diff --git a/.github/workflows/phpcs.yml b/.github/workflows/phpcs.yml
index ea4c9f2..870119f 100644
--- a/.github/workflows/phpcs.yml
+++ b/.github/workflows/phpcs.yml
@@ -5,7 +5,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
@@ -14,6 +14,10 @@ jobs:
           tools: composer, cs2pr
       - name: Install Composer dependencies for PHP
         uses: "ramsey/composer-install@v2"
-      - name: Detect coding standard violations
-        run: composer lint
+      - name: Check PHP code style
+        id: phpcs
+        run: composer phpcs -- --config-set ignore_warnings_on_exit 1 --no-cache --report-full --report-checkstyle=./phpcs-report.xml
+      - name: Show PHPCS results in PR
+        if: ${{ always() && steps.phpcs.outcome == 'failure' }}
+        run: cs2pr ./phpcs-report.xml
 
diff --git a/composer.json b/composer.json
index 3e03655..0831b97 100644
--- a/composer.json
+++ b/composer.json
@@ -27,14 +27,16 @@
     "composer/installers": "~1.0 || ~2.0"
   },
   "require-dev": {
-    "squizlabs/php_codesniffer": "^2.2 || ^3.5",
+    "squizlabs/php_codesniffer": "^3.11",
     "phpcompatibility/php-compatibility": "*",
     "wp-coding-standards/wpcs": "*",
     "dealerdirect/phpcodesniffer-composer-installer": "^1.0",
     "phpcompatibility/phpcompatibility-wp": "*",
     "sebastian/phpcpd": "^3.0 || ^4.0 || ^6.0",
     "yoast/phpunit-polyfills": "^3.0",
-    "mf2/mf2": "^0.5.0"
+    "mf2/mf2": "^0.5.0",
+    "sirbrillig/phpcs-variable-analysis": "^2.11",
+    "wp-cli/wp-cli": "^2.11"
   },
   "scripts": {
     "install-codestandards": [
@@ -46,6 +48,7 @@
     ],
     "setup-local-tests": "bash bin/install-wp-tests.sh wordpress_test root root 127.0.0.1 latest",
     "phpunit": "./vendor/bin/phpunit",
+    "plugin-check": "./vendor/bin/wp plugin check simple-location --exclude-checks=file_type --exclude-directories='./bin','./.github'",
     "test": [
       "composer update",
       "bin/install-wp-tests.sh wordpress wordpress wordpress",
@@ -56,11 +59,11 @@
       "cp -u -r vendor/mf2/mf2/*.md lib/mf2"
     ],
     "lint": [
-      "./vendor/bin/phpcs -n -p",
+      "./vendor/bin/phpcs -n",
       "@phpcpd"
     ],
-    "phpcs": "./vendor/bin/phpcs -p",
-    "phpcbf": "./vendor/bin/phpcbf -p",
+    "phpcs": "./vendor/bin/phpcs",
+    "phpcbf": "./vendor/bin/phpcbf",
     "phpcpd": "./vendor/bin/phpcpd --fuzzy --exclude .git --exclude vendor --exclude tests --exclude node_modules ."
   }
 }
diff --git a/includes/class-external-token.php b/includes/class-external-token.php
index d794620..f488242 100644
--- a/includes/class-external-token.php
+++ b/includes/class-external-token.php
@@ -107,7 +107,7 @@ protected function refresh_token( $token ) {
 		$code = wp_remote_retrieve_response_code( $resp );
 
 		if ( 2 !== (int) ( $code / 100 ) ) {
-			return $false;
+			return false;
 		}
 
 		$body = wp_remote_retrieve_body( $resp );
@@ -291,7 +291,7 @@ public function verify( $key ) {
 		$code = wp_remote_retrieve_response_code( $resp );
 
 		if ( 2 !== (int) ( $code / 100 ) ) {
-			return $false;
+			return false;
 		}
 
 		$body = wp_remote_retrieve_body( $resp );
diff --git a/includes/class-indieauth-authorize.php b/includes/class-indieauth-authorize.php
index 2beeb29..a3d1595 100644
--- a/includes/class-indieauth-authorize.php
+++ b/includes/class-indieauth-authorize.php
@@ -147,7 +147,7 @@ public function determine_current_user( $user_id ) {
 			__( 'User Not Found on this Site', 'indieauth' ),
 			401,
 			array(
-				'response' => $me,
+				'response' => $params,
 			)
 		);
 		return $user_id;
diff --git a/includes/class-indieauth-client-discovery.php b/includes/class-indieauth-client-discovery.php
index b9974bb..6bea71e 100644
--- a/includes/class-indieauth-client-discovery.php
+++ b/includes/class-indieauth-client-discovery.php
@@ -128,6 +128,7 @@ private function parse( $url ) {
 					}
 				}
 			} else {
+				$domdocument       = new DOMDocument( wp_remote_retrieve_body( $response ) );
 				$this->client_icon = $this->determine_icon( $this->rels );
 				$this->get_html( $domdocument );
 				$this->client_name = $this->html['title'];
diff --git a/includes/class-indieauth-client-taxonomy.php b/includes/class-indieauth-client-taxonomy.php
index a478a06..8b26082 100755
--- a/includes/class-indieauth-client-taxonomy.php
+++ b/includes/class-indieauth-client-taxonomy.php
@@ -215,7 +215,7 @@ public static function get_client( $url = null ) {
 					'name'          => $term->name,
 					'id'            => $term->term_id,
 					'icon'          => get_term_meta( $term->term_id, 'icon', true ),
-					'uri'          => get_term_meta( $term->term_id, 'client_uri', true ),
+					'uri'           => get_term_meta( $term->term_id, 'client_uri', true ),
 					'last_modified' => get_term_meta( $term->term_id, 'last_modified', true ),
 				);
 			}
@@ -249,7 +249,7 @@ public static function get_client( $url = null ) {
 			'name'          => $term->name,
 			'id'            => $term->term_id,
 			'icon'          => get_term_meta( $term->term_id, 'icon', true ),
-			'uri'          => get_term_meta( $term->term_id, 'client_uri', true ),
+			'uri'           => get_term_meta( $term->term_id, 'client_uri', true ),
 			'last_modified' => get_term_meta( $term->term_id, 'last_modified', true ),
 		);
 	}
diff --git a/includes/class-indieauth-endpoint.php b/includes/class-indieauth-endpoint.php
index f102e3f..e949db7 100644
--- a/includes/class-indieauth-endpoint.php
+++ b/includes/class-indieauth-endpoint.php
@@ -90,9 +90,9 @@ public function set_token( $token, $expiration = null, $user_id = null ) {
 			return false;
 		}
 		if ( ! $user_id ) {
-			$user_id = get_user_by_identifier( $token['me'] );
+			$user = get_user_by_identifier( $token['me'] );
 			if ( $user instanceof WP_User ) {
-				$user_id = $user_id->ID;
+				$user_id = $user->ID;
 			} else {
 				return false;
 			}
diff --git a/includes/class-indieauth-token-endpoint.php b/includes/class-indieauth-token-endpoint.php
index 283d564..c9ddbe6 100644
--- a/includes/class-indieauth-token-endpoint.php
+++ b/includes/class-indieauth-token-endpoint.php
@@ -331,11 +331,11 @@ public function verify_local_authorization_code( $args ) {
 		}
 		if ( isset( $return['code_challenge'] ) ) {
 			if ( ! isset( $args['code_verifier'] ) ) {
-				$tokens->destroy( $post_args['code'] );
+				$codes->destroy( $args['code'] );
 				return new WP_OAuth_Response( 'invalid_grant', __( 'Failed PKCE Validation', 'indieauth' ), 400 );
 			}
 			if ( ! pkce_verifier( $return['code_challenge'], $args['code_verifier'], $return['code_challenge_method'] ) ) {
-				$tokens->destroy( $args['code'] );
+				$codes->destroy( $args['code'] );
 				return new WP_OAuth_Response( 'invalid_grant', __( 'Failed PKCE Validation', 'indieauth' ), 400 );
 			}
 			unset( $return['code_challenge'] );
diff --git a/phpcs.xml b/phpcs.xml
index 7436c7c..1d298cb 100644
--- a/phpcs.xml
+++ b/phpcs.xml
@@ -55,4 +55,5 @@
 	</rule>
 
 	<rule ref="WordPress-Extra" />
+	<rule ref="VariableAnalysis"/>
 </ruleset>
diff --git a/readme.md b/readme.md
index 69eaaba..a34d523 100644
--- a/readme.md
+++ b/readme.md
@@ -3,7 +3,7 @@
 **Tags:** IndieAuth, IndieWeb, IndieWebCamp, login  
 **Requires at least:** 4.9.9  
 **Requires PHP:** 7.2  
-**Tested up to:** 6.6  
+**Tested up to:** 6.7
 **Stable tag:** 4.5.2  
 **License:** MIT  
 **License URI:** http://opensource.org/licenses/MIT  
diff --git a/readme.txt b/readme.txt
index 781c445..2fe5a40 100644
--- a/readme.txt
+++ b/readme.txt
@@ -3,7 +3,7 @@ Contributors: indieweb, pfefferle, dshanske
 Tags: IndieAuth, IndieWeb, IndieWebCamp, login
 Requires at least: 4.9.9
 Requires PHP: 7.2
-Tested up to: 6.6
+Tested up to: 6.7
 Stable tag: 4.5.2
 License: MIT
 License URI: http://opensource.org/licenses/MIT