diff --git a/.github/workflows/php-sast.yml b/.github/workflows/php-sast.yml
index 2669bab..b3935e8 100644
--- a/.github/workflows/php-sast.yml
+++ b/.github/workflows/php-sast.yml
@@ -24,13 +24,56 @@ jobs:
     # - name: Validate composer.json and composer.lock
     #   run: composer validate --strict
 
+    # This config file gets auto-loaded by PHPStan
+    # !!!! The old bcc-signon plugin and the bcc-wp-proxy plugin are excluded from analysis!
+    - name: Set PHPStan config
+      run: |
+        cat <<'EOF' > phpstan.neon
+        parameters:
+          level: 1 # form 0 to 11 where 0 is the loosest and 11 the strictest
+          errorFormat: github
+          paths:
+            - plugins
+          scanFiles:
+            - custom-defs.stub
+          bootstrapFiles:
+            - plugins/bcc-login/bcc-login.php
+          ignoreErrors:
+            - '#Path in require\(\) "build/.+\.asset\.php" is not a file or it does not exist\.#'
+          excludePaths:
+            - plugins/bcc-signon/*
+            - plugins/bcc-wp-proxy/*
+        includes:
+          - vendor/szepeviktor/phpstan-wordpress/extension.neon
+        EOF
+
+    - name: Create custom stubs for plugin functions. If this grows too big it can be commited as a separate file
+      run: |
+        cat <<'EOF' > custom-defs.stub
+        <?php
+
+        /**
+        * @param mixed $post_id
+        * @return mixed|null
+        */
+        function get_field(
+            string $selector,
+            $post_id = false,
+            bool $format_value = true,
+            bool $escape_html = false
+        ) {};
+
+        /**
+        * @return string
+        */
+        function get_culture() {};
+        EOF
+
     - name: Install PHPStan and Wordpress-stub
       run: |
         composer require --dev phpstan/phpstan
         composer require --dev szepeviktor/phpstan-wordpress
-        composer config --no-plugins allow-plugins.phpstan/extension-installer true
-        composer require --dev phpstan/extension-installer
 
     - name: Run PHPStan
-      run: vendor/bin/phpstan analyse plugins/* --error-format github --no-progress
+      run: vendor/bin/phpstan analyse --no-progress
 
diff --git a/plugins/bcc-keep-translated-posts-status-same-as-original/includes/class-bcc-keep-translated-posts-status-same-as-original-updater.php b/plugins/bcc-keep-translated-posts-status-same-as-original/includes/class-bcc-keep-translated-posts-status-same-as-original-updater.php
index 3313e9d..ab385e2 100644
--- a/plugins/bcc-keep-translated-posts-status-same-as-original/includes/class-bcc-keep-translated-posts-status-same-as-original-updater.php
+++ b/plugins/bcc-keep-translated-posts-status-same-as-original/includes/class-bcc-keep-translated-posts-status-same-as-original-updater.php
@@ -153,7 +153,7 @@ public function update( $transient ) {
 
 	}
 
-	public function purge(){
+	public function purge( $upgrader_object, $options ){
 
 		if (
 			$this->cache_allowed
diff --git a/plugins/bcc-login/bcc-login.php b/plugins/bcc-login/bcc-login.php
index b08a378..f87f9f2 100644
--- a/plugins/bcc-login/bcc-login.php
+++ b/plugins/bcc-login/bcc-login.php
@@ -66,7 +66,7 @@ private function __construct(){
         $this->_users = new BCC_Login_Users($this->_settings);
         $this->_visibility = new BCC_Login_Visibility( $this->_settings, $this->_client, $this->_coreapi );
         $this->_widgets = new BCC_Login_Widgets( $this->_settings, $this->_client );
-        $this->_feed = new BCC_Login_Feed( $this->_settings, $this->_client, $this->_visibility );
+        $this->_feed = new BCC_Login_Feed( $this->_settings, $this->_client );
         $this->_updater = new BCC_Login_Updater( $this->plugin, $this->plugin_slug, $this->plugin_version, $this->plugin_name );
         $this->_notifications = new BCC_Notifications( $this->_settings, $this->_coreapi );
 
diff --git a/plugins/bcc-login/endpoints/logout.php b/plugins/bcc-login/endpoints/logout.php
index 329a0c4..2d9f595 100644
--- a/plugins/bcc-login/endpoints/logout.php
+++ b/plugins/bcc-login/endpoints/logout.php
@@ -5,13 +5,14 @@
 /** backchannel logout */
 $logout_token = $_POST['logout_token'];
 $token_id = '';
+$state = '';
 
 if ( $logout_token )
 {
     // OIDC backchannel logout. Retrieve session ID from logout_token.
     $logout_token_claims = BCC_Login_Token_Utility::get_token_claims( $logout_token );
-    $sid = $logout_token_claims['sid'];
-    if ( $sid && ! empty ( $sid )) {
+    $sid = $logout_token_claims['sid'] ?? '';
+    if ( ! empty ( $sid ) ) {
         $token_id = md5 ( $sid );
     }
     if ( ! empty( $token_id ) ) {
diff --git a/plugins/bcc-login/includes/class-bcc-login-client.php b/plugins/bcc-login/includes/class-bcc-login-client.php
index 654e0c7..263ae21 100644
--- a/plugins/bcc-login/includes/class-bcc-login-client.php
+++ b/plugins/bcc-login/includes/class-bcc-login-client.php
@@ -204,8 +204,8 @@ function create_new_user( $person_id, $email, $id_token_claims ) {
             'user_email' => $email,
             'display_name' => $displayname,
             'nickname' => $nickname,
-            'first_name' => isset( $user_claim['given_name'] ) ? $user_claim['given_name'] : '',
-            'last_name' => isset( $user_claim['family_name'] ) ? $user_claim['family_name'] : '',
+            'first_name' => isset( $id_token_claims['given_name'] ) ? $id_token_claims['given_name'] : '',
+            'last_name' => isset( $id_token_claims['family_name'] ) ? $id_token_claims['family_name'] : '',
         );
 
         // Create the new user.
diff --git a/plugins/bcc-login/includes/class-bcc-login-endpoints.php b/plugins/bcc-login/includes/class-bcc-login-endpoints.php
index f48e6f9..88e035b 100644
--- a/plugins/bcc-login/includes/class-bcc-login-endpoints.php
+++ b/plugins/bcc-login/includes/class-bcc-login-endpoints.php
@@ -9,7 +9,7 @@ function __construct( BCC_Login_Settings $settings ) {
 
         add_action( 'init', array( $this, 'add_rewrite_rules' ) );
         add_filter( 'query_vars', array( $this, 'add_query_vars' ) );
-        add_action( 'template_include', array( $this, 'include_endpoint' ), 99 );
+        add_filter( 'template_include', array( $this, 'include_endpoint' ), 99 );
     }
 
     /**
diff --git a/plugins/bcc-login/includes/class-bcc-login-feed.php b/plugins/bcc-login/includes/class-bcc-login-feed.php
index 690fcee..c932a41 100644
--- a/plugins/bcc-login/includes/class-bcc-login-feed.php
+++ b/plugins/bcc-login/includes/class-bcc-login-feed.php
@@ -3,9 +3,8 @@
 class BCC_Login_Feed {
     private BCC_Login_Settings $_settings;
     private BCC_Login_Client $_client;
-    private BCC_Login_Visibility $_visibility;
 
-    function __construct( BCC_Login_Settings $settings, BCC_Login_Client $client, BCC_Login_Visibility $visibility ) {
+    function __construct( BCC_Login_Settings $settings, BCC_Login_Client $client ) {
         $this->_settings = $settings;
         $this->_client = $client;
         add_action( 'pre_get_posts', array( $this, 'add_paging_support') );
diff --git a/plugins/bcc-login/includes/class-bcc-login-settings.php b/plugins/bcc-login/includes/class-bcc-login-settings.php
index 25ef86b..844134b 100644
--- a/plugins/bcc-login/includes/class-bcc-login-settings.php
+++ b/plugins/bcc-login/includes/class-bcc-login-settings.php
@@ -119,7 +119,7 @@ function __construct () {
                 $settings->$key = constant( $constant );
             } else {
                 $env = getenv( $constant );
-                if ( isset( $env ) && ! is_null( $env ) && $env != '') {
+                if ( $env !== false && $env != '') {
                     $settings->$key = $env;
                 }
             }
diff --git a/plugins/bcc-login/includes/class-bcc-login-updater.php b/plugins/bcc-login/includes/class-bcc-login-updater.php
index 639f51b..2e72f7e 100644
--- a/plugins/bcc-login/includes/class-bcc-login-updater.php
+++ b/plugins/bcc-login/includes/class-bcc-login-updater.php
@@ -157,7 +157,7 @@ public function update( $transient ) {
 
 	}
 
-	public function purge(){
+	public function purge( $upgrader_object, $options ){
 
 		if (
 			$this->cache_allowed
diff --git a/plugins/bcc-login/includes/class-bcc-login-visibility.php b/plugins/bcc-login/includes/class-bcc-login-visibility.php
index be3b266..c306c3a 100644
--- a/plugins/bcc-login/includes/class-bcc-login-visibility.php
+++ b/plugins/bcc-login/includes/class-bcc-login-visibility.php
@@ -487,7 +487,7 @@ function on_block_editor_assets() {
      * applies to category lists and REST API results.
      *
      * @param WP_Query $query
-     * @return WP_Query
+     * @return void
      */
     function filter_pre_get_posts( $query ) {
         // Don't filter posts for Phrase
@@ -1158,7 +1158,7 @@ function render_visibility_meta_box_to_attachments( $post ) {
     /**
      * Save visibility value to attachments.
      */
-    function save_visibility_to_attachments( $attach_id ) {
+    function save_visibility_to_attachments( $attach_id, $post_after, $post_before ) {
         if ( !current_user_can( 'edit_post', $attach_id ) ) {
             return;
         }
diff --git a/plugins/bcc-login/includes/class-bcc-notifications.php b/plugins/bcc-login/includes/class-bcc-notifications.php
index 3aa2b49..736bbe6 100644
--- a/plugins/bcc-login/includes/class-bcc-notifications.php
+++ b/plugins/bcc-login/includes/class-bcc-notifications.php
@@ -196,7 +196,7 @@ public function send_notification($post_id) {
 
                     $templates = array_key_exists($wp_lang, $this->settings->notification_templates)
                         ? $this->settings->notification_templates[$wp_lang]
-                        : (array_key_exists($site_language, $this->_settings->notification_templates)
+                        : (array_key_exists($site_language, $this->settings->notification_templates)
                             ? $this->settings->notification_templates[$site_language]
                             : null);
 
diff --git a/plugins/bcc-login/includes/class-bcc-storage.php b/plugins/bcc-login/includes/class-bcc-storage.php
index 494fa66..c2c01e3 100644
--- a/plugins/bcc-login/includes/class-bcc-storage.php
+++ b/plugins/bcc-login/includes/class-bcc-storage.php
@@ -1,8 +1,6 @@
 <?php
 
 class BCC_Storage {
-    private BCC_Encryption $_encryption;
-
     private $_encryption_key;
     private $_encryption_method = "AES-256-CBC";
 
diff --git a/plugins/bcc-login/snippets/login-scripts.php b/plugins/bcc-login/snippets/login-scripts.php
index ab302dd..23ae056 100644
--- a/plugins/bcc-login/snippets/login-scripts.php
+++ b/plugins/bcc-login/snippets/login-scripts.php
@@ -15,11 +15,11 @@
 (function () {
     var webAuth = new auth0.WebAuth({
         domain: 'login.bcc.no',
-        clientID: '<?= $clientID ?>',
-        scope: '<?= $scope ?>',
+        clientID: '<?= $clientID ?? '' ?>',
+        scope: '<?= $scope ?? '' ?>',
         responseType: 'id_token',
         responseMode: 'fragment',
-        redirectUri: location.origin + '/<?= $redirectPath ?>'
+        redirectUri: location.origin + '/<?= $redirectPath ?? '' ?>'
     });
     setTimeout(function () {
         webAuth.checkSession({prompt: 'none'}, function (err, authResult) {
diff --git a/plugins/bcc-post-update-translations-notifier/includes/class-bcc-post-update-translations-notifier-updater.php b/plugins/bcc-post-update-translations-notifier/includes/class-bcc-post-update-translations-notifier-updater.php
index ba50ab3..9b28ea9 100644
--- a/plugins/bcc-post-update-translations-notifier/includes/class-bcc-post-update-translations-notifier-updater.php
+++ b/plugins/bcc-post-update-translations-notifier/includes/class-bcc-post-update-translations-notifier-updater.php
@@ -153,7 +153,7 @@ public function update( $transient ) {
 
 	}
 
-	public function purge(){
+	public function purge( $upgrader_object, $options ){
 
 		if (
 			$this->cache_allowed