Compliance Fixer
Automatically detect and fix PHPCS violations in your plugins — so every build you ship meets WordPress.org coding standards without manual review.
Ship wp.org-ready code every time
WordPress.org enforces the WordPress Coding Standards (PHPCS) for every plugin submission. The Compliance Fixer add-on runs automatically during the build and corrects the most common violations across all three archives — DEV, FREE and PRO.
What it fixes
Output escaping
Unescaped echo statements are wrapped with the appropriate function — esc_html(), esc_attr() or esc_url() — based on the context detected in your code.
Input sanitization
Raw $_GET, $_POST and $_REQUEST reads without sanitization are flagged and patched with sanitize_text_field() and wp_unslash() where appropriate.
Nonce verification
AJAX handlers and form processors that process POST data without a check_admin_referer() or check_ajax_referer() call are identified and annotated for correction.
Translation functions
Hardcoded strings in user-facing output are detected and wrapped with __() or esc_html_e() including the correct text domain — making your plugin translation-ready from day one.
File-system calls
Direct operations such as file_get_contents() and file_put_contents() are annotated with the WordPress-recommended phpcs:ignore directive where wp_filesystem doesn't apply.
How it works
When the Compliance Fixer add-on is active, it runs automatically as part of every build — no separate step, no manual trigger required.
1 — Scan
After the transformation engine finishes, the Compliance Fixer scans every PHP file in all three build archives against the WordPress Coding Standards ruleset.
2 — Fix
Auto-fixable violations are corrected directly in the extracted build files. The fixer applies only safe, non-logic-changing transformations — escaping, sanitization and annotation directives.
3 — Report
The number of issues fixed is shown at the top of the Step 4 download panel. Violations that couldn't be auto-fixed are listed separately to address manually in your DEV source.
Applied to all three builds
The Compliance Fixer runs on each archive independently — ensuring DEV, FREE and PRO all ship with clean, standards-compliant code.
🟠 DEV
Fixes are applied to the DEV archive so your local testing copy already reflects compliance corrections — making it easier to keep your source clean over time.
🟢 FREE
The FREE archive receives the full compliance pass before packaging. This is the version submitted to WordPress.org — it must meet the standards, and it will.
🔵 PRO
The PRO archive is fixed too — so your premium customers receive code that is equally clean, regardless of whether it's distributed via Freemius or any other channel.
Stop fixing violations by hand
The Compliance Fixer add-on runs silently on every build and delivers three clean, wp.org-ready archives — automatically.