Omni Guard — Universal Plugin Dependency Safety Net for WordPress


Free & open source
WordPress 6.0+
PHP 8.0+
Zero frontend overhead

Your plugins are
one deactivation
away from a crash.

Omni Guard is the only WordPress plugin that actively prevents the White Screen of Death caused by missing dependencies — through static code scanning, a runtime error handler, pre-flight checks, and developer safety shims. All four layers, all the time, zero configuration.

No configuration needed
Never modifies plugin files
No external API calls
No frontend performance impact

omni-guard — dependency scan

$ wp omni-guard scan
Scanning 14 active plugins…
WooCommerce → wc_get_order() → WC Core
Gravity Forms → GFAPI::get_form() → GF Core
My-Plugin → acf_add_local_field_group() → ACF [risk: medium]
My-Plugin → wpml_object_id() → WPML [MISSING]
Dependencies mapped: 23
Missing right now: 1 (critical)
High-risk links: 3
Incidents (24h): 0
🛡 Runtime guard: active. Site protected.

The gap no one has filled

Plugin A breaks when Plugin B disappears.
WordPress does nothing about it.

WordPress 6.5 introduced the Requires Plugins header — a good step. But it only prevents a plugin from being activated without its dependency. It does nothing when a dependency is removed after activation. That’s where sites die.

🔴 The classic crash sequence

  1. Plugin A (e.g. your custom plugin, a CRM addon, a checkout extension) calls a function from Plugin B (e.g. ACF, WPML, WooCommerce, a premium plugin).
  2. Plugin B is deactivated during maintenance, deleted by a mistake, updated to a version that renames the function, or simply fails to load due to a file error.
  3. Plugin A’s code tries to call the now-missing function at request time.
  4. PHP throws a fatal “Call to undefined function” error. WordPress has no handler for it.
💀

White Screen of Death. Site is down.

Every visitor sees a blank page. Every admin sees nothing. The only fix is SSH access to deactivate the broken plugin manually.

Why existing tools don’t solve this

🔌

WordPress Core (6.5+ headers)

Prevents activation without a dependency. Silent when a dependency is removed after activation. No runtime protection, no function-level scanning, no incident log.

ManageWP / WP Umbrella / MainWP

Site management and uptime monitoring tools. They detect that your site went down after the crash. They don’t prevent it. No dependency mapping, no runtime interception.

🔒

Security plugins (Wordfence, iThemes)

Scan for malware, vulnerability databases, login protection. Not built for plugin-to-plugin dependency safety. They watch the perimeter — not the inter-plugin call graph.

Four-layer architecture

Protection at every stage,
from scan time to shutdown.

Omni Guard operates at four distinct points in the WordPress request lifecycle — catching problems before they happen, during execution, and at the very last moment before PHP dies.

01
Runs twice daily · Cron

Static Code Scanner

Tokenises the PHP source of every active plugin using PHP’s native token_get_all() — no regex, no exec, no external service. Builds a complete map of which plugin calls functions defined in which other plugin. Assigns risk levels (High: auth/payment/security · Medium: data functions · Low: utilities). Runs automatically on a WP-Cron schedule and immediately when any plugin is activated or deactivated.

PHP tokeniser
WP-Cron background
Risk scoring
Never reads file at request time

02
Active on every request · Priority 1

Runtime Error Handler

Registers both set_error_handler() and register_shutdown_function() at plugins_loaded priority 1 — before any other plugin fires. If a “Call to undefined function” error occurs at runtime, Omni Guard catches it, logs the incident with full context (plugin, function, URL, user, timestamp), and — on admin pages — renders a clean recovery screen with actionable next steps instead of a blank page.

Catches fatal errors
Prevents WSOD on admin
Logs to DB + WP_DEBUG_LOG
Email alert option
// What Omni Guard catches and contains:
// Fatal error: Call to undefined function wpml_object_id()
// → Site would have shown blank screen
// → Omni Guard shows recovery notice instead
🛡 Missing dependency intercepted: wpml_object_id()
   Called by: My Custom Plugin
   Rest of site: ✓ operational

03
Every admin request · Before plugin code runs

Pre-flight Dependency Check

On every admin request at init priority 1, reads the full dependency map and calls function_exists() on every known cross-plugin function. Any that return false fire an admin notice and an optional email before any plugin code has a chance to call them. This is the “warn before crash” layer — it catches the window between a plugin being deactivated and the next page load that would have caused the fatal error.

Warns before crash
Admin notice
Deactivation detection
Instant alert on plugin deactivation

04
Developer opt-in · Global helpers

Developer Safety Shims

Three globally available PHP functions that plugin developers can use to make their cross-plugin calls crash-proof without any dependency on Omni Guard being installed. If Omni Guard is absent, the functions don’t exist — which itself is a safe failure (no call is made). If it is installed, they provide full guard + logging + WP_Error return instead of a crash.

og_call()
og_exists()
og_guard()
Works without Omni Guard installed

Market landscape

No other plugin does this.
Here’s the evidence.

We compared Omni Guard against every category of existing tool that someone might reasonably expect to solve this problem. None of them do.

Feature / Capability 🛡 Omni Guard WordPress 6.5+
Requires Plugins header
ManageWP
GoDaddy
WP Umbrella
SaaS
MainWP
Self-hosted
Wordfence
Security
Core dependency safety
Static cross-plugin dependency scanningAnalyses PHP source to map which plugin calls functions from which other plugin Full tokeniser-based scan
Runtime interception of undefined function callsCatches fatal PHP errors before they kill the page set_error_handler + shutdown
White Screen of Death preventionSite stays up when a dependency is missing Recovery screen on admin Site crashes Detects after crash Detects after crash Detects after crash
Pre-flight check before crashWarns that a function is missing before any plugin code calls it Every admin request
Instant alert on plugin deactivationFires immediately when a provider plugin is turned off, before anyone hits the broken page Hooks deactivated_plugin ~ Blocks deactivation if dependents active
Dependency risk scoringHigh / Medium / Low based on function type (auth, data, utility) 3-level scoring
Developer tools
Safe-call shim (og_call())Global helper that returns WP_Error instead of crashing if function missing
Fallback-call shim (og_guard())Calls function if exists, otherwise runs a fallback callable
REST API for dependency dataJSON endpoints for integration with external monitoring ~ Site-level API ~ Public API (site mgmt)
Monitoring & alerting
Incident log with full contextPer-incident record: function, caller plugin, URL, user, timestamp, detection method DB-stored, searchable ~ Error log PHP error monitoring ~ Via extensions ~ Activity log
Email alert for missing dependencyThrottled: once per function per hour, max 5/day Built-in Premium add-on Included Via extensions Premium
Uptime monitoring (detects site-down post-crash)Pings site externally and alerts when it goes offline Not in scope Premium Included Via extension
Deployment & cost
Pricing Free, open source Free (WP Core) Free base + $1–2/site/month for add-ons €1.99/site/month, all features Free base + $199/yr Pro Free + $119/yr Premium
Single-site install (no external service) Requires external SaaS Requires external SaaS ~ Self-hosted dashboard
Zero frontend performance impact Cron-only, no frontend hooks ~ Agent plugin ~ Agent plugin ~ Agent plugin Frontend scanning overhead
Never modifies other plugin files Read-only

† ManageWP/WP Umbrella/MainWP are multi-site management SaaS platforms — they solve a different problem (site management at scale) and detect crashes reactively. They are not competitors in function; they are listed because admins often check whether they cover this gap. They don’t.

Everything included

One plugin. Complete protection.

Every feature ships in the free plugin. No tiers, no upsells, no SaaS account required.

PHP Tokeniser Scanner

Uses token_get_all() — not regex. Accurately identifies function definitions and calls across the entire plugin codebase, skipping vendors, tests, and files over 512 KB.

Runtime Error Interception

Catches fatal “Call to undefined function” errors at the PHP level. Shows a structured recovery page on admin instead of a blank screen. Logs full context automatically.

Pre-flight Checking

Reads the dependency map on every admin request and verifies every mapped function still exists. Fires admin notices before any crash can occur.

Instant Deactivation Alert

Hooks deactivated_plugin. When a provider plugin is turned off, immediately identifies every function it provided that other plugins depend on and logs critical incidents.

Dependency Health Dashboard

Full admin UI: KPI cards, live dependency map with risk badges, incident log with severity filter, pre-flight status, and developer code examples — all in one page.

REST API

Four JSON endpoints: /status, /dependencies, /incidents, /preflight. Integrate with external monitoring dashboards or custom tooling.

Throttled Email Alerts

Sends an HTML email when a missing function is detected. Intelligently throttled: once per function per hour, maximum 5 per day — no alert fatigue.

Incident Log

Every missing-function event is stored with caller plugin, called function, severity, detection method, URL, user ID, and timestamp. Filterable, paginatable, exportable.

Whitelist & Ignore Lists

Exclude specific functions from tracking (whitelist) or skip entire plugins from being scanned (ignore list). Fully configurable from the Settings page.

For plugin developers

Three functions that make
your plugin bulletproof.

If your plugin calls functions from another plugin, you have two choices: hope it never gets deactivated, or use the Omni Guard shims. The shims degrade safely if Omni Guard itself isn’t installed.

og_call()
Safe call

Calls the function if it exists. Returns a WP_Error and logs the incident if it doesn’t. Your site never crashes.

// Instead of:
wpml_object_id($id, 'post');

// Use:
$result = og_call(
  'wpml_object_id',
  $id,
  'post'
);
if (is_wp_error($result)) {
  // Handle gracefully
}

og_exists()
Existence check

A readable, self-documenting wrapper for function_exists() that signals intent to Omni Guard’s scanner.

// Instead of:
if (function_exists(
  'acf_add_local_field_group'
)) { ... }

// Use:
if (og_exists(
  'acf_add_local_field_group'
)) {
  acf_add_local_field_group($config);
}

og_guard()
Call with fallback

Calls the function if it exists; otherwise calls your fallback. Ideal for optional enhancements where a default value is acceptable.

// Run function or use fallback:
$price = og_guard(
  'wc_price',
  fn() => 'N/A',
  $amount
);

// og_guard returns wc_price($amount)
// if WooCommerce is active, or
// 'N/A' if it isn't.

Works without Omni Guard installed

If your plugin uses these shims and Omni Guard is not installed on the end user’s site, the functions simply don’t exist — which means the shim call itself would fail. To handle this, wrap in a standard function_exists() check:

// Fully portable pattern:
$result = function_exists('og_call')
  ? og_call('some_plugin_func', $args)
  : (function_exists('some_plugin_func') ? some_plugin_func($args) : null);

Pricing

Free forever. No catches.

Omni Guard is open source and free because dependency safety is a basic infrastructure concern, not a premium feature.

What Omni Guard doesn’t do

Omni Guard is a dependency safety plugin, not a site management platform. These remain out of scope by design:

  • Uptime monitoring (use WP Umbrella, ManageWP)
  • Backup & restore (use UpdraftPlus, WP Umbrella)
  • Multi-site dashboard (use MainWP, ManageWP)
  • Security scanning / malware (use Wordfence)
  • Plugin version management (use WordPress core)
  • Composer / autoload management

These tools are all good at what they do. Use them alongside Omni Guard.

FAQ

Common questions

Does Omni Guard fix missing dependencies?
No. It prevents your site from crashing when they go missing, logs the incident, and alerts you so you can take action. The fix is either re-activating the missing plugin, removing the dependency, or using og_call() to handle the missing state gracefully. Omni Guard is the safety net, not the solution.
Does it slow down my site?
No measurable frontend impact. The scanner runs in WP-Cron background tasks, never on a frontend request. The runtime error handler registers one PHP error handler — effectively zero overhead. The pre-flight check runs once per admin request, reading a small DB result set and calling function_exists() on each mapped function. This takes microseconds.
Does the scanner modify any plugin files?
Never. Omni Guard is strictly read-only at the filesystem level. It reads PHP files to build the dependency map and never writes to them, patches them, or instruments them in any way.
What’s the difference between Omni Guard and WordPress 6.5’s Requires Plugins header?
The Requires Plugins header (introduced in WordPress 6.5) prevents a plugin from being activated if its declared dependency isn’t already active. That’s a good start. But it does nothing when a dependency is removed after activation, which is exactly when crashes happen. It also requires the plugin developer to explicitly declare the dependency — it doesn’t scan code to find undeclared ones. Omni Guard catches both declared and undeclared dependencies, and protects the live site rather than just blocking activation.
Does it work with WooCommerce, ACF, WPML, Gravity Forms, etc.?
Yes. The scanner analyses any PHP function call, from any plugin to any other plugin. It doesn’t have a hardcoded list of plugins to watch — it builds the dependency graph dynamically by reading the actual source code. WooCommerce, ACF, WPML, Gravity Forms, Elementor, and any other plugin are all covered automatically.
What happens if Omni Guard itself is deactivated?
The protection layers are removed. The site behaves as it did before Omni Guard was installed — no crash-proofing, no interception, no pre-flight checks. The og_call(), og_exists(), and og_guard() functions no longer exist, so any plugin using them will need to wrap calls in a function_exists('og_call') check (as shown in the Developer section). The DB tables and incident history persist unless you’ve enabled “Delete on Uninstall” in Settings.
Can I use Omni Guard alongside ManageWP, WP Umbrella, or MainWP?
Yes, and you should. They solve different problems. ManageWP, WP Umbrella, and MainWP are multi-site management platforms — they manage updates, backups, and detect when a site has already gone down. Omni Guard prevents the site from going down in the first place due to a missing plugin dependency. They are complementary, not competing.
Is the data stored anywhere externally?
No. Omni Guard stores all data (dependency map, incident log, settings) in your WordPress database only. There are no external API calls, no SaaS account, no data leaves your server. The scanner reads your plugin files locally. Email alerts use your WordPress site’s own wp_mail().
Does the scanner find 100% of dependencies?
It finds direct function calls in PHP source files. It won’t catch: (1) functions called via variable ($func = 'foo'; $func();), (2) functions resolved through call_user_func with a runtime string, (3) dependencies in JavaScript or REST calls. These edge cases are inherently undetectable without running the code. For the vast majority of real plugin-to-plugin dependencies (direct PHP function calls), the tokeniser approach is accurate and complete.

Get started in 60 seconds

Your site is one plugin deactivation
away from going dark.

Install Omni Guard. Run the scan. Know exactly what would break and why — before anything does.

WordPress.org hosted · GPL v2 · PHP 8.0+ · WordPress 6.0+ · No SaaS account · No credit card