{"id":41173050,"url":"https://github.com/austinginder/wp-audit-files","last_synced_at":"2026-01-22T19:47:02.555Z","repository":{"id":286221792,"uuid":"960755729","full_name":"austinginder/wp-audit-files","owner":"austinginder","description":"WP-CLI command to audit theme/plugin PHP files using the Google Gemini API.","archived":false,"fork":false,"pushed_at":"2025-07-10T13:47:39.000Z","size":21,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-10-14T19:23:46.600Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/austinginder.png","metadata":{"files":{"readme":"readme.md","changelog":null,"contributing":null,"funding":null,"license":"license","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-04-05T02:13:17.000Z","updated_at":"2025-09-11T05:12:10.000Z","dependencies_parsed_at":"2025-04-05T03:36:01.597Z","dependency_job_id":null,"html_url":"https://github.com/austinginder/wp-audit-files","commit_stats":null,"previous_names":["austinginder/wp-audit-files"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/austinginder/wp-audit-files","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinginder%2Fwp-audit-files","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinginder%2Fwp-audit-files/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinginder%2Fwp-audit-files/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinginder%2Fwp-audit-files/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/austinginder","download_url":"https://codeload.github.com/austinginder/wp-audit-files/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/austinginder%2Fwp-audit-files/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28669677,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-22T19:36:09.361Z","status":"ssl_error","status_checked_at":"2026-01-22T19:36:05.567Z","response_time":144,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2026-01-22T19:47:01.895Z","updated_at":"2026-01-22T19:47:02.550Z","avatar_url":"https://github.com/austinginder.png","language":"PHP","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WP Audit Files Command\n\nA WP-CLI command that scans PHP files in your WordPress themes and plugins,\nsends them in chunks to the Google Gemini API for analysis (checking for\npotential malware, security vulnerabilities, etc.), and reports the findings.\n\n**Disclaimer:** This tool uses a generative AI model (Google Gemini).\nThe analysis provided is not guaranteed to be exhaustive or perfectly accurate.\nIt should be used as *one part* of a comprehensive security audit, not as a\nreplacement for manual code review or professional security services. Use of\nthe Google Gemini API may incur costs and is subject to Google's terms of\nservice and rate limits.\n\n## Requirements\n\n*   WP-CLI version 0.25 or later.\n*   PHP 7.4 or later.\n*   Composer (used internally by `wp package install`).\n*   A Google Gemini API Key.\n\n## Installation\n\nEnsure you have WP-CLI installed. Then, install the package directly from GitHub:\n\n```bash\nwp package install austinginder/wp-audit-files\n```\n\nWP-CLI will handle downloading the package and making the `wp audit-files` command available.\n\n## Configuration\n\nYou need to provide your [Google Gemini API key](https://aistudio.google.com/app/apikey) in one of two ways:\n\n1. Environment Variable (Recommended): Set the `GEMINI_API_KEY` environment variable before running the command. \n    \n    ```bash\n    export GEMINI_API_KEY=\"YOUR_API_KEY_HERE\"\n    wp audit-files\n    ```\n\n2. Command-Line Flag: Use the --api-key flag with each command execution.\n\n    ```bash\n    wp audit-files --api-key=YOUR_API_KEY_HERE\n    ```\n\n## Usage\n\n```bash\nwp audit-files [--api-key=\u003ckey\u003e] [--timeout=\u003cseconds\u003e] [--themes=\u003cthemes\u003e] [--plugins=\u003cplugins\u003e] [--skip-api-call]\n```\n\n### Options:\n\n- `--api-key=\u003ckey\u003e`: Your Google Gemini API Key (overrides environment variable).\n- `--timeout=\u003cseconds\u003e`: Timeout for each API request (default: 300).\n- `--themes=\u003cthemes\u003e`: Comma-separated list of theme slugs (directory names) to scan. If used, only specified themes/plugins are scanned.\n- `--plugins=\u003cplugins\u003e`: Comma-separated list of plugin slugs (directory names) to scan. If used, only specified themes/plugins are scanned.\n- `[--skip-api-call]`: Find files and calculate chunks, but do not call the Gemini API. Useful for estimating workload or debugging file discovery.\n\nExamples:\n\n```bash\n# Scan ALL themes and plugins (requires GEMINI_API_KEY env var)\nwp audit-files\n\n# Scan ALL themes and plugins, providing API key via flag\nwp audit-files --api-key=YOUR_API_KEY_HERE\n\n# Scan only the 'twentytwentyfour' theme and the 'akismet' plugin\nwp audit-files --themes=twentytwentyfour --plugins=akismet --api-key=YOUR_KEY\n\n# See how many files/chunks would be processed without calling the API\nwp audit-files --skip-api-call\n```\n\n**Output**\n\nThe command will:\n\n1. Log its progress (finding files, creating chunks, calling API).\n2. Display a table of potential issues found (sorted by severity: High \u003e Medium \u003e Low \u003e Info).\n3. Save the full list of issues (including code snippets if provided by the API) to a file named `all-issues.json` in the directory where you run the command.\n\n\n## License\n\nMIT License\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustinginder%2Fwp-audit-files","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Faustinginder%2Fwp-audit-files","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Faustinginder%2Fwp-audit-files/lists"}