Ship to CodeCanyon Confidently
WP HealthKit flags every Envato rejection reason before you submit — inline JS, hardcoded URLs, debug code, missing docs, and all the standard WordPress security checks.
The four checks that get plugins rejected
Envato reviewers cite these patterns over and over in soft-reject queues. WP HealthKit catches every instance, with the file and line number, before you submit.
Inline JavaScript
HIGHEvery onclick=, onchange=, and onload= attribute in your PHP output, with file and line number.
Hardcoded URLs
MEDIUMlocalhost, example.com, and any URL that should be coming from home_url() / admin_url() / plugins_url().
Debug code left in
MEDIUMvar_dump, print_r, console.log, error_reporting(E_ALL), ini_set('display_errors', 1) — all flagged.
Documentation & changelog
MEDIUMVerifies a readme.txt, README.md, or documentation.html ships with the plugin and contains a changelog section.
Submitting blind vs submitting audited
Submit blind
- Wait days for first review
- Discover rejection reasons one at a time
- Re-submit, re-queue, re-wait
- Lose first-launch momentum
- No way to see security issues until rejected
Audit first with WP HealthKit
- Queue position shown immediately — results when complete
- File and line number for each finding
- Auto-fix coding standards and deprecated calls
- Re-audit between fixes (50% off on Pro)
- Submit knowing reviewers will see clean code
Plus the full 49-layer WordPress audit
Envato reviewers expect WordPress security and quality fundamentals — every CodeCanyon submission is graded against them too. WP HealthKit runs all of these in the same audit.
Wordfence CVE database cross-reference
Full PHPCS with WordPress-Extra ruleset
PHPStan Level 6 type safety analysis
Hardcoded secret & credential detection
PHP 8.0–8.4 compatibility analysis
GPL license compatibility audit
AI security engine — XSS, CSRF, SQLi, IDOR
Plugin conflict & namespace prefixing
CodeCanyon submission questions
Will WP HealthKit guarantee my CodeCanyon submission gets approved?
No tool can guarantee Envato approval — reviewers make the final call and occasionally raise issues that automated engines don't cover. What WP HealthKit does is catch every common rejection reason before you submit: inline JavaScript, hardcoded URLs, debug code, missing documentation, obfuscated PHP, and the standard WordPress security issues. Authors who audit first see significantly faster approval cycles.
What's the difference between Envato review and WordPress.org review?
Envato runs a hand-review queue focused on premium-quality buyer expectations: documentation, changelog, support readiness, no debug output, no obfuscated code. WordPress.org reviews focus on security, GPL compatibility, and directory rules. WP HealthKit covers both — Envato-specific patterns are layered on top of the same 49-layer WordPress audit.
Does Envato actually reject plugins for inline JavaScript?
Yes — it's one of the most-cited soft-reject reasons. Envato reviewers want all JS in enqueued .js files (so site owners can audit, cache, and apply CSP rules). The same applies to inline event handlers like onclick and onchange. WP HealthKit's Envato pre-check finds every one and tells you the file and line number.
Is the audit really free for first-time authors?
Yes — every account gets 2 free tokens with the full 49-layer engine, no credit card required. Re-audits are 50% off on Pro and above so iterating between submissions is cheap. Most CodeCanyon authors fix every flagged item in 1–2 audits.
Submit your CodeCanyon plugin with confidence
Run a full Envato pre-check across 49 verification layers. 2 free tokens — no card required.
Run Envato Pre-Check FreeNo credit card required · Full 49-layer audit · Queue position shown immediately