- Open the Security tab on the blocked version's detail page.
- Review the critical findings listed there.
- Fix the issues in your local copy of the plugin.
- Upload a new version — it will be scanned automatically.
A Blocked status means at least one critical security issue was found. You cannot unblock an existing version — each new upload starts a fresh scan.
Note: Re-scanning an existing version (via the manual re-scan button) does not change the validation status. It only refreshes the displayed results. You must upload a new version to clear a blocked status.
Some findings may be false positives. For example, a password-manager plugin may legitimately handle credentials. You have three options:
.bandit, .secrets.baseline,
.flake8). See the
Config Files guide.
If you believe a mandatory (non-skippable) rule is producing a genuine false positive for your plugin and neither config files nor rule skipping can resolve it, you can request a review from the site administrators.
Use the dedicated issue template on GitHub — it guides you through providing the information administrators need to make a decision quickly:
Security Check Issue Template
Fill in your plugin name, the rule code, why you believe it's a false positive, and any workaround you've already attempted.
Open Security Check IssueAdministrators will review your request and may adjust the rule's skippability, update the rule configuration, or provide guidance. Raising an issue does not automatically unblock your plugin.
Plugin Tags