (typically Administrators).
What formats can I export?
JSON and CSV. Both include the PHP compatibility data (last updated, minimum PHP, risk level) for any plugin that has been checked. Plugins not yet checked show not_checked in those fields.
Can I use this on a live/production site?
Yes. MI performs no write operations and loads no assets unless an admin explicitly presses Scan.
更新日志:
3.2.2
- Fix: Compat table no longer overflows the dashboard widget — wrapped in a horizontally scrollable container.
- Fix: "Tested up to (WP)" now always reflects fresh data — stale transients built before 3.2.0 are ignored and re-fetched automatically.
- Fix: Plugin icon now shown in the dashboard widget title bar.
- Fix: Renamed icon-265x256.png to icon-256x256.png so WordPress.org recognises and displays the plugin icon correctly.
- Updated plugin icons (128x128 and 256x256).
- Feature: Target PHP version selector — choose PHP 8.0 through 8.4 before running the compatibility check. Risk thresholds shift with the selected version.
- Feature: "Tested up to (WP)" is now fetched from WordPress.org and shown as a third signal. An age-driven High rating is softened to Medium when the plugin declares compatibility with a recent WordPress version (6.3+), suggesting the author is actively maintaining it.
- Export: JSON and CSV exports now include the "Tested up to (WP)" field and reflect the selected target PHP version in the risk column header.
- Fix: Screenshots and plugin icon now correctly deployed to the WordPress.org assets directory.
- Compat: Tested and confirmed compatible with WordPress 7.0.
- Updated minimum requirements: WordPress 6.0+, PHP 8.0+.
- Updated screenshots and plugin icon.
- Plugin URI updated to https://aura-plugins.com.
- Docs: Rewrote plugin description and FAQ to lead with the PHP upgrade risk evaluator and document how risk is calculated.
- Feature: PHP Compatibility Checker — after a scan, a "Check PHP 8.3 Compatibility" button queries the WordPress.org API for each plugin (last updated, minimum PHP required) and displays a colour-coded risk table (Low / Medium / High / Not on WP.org). Results are cached per plugin for 24 hours.
- Feature: JSON and CSV exports now include the cached compatibility data (last updated, min PHP, risk level) for any plugin that has been checked. Exports without a prior check show "not_checked".
- Feature: Plugin assets now load on the admin dashboard as well as the frontend, enabling the compatibility checker inside the dashboard widget.
- Feature: Plugin data is now loaded on demand — a Scan button must be pressed before any data is retrieved. Nothing runs on page load automatically.
- Perf: Plugin data is cached via transient (5 min) and auto-invalidated on plugin activate/deactivate/update and theme switch.
- Perf: Replaced O(n) in_array() loop with O(1) array_flip()+isset() for active plugin lookups.
- Perf: Cached is_single()||is_page() result before the plugin loop to avoid redundant calls per iteration.
- Perf: Removed redundant wp_kses() pass in the dashboard widget — all output is already escaped at source.
- Fix: Print CSS now correctly hides the download buttons wrapper (was targeting a stale selector).
- Feature: Report now includes WordPress version and active theme info (name, version, author, URI) in the HTML output and in both JSON and CSV exports.
- Feature: Added CSV export — administrators can now download the plugin list as a .csv file alongside the existing JSON export.
- Version bump.
- Version bump.
- Version bump.
- Version bump.
- Version bump.
- Fix: Remove duplicate nonce hidden field in the download form (wp_nonce_field() already outputs it).
- Fix: JS print listener now only closes
<details>elements that were auto-opened, preserving manually-opened ones. - Fix: Declare
elmsandewithconstin the print media listener to avoid implicit globals. - Perf: Move
get_site_option('active_sitewide_plugins')call outside the plugin foreach loop on multisite. - Security: Simplify shortcode capability check — remove
is_admin()context check, rely solely onactivate_plugins. - Perf: Register assets on
wp_enqueue_scriptsand enqueue them inside the shortcode, so they only load on pages using[plugin_list]. - Perf: Update asset version strings from 2.3.0 to 2.9.2 to ensure browsers pick up current files.
- Accessibility: Replace
outline: noneon button focus with a visible2px solidoutline. - Dev: Add
.vscode/settings.jsonenabling Intelephense's built-in WordPress stubs for accurate static analysis.
- Style: Added
fusion-tb-footerandfusion-footerCSS classes to print hide rules for Avada theme compatibility. - Version bump for CSS and JS assets.
- Feature: Report header now shows site name, date, and URL when shortcode is rendered on a page or post.
- Fix: Corrected plugin GitHub URI to https://github.com/matias2018/Plugin-List-Display.
- Style: Added specific print-hide rules for Avada theme custom footer elements.
- Feature: Added informational message for users without the download capability.
- Feature: Enqueue JavaScript to auto-expand
<details>elements when printing.
- Feature: Show plugin description inside
<details>/<summary>when shortcode is rendered on a page or post. - Feature: Added
is_single()/is_page()context check to conditionally show the description block.
- Feature: Added print styles to hide the download button, header, and footer when printing.
- Feature: Added network-active status display for multisite installs.
- Refine: Removed
<details>/<summary>wrapper from description in default (non-page) view.
- Fix: Use
current_time()instead ofdate()for JSON filename timestamp to respect WordPress timezone settings (Fixes PHPCS error).
- Feature: Wrap plugin descriptions in
<details>/<summary>tags for a cleaner default view. - Fix: Add required
translators:comments for internationalization functions with placeholders (Fixes Plugin Check error). - Fix: Ensure
<details>and<summary>tags are allowed inwp_ksesfor the dashboard widget. - Refine: Improve multisite plugin detection slightly.
- Refine: Use case-insensitive sorting for plugin lists.
- Refactor: Introduce helper function
get_plugin_insight_data()to centralize data retrieval. - Security: Regenerate plugin data on download instead of passing via POST.
- Security: Add capability checks (
activate_plugins) for viewing list and downloading JSON. - Security: Remove
noprivaction hook for downloads. - Feature: Add more plugin details (version, description, author, URIs) to data structure.
- Feature: Handle network-activated plugins on multisite installs.
- Improvement: Use
wp_json_encode()for standard JSON output. - Improvement: Use output buffering and proper escaping (
esc_*,wp_kses_post) throughout HTML generation. - Improvement: Make widget title translatable.
- Fix: Address various Plugin Check escaping errors.
- Initial version shared for review (contained shortcode, dashboard widget, basic JSON download via POST).
- (Internal/Previous Version) Initial concept release.