Advanced plugin overlap and conflict diagnostics with ranked plugin recommendations for WordPress. Detects conflicts, analyzes security vulnerabilities, and provides actionable insights for optimal WordPress performance.
WP Plugin Conflict Mapper is a comprehensive WordPress plugin that helps you identify and resolve conflicts between installed plugins. It analyzes your WordPress installation to detect:
-
Hook Conflicts: Multiple plugins using the same WordPress hooks
-
Function Name Conflicts: Duplicate function definitions across plugins
-
Global Variable Conflicts: Shared global variable usage
-
Database Table Conflicts: Plugins creating or using the same database tables
-
Functional Overlaps: Multiple plugins providing similar functionality
-
Security Vulnerabilities: Potential security issues in plugin code
-
Performance Impact: Plugin size, complexity, and resource usage
-
Automatically scans all active plugins for conflicts
-
Identifies hook, function, global variable, and database table conflicts
-
Categorizes conflicts by severity (low, medium, high, critical)
-
Provides actionable recommendations for resolution
-
Ranks plugins based on compatibility and performance
-
Scores range from 0-100 with detailed breakdowns
-
Identifies problematic plugins that may need replacement
-
Provides insights into plugin complexity and resource usage
-
Scans for dangerous function usage (eval, exec, system, etc.)
-
Detects potential SQL injection vulnerabilities
-
Identifies XSS (Cross-Site Scripting) risks
-
Checks for insecure file operations
-
Measures plugin file size and complexity
-
Counts database tables created by plugins
-
Analyzes asset loading (CSS/JS files)
-
Calculates hook usage intensity
-
Save scan results for historical comparison
-
Export reports in JSON or CSV format
-
View detailed conflict information
-
Track improvements over time
-
Identifies plugins with similar purposes
-
Recommends consolidation opportunities
-
Suggests popular alternatives for each category
-
Helps reduce plugin bloat
-
WordPress Admin Dashboard: User-friendly web interface
-
REST API: Programmatic access for automation
-
WP-CLI: Command-line interface for developers
-
Download or clone this repository
-
Upload the entire
wp-plugin-conflict-mapperfolder to/wp-content/plugins/ -
Activate the plugin through the 'Plugins' menu in WordPress
-
Navigate to Conflict Mapper in the WordPress admin menu
| Component | Version |
|---|---|
WordPress |
5.8 or higher |
PHP |
7.4 or higher |
MySQL |
5.6 or higher |
-
Go to Conflict Mapper → Dashboard
-
Click Run New Scan
-
Wait for the scan to complete
-
Review the results showing conflicts, overlaps, and recommendations
# Run a basic scan
wp conflict-mapper scan
# Run a scan and save results
wp conflict-mapper scan --save
# Export scan as JSON
wp conflict-mapper scan --format=json
# List all plugins with scores
wp conflict-mapper list-plugins
# Get detailed report for a specific plugin
wp conflict-mapper report akismet# Run a scan
curl -X POST https://yoursite.com/wp-json/wpcm/v1/scan \
-H "Authorization: Bearer YOUR_TOKEN"
# Get scan results
curl https://yoursite.com/wp-json/wpcm/v1/scan/1 \
-H "Authorization: Bearer YOUR_TOKEN"
# Get all plugins
curl https://yoursite.com/wp-json/wpcm/v1/plugins \
-H "Authorization: Bearer YOUR_TOKEN"- Hook Conflicts
-
Multiple plugins hooking into the same WordPress action or filter. Can cause unexpected behavior or performance issues. Severity depends on the hook and number of plugins using it.
- Function Conflicts
-
Two or more plugins defining functions with the same name. Will cause fatal PHP errors if both plugins are active. Always high severity.
- Global Variable Conflicts
-
Plugins using the same global variable names. Can lead to data corruption or unexpected behavior. Medium severity in most cases.
- Database Table Conflicts
-
Multiple plugins creating or accessing the same database tables. High risk of data corruption. Always high severity.
The plugin categorizes overlaps into common functionality areas:
-
SEO
-
Caching
-
Security
-
Backup
-
Forms
-
E-commerce
-
Social Media
-
Analytics
-
Media Management
-
Email/Newsletter
-
Page Builders
-
Spam Protection
Plugins are scored 0-100 based on:
-
Conflicts (max -40 points): Penalties for involvement in conflicts
-
Overlaps (max -30 points): Penalties for functional redundancy
-
Complexity (max -20 points): Code complexity and size
-
Size (max -10 points): File size impact
-
Maintenance: Version information availability
| Score Range | Interpretation |
|---|---|
80+ |
Excellent - Well-behaved, minimal issues |
60-79 |
Good - Minor issues to monitor |
40-59 |
Fair - Several issues, review recommended |
<40 |
Poor - Significant problems, consider alternatives |
The security scanner checks for:
-
Dangerous Functions: eval(), exec(), system(), shell_exec(), etc.
-
SQL Injection Risks: Direct database queries without preparation
-
XSS Vulnerabilities: Unescaped user input
-
File Operation Risks: Insecure file handling
| Level | Description |
|---|---|
Safe |
No issues detected |
Low |
Minor concerns, generally acceptable |
Medium |
Some issues present, monitoring recommended |
High |
Significant vulnerabilities found |
Critical |
Severe security problems, immediate action required |
Configure the plugin behavior:
- Automatic Scanning
-
-
Enable/disable scheduled scans
-
Set frequency: daily, weekly, or monthly
-
- Data Retention
-
-
Specify how long to keep scan results
-
Default: 30 days
-
- Alert Threshold
-
-
Choose minimum severity for notifications
-
Options: low, medium, high, critical
-
- Email Reports
-
-
Enable/disable email notifications
-
Configure notification email address
-
Export scan results in multiple formats:
- JSON Export
-
-
Complete scan data with all details
-
Ideal for programmatic processing
-
Includes metadata and timestamps
-
- CSV Export
-
-
Conflict summary in spreadsheet format
-
Easy to share with non-technical stakeholders
-
Includes conflict type, severity, and affected plugins
-
-
Identify High-Severity Conflicts First
-
Focus on function and table conflicts
-
These can cause immediate site breakage
-
-
Review Functional Overlaps
-
Keep only one plugin per function
-
Example: Use only one SEO plugin, one caching plugin
-
-
Monitor Hook Conflicts
-
Some hook conflicts are acceptable
-
Watch for conflicts on critical hooks (init, wp_head, etc.)
-
-
Test Changes
-
Always test in a staging environment first
-
Deactivate one plugin at a time
-
Verify functionality after each change
-
-
Reduce Plugin Count
-
Each plugin adds overhead
-
Consolidate functionality where possible
-
-
Choose Lightweight Alternatives
-
Use the rankings to identify heavy plugins
-
Look for alternatives with better scores
-
-
Regular Scans
-
Run scans after plugin updates
-
Schedule periodic scans (weekly recommended)
-
-
Clean Up Unused Plugins
-
Delete inactive plugins
-
Remove plugins that are no longer needed
-
// Modify scan results before saving
add_filter('wpcm_scan_results', function($results) {
// Your custom logic
return $results;
});
// Add custom conflict detector
add_action('wpcm_detect_conflicts', function($plugins) {
// Your custom detection logic
});
// Modify plugin ranking
add_filter('wpcm_plugin_score', function($score, $plugin_file) {
// Adjust score based on custom criteria
return $score;
}, 10, 2);Base URL: /wp-json/wpcm/v1/
| Endpoint | Method | Description |
|---|---|---|
|
GET |
Get all installed plugins |
|
POST |
Run a new conflict scan |
|
GET |
Get specific scan results |
|
GET |
Get recent scans |
|
GET |
Get scanning statistics |
|
Note
|
All endpoints require manage_options capability.
|
CREATE TABLE wp_wpcm_scans (
id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
scan_date datetime NOT NULL,
plugin_count int(11) NOT NULL,
conflict_count int(11) NOT NULL,
overlap_count int(11) NOT NULL,
scan_data longtext,
scan_type varchar(50) NOT NULL,
PRIMARY KEY (id)
);CREATE TABLE wp_wpcm_conflicts (
id bigint(20) UNSIGNED NOT NULL AUTO_INCREMENT,
scan_id bigint(20) UNSIGNED NOT NULL,
conflict_type varchar(50) NOT NULL,
severity varchar(20) NOT NULL,
affected_plugins text,
conflict_data longtext,
created_at datetime NOT NULL,
PRIMARY KEY (id)
);add_action('wpcm_loaded', function() {
$scanner = wpcm()->scanner;
$detector = wpcm()->detector;
$plugins = $scanner->get_active_plugins();
$conflicts = $detector->detect_conflicts($plugins);
// Process results
foreach ($conflicts as $type => $conflict_list) {
// Handle each conflict type
}
});$cache = new WPCM_Cache();
// Store data
$cache->set('my_key', $data, 3600);
// Retrieve data
$data = $cache->get('my_key');
// Remember pattern (get or generate)
$data = $cache->remember('my_key', function() {
return expensive_operation();
}, 3600);- Scan Takes Too Long
-
-
Large number of plugins (50+) can slow scans
-
Increase PHP max_execution_time
-
Run scans via WP-CLI for better performance
-
- Memory Errors
-
-
Increase PHP memory_limit (recommended: 256M+)
-
Reduce number of active plugins
-
Use command-line scanning for large installations
-
- Database Errors
-
-
Ensure database user has CREATE TABLE permissions
-
Check database server connection
-
Verify table prefix matches WordPress config
-
- Permission Errors
-
-
Plugin requires
manage_optionscapability -
Only administrators can run scans
-
Check user roles and capabilities
-
-
Scans can be resource-intensive on large sites
-
Use caching to improve subsequent scan performance
-
Schedule scans during low-traffic periods
-
Consider WP-CLI for large installations
-
Limit scan history retention for better database performance
-
All AJAX requests use nonce verification
-
Capability checks on all admin operations
-
SQL queries use prepared statements
-
User input is properly sanitized and escaped
-
REST API endpoints require authentication
For issues, questions, or contributions:
-
GitLab Issues: Report bugs at https://gitlab.com/Hyperpolymath/wp-plugin-conflict-mapper/-/issues
-
Documentation: See CLAUDE.md for development guidelines
-
Security: See SECURITY.md for vulnerability disclosure
See CHANGELOG.md for version history.
This project is dual-licensed. You may choose either:
Strong copyleft license for maximum user freedom.
-
Source code disclosure required for network services
-
Modifications must be shared under AGPL v3.0
-
Full GPL family compatibility
Modern reciprocal license emphasizing autonomy.
-
Political non-alignment guarantee
-
Clear commercial use terms
-
Economic freedom protections
-
Governance independence
Both licenses require source code disclosure and attribution. Choose based on your needs:
-
AGPL: Traditional copyleft, GPL ecosystem
-
Palimpsest: Modern clarity, political autonomy
See LICENSE.txt for comparison and details.
| Permission | Status |
|---|---|
Commercial use |
✅ Permitted |
Modification |
✅ Allowed |
Distribution |
✅ Rights granted |
Private use |
✅ Allowed |
Source code access |
✅ Required |
Warranty |
❌ Not provided |
Developed by Jonathan as part of WordPress performance and security optimization research.
Future enhancements being considered:
-
❏ Visual dependency graphs
-
❏ Integration with plugin vulnerability databases
-
❏ Automated conflict resolution suggestions
-
❏ Multi-site network support
-
❏ Plugin comparison tool
-
❏ Performance benchmarking
-
❏ Email digest reports
-
❏ Integration with monitoring tools
Contributions are welcome! Please see CONTRIBUTING.adoc for guidelines.
-
Fork the repository
-
Create a feature branch
-
Make your changes
-
Submit a merge request
Made with ❤️ for the WordPress community
RSR Silver Compliant ⭐⭐ (95.5%)
