93% 2-factor

Code Review | Matoma Two-Factor Authentication

WordPress plugin Matoma Two-Factor Authentication scored 93% from 54 tests.

About plugin

  • Plugin page: 2-factor
  • Plugin version: 1.0.3
  • PHP compatiblity: 7.2+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.5-5.7
  • WordPress version: 5.9.2
  • First release: Nov 13, 2020
  • Latest release: Mar 25, 2021
  • Number of updates: 47
  • Update frequency: every 2.8 days
  • Top authors: matomagmbh (100%)

Code review

54 tests

User reviews

1 review

Install metrics

10+ active / 569 total downloads


Plugin footprint Passed 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
The plugin installed successfully, without throwing any errors or notices

Server metrics [RAM: ▲0.20MB] [CPU: ▼296.70ms] Passed 4 tests

Server-side resources used by Matoma Two-Factor Authentication
Normal server usage
PageMemory (MB)CPU Time (ms)
Home /3.79 ▲0.2860.49 ▼1.39
Dashboard /wp-admin3.63 ▲0.2339.39 ▲3.14
Posts /wp-admin/edit.php3.86 ▲0.2242.73 ▲0.53
Add New Post /wp-admin/post-new.php7.09 ▲0.13108.97 ▼1,188.33
Media Library /wp-admin/upload.php3.52 ▲0.2227.69 ▲2.38
Matoma 2FA /wp-admin/options-general.php?page=mtm-2F-settings3.4828.47

Server storage [IO: ▲0.07MB] [DB: ▲0.00MB] Passed 3 tests

Input-output and database impact of this plugin
No storage issues were detected
Filesystem: 14 new files
Database: no new tables, no new options

Browser metrics Passed 4 tests

An overview of browser requirements for Matoma Two-Factor Authentication
Minimal impact on browser resources
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /3,777 ▲5515.68 ▼0.355.79 ▼0.642.02 ▼0.20
Dashboard /wp-admin2,883 ▲256.13 ▼0.02123.68 ▼14.43196.47 ▲25.44
Posts /wp-admin/edit.php2,693 ▼13.23 ▼0.0162.99 ▼1.65145.29 ▲1.39
Add New Post /wp-admin/post-new.php1,664 ▲316.89 ▲0.75401.51 ▼44.15159.03 ▲4.51
Media Library /wp-admin/upload.php1,706 ▲115.53 ▲0.04139.86 ▼11.90217.98 ▼15.53
Matoma 2FA /wp-admin/options-general.php?page=mtm-2F-settings1,1542.3754.37124.11

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] Passed 4 tests

🔸 Tests weight: 35 | Checking the uninstaller removed all traces of the plugin
The plugin uninstalled completely, with no zombie files or tables

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors
The smoke test was a success, however most plugin functionality was not tested

SRP 50% from 2 tests

🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly
The following issues need your attention
  • 3× PHP files trigger errors when accessed directly with GET requests:
    • > PHP Fatal error
      Uncaught Error: Class 'Mtm_2F_Methode' not found in wp-content/plugins/2-factor/includes/Mtm_2F_EMail.php:4
    • > PHP Fatal error
      Uncaught Error: Class 'Mtm_2F_Methode' not found in wp-content/plugins/2-factor/includes/Mtm_2F_SMS.php:4
    • > PHP Fatal error
      Uncaught Error: Call to undefined function __() in wp-content/plugins/2-factor/mtm-2f.php:13

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a shallow check for browser errors
Everything seems fine, but this is not an exhaustive test


Plugin configuration 90% from 29 tests

readme.txt 94% from 16 tests

It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
Attributes that need to be fixed:
  • Screenshots: Please add images for these screenshots: #1 (settings), #2 (login mask)
The official readme.txt might help

2-factor/mtm-2f.php 85% from 13 tests

The entry point to "Matoma Two-Factor Authentication" version 1.0.3 is a PHP file that has certain tags in its header comment area
Please take the time to fix the following:
  • Text Domain: The text domain must be the same as the plugin slug, although optional since WordPress version 4.6
  • Main file name: It is recommended to name the main PHP file as the plugin slug ("2-factor.php" instead of "mtm-2f.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | A short check of programming languages and file extensions; no executable files are allowed
Good job! No executable or dangerous file extensions detected1,254 lines of code in 11 files:
LanguageFilesBlank linesComment linesLines of code

PHP code Passed 2 tests

This is a short overview of cyclomatic complexity and code structure for this plugin
This plugin has no cyclomatic complexity issues
Cyclomatic complexity
Average complexity per logical line of code0.33
Average class complexity17.43
▷ Minimum class complexity1.00
▷ Maximum class complexity50.00
Average method complexity3.09
▷ Minimum method complexity1.00
▷ Maximum method complexity16.00
Code structure
▷ Abstract classes114.29%
▷ Concrete classes685.71%
▷ Final classes00.00%
▷ Static methods1322.03%
▷ Public methods5694.92%
▷ Protected methods11.69%
▷ Private methods23.39%
▷ Named functions3100.00%
▷ Anonymous functions00.00%
▷ Global constants4100.00%
▷ Class constants00.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin
PNG images were not found in this plugin