Skip to main content
WP HealthKit

Plugin Check (PCP) vs WP HealthKit

Plugin Check is spell check. WP HealthKit is editorial review.

Plugin Check (PCP)WP HealthKit
What it doesWordPress.org directory compliance checksDeep security, quality, and accessibility audit
Who it's forPlugin authors submitting to wp.orgPlugin authors who want production-ready code
How it worksRule-based pattern matching (40+ checks)49 verification layers: 45 deterministic + 4 AI engines
Price rangeFree (open source)Free – £499/mo

What Plugin Check (PCP) does well

  • Official WordPress.org tool, maintained by the Performance Team
  • Free and open source
  • Checks readme.txt format, PHP coding standards, basic security patterns, performance flags
  • Required for WordPress.org plugin directory submissions
  • Available as WP Admin tool or WP-CLI command
  • Gets regular updates aligned with directory review team priorities

What WP HealthKit does differently

  • Catches complex security vulnerabilities, logic flaws, and authentication bypass patterns that rule-based checks miss
  • AI analysis understands context — not just pattern matching, but reasoning about code behaviour
  • Covers GDPR/privacy, PHP 8.x compatibility, multisite safety, WooCommerce security, supply chain health
  • 30.5% of wp.org submissions get rejected — many pass Plugin Check but fail manual review. WP HealthKit catches what human reviewers catch
  • Generates professional PDF reports with remediation guidance
  • Companion plugin for continuous site monitoring — auto re-audit when plugins update

Where they overlap

Both check WordPress coding standards and basic security patterns. Plugin Check is the source of truth for directory compliance. WP HealthKit covers the same ground but goes 10x deeper on security.

When to use both

  • Always use both. Plugin Check is mandatory and free — run it first for formatting and compliance
  • Then run WP HealthKit to catch security and quality issues that Plugin Check's rule-based approach can't detect
  • Think of it as: Plugin Check = spell check, WP HealthKit = editorial review

Decision framework

If you need...Use...
Pass WordPress.org directory reviewPlugin Check (mandatory) + WP HealthKit (recommended)
Basic coding standards compliancePlugin Check
Deep security audit with AI analysisWP HealthKit
GDPR, accessibility, WooCommerce checksWP HealthKit
Maximum confidence before submissionUse both

Plugin Check (PCP) pricing

Free (open source)

WP HealthKit pricing

Free (2 audits/mo), £4.99 single, £29/mo Pro, £149/mo Agency, £499/mo Enterprise

Run a free audit on your plugin

See what WP HealthKit finds in your code — 2 free tokens, no credit card required.

Start Free Audit

More comparisons

Patchstack

One protects your site from known threats. The other finds the threats nobody knows about yet.

Wordfence

One guards your front door. The other checks your house for structural flaws before you move in.

Sucuri

Sucuri is your bodyguard. WP HealthKit is your architect checking the building plans.

WPScan / Jetpack Protect

WPScan tells you if your plugin has a known problem. WP HealthKit tells you if your code has an unknown one.

PHPStan / Psalm

PHPStan catches type errors. WP HealthKit catches WordPress security errors. Run both.

SonarQube

SonarQube knows PHP. WP HealthKit knows WordPress.

Snyk

Snyk protects your supply chain. WP HealthKit protects what you built with it.

SolidWP

SolidWP locks your house. WP HealthKit checks whether the house was built safely.

MalCare

MalCare cleans up the mess. WP HealthKit helps you not make it.

CodeRabbit / AI Code Review

General AI knows PHP. WP HealthKit knows WordPress.

WP Umbrella

WP Umbrella tells you when a plugin update drops. WP HealthKit tells you if the update is safe.

Semgrep

WP HealthKit runs Semgrep. It also runs 29 other things.

BuiltByGo

One is a WordPress security product. The other is a small team that somehow built it. The product is winning.

Drata

Drata gets your SaaS company SOC 2 ready. WP HealthKit gets your WordPress fleet CRA ready. Same job, different surface.

Vanta

Vanta automates compliance for SaaS. WP HealthKit automates compliance for WordPress.

Secureframe

Secureframe is for SaaS companies chasing SOC 2. WP HealthKit is for WordPress agencies chasing CRA.

Plugin Check (PCP) vs WP HealthKit | WP HealthKit