93% 2fas

Code Review | 2FAS Classic - Two Factor Authentication

WordPress plugin 2FAS Classic - Two Factor Authentication scored 93% from 54 tests.

About plugin

  • Plugin page: 2fas
  • Plugin version: 3.1.0
  • PHP compatiblity: 5.6+
  • PHP version: 7.4.16
  • WordPress compatibility: 4.2-5.8
  • WordPress version: 5.8.1
  • First release: Aug 31, 2016
  • Latest release: Oct 17, 2021
  • Number of updates: 49
  • Update frequency: every 38.2 days
  • Top authors: 2fas (100%)

Code review

54 tests

User reviews

13 reviews

Install metrics

500+ active / 17,527 total downloads

Benchmarks

Plugin footprint Passed 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | The install procedure must perform silently
Installer ran successfully

Server metrics [RAM: ▲7.62MB] [CPU: ▼84.40ms] 75% from 4 tests

Analyzing server-side resources used by 2FAS Classic - Two Factor Authentication
Please have a look at the following items
  • Extra RAM: Extra memory usage must be kept under 5MB (currently 7.62MB on /wp-admin/admin.php?page=twofas-submenu-dashboard)
PageMemory (MB)CPU Time (ms)
Home /9.50 ▲6.7885.07 ▲64.46
Dashboard /wp-admin10.99 ▲7.9493.96 ▲51.61
Posts /wp-admin/edit.php11.04 ▲7.9489.14 ▲43.33
Add New Post /wp-admin/post-new.php13.31 ▲7.88142.38 ▼489.58
Media Library /wp-admin/upload.php10.88 ▲7.8788.75 ▲57.04
Personal settings /wp-admin/admin.php?page=twofas-submenu-channel9.3357.84
Admin settings /wp-admin/admin.php?page=twofas-submenu-settings9.2858.27
Dashboard /wp-admin/admin.php?page=twofas-submenu-dashboard9.2956.06

Server storage [IO: ▲16.05MB] [DB: ▲0.01MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
This plugin installed successfully
Filesystem: 1,523 new files
Database: 5 new tables, 4 new options
New tables
wp_twofas_session_variables
wp_twofas_migrations
wp_twofas_trusted_devices
wp_twofas_sessions
wp_twofas_authentications
New WordPress options
twofas_trusted_devices_enabled
twofas_privacy_policy_accepted
twofas_plugin_version
twofas_user_migration_allowed

Browser metrics Passed 4 tests

This is an overview of browser requirements for 2FAS Classic - Two Factor Authentication
This plugin renders optimally with no browser resource issues detected
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /3,883 ▲28818.48 ▲2.858.63 ▼1.8857.24 ▲10.66
Dashboard /wp-admin3,128 ▲1977.51 ▲1.37174.68 ▲26.83118.68 ▲0.40
Posts /wp-admin/edit.php2,902 ▲1664.21 ▲1.49107.62 ▲46.12108.36 ▲22.79
Add New Post /wp-admin/post-new.php1,775 ▲16017.54 ▼3.99420.24 ▲131.77134.00 ▲34.24
Media Library /wp-admin/upload.php1,972 ▲1625.92 ▲0.90186.54 ▲43.20124.77 ▲1.32
Personal settings /wp-admin/admin.php?page=twofas-submenu-channel1,3604.62110.20100.69
Admin settings /wp-admin/admin.php?page=twofas-submenu-settings1,3624.61108.6998.14
Dashboard /wp-admin/admin.php?page=twofas-submenu-dashboard1,3604.5394.1293.26

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] Passed 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces
The plugin uninstalled completely, with no zombie files or tables

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | This is a shallow check for server-side errors
Even though everything seems fine, this is not an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Please fix the following items
  • 442× PHP files trigger server errors when accessed directly (only 10 are shown):
    • > PHP Fatal error
      Uncaught Error: Interface 'Interop\\Container\\Exception\\ContainerException' not found in wp-content/plugins/2fas/vendor/php-di/php-di/src/DI/DependencyException.php:10
    • > PHP Fatal error
      Uncaught Error: Class 'WhichBrowser\\Data\\BrowserIds' not found in wp-content/plugins/2fas/vendor/whichbrowser/parser/data/id-android.php:7
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\ode\\Expression\\Binary\\AbstractBinary' not found in wp-content/plugins/2fas/vendor/twig/twig/src/Node/Expression/Binary/OrBinary.php:17
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\\TokenParser\\AbstractTokenParser' not found in wp-content/plugins/2fas/vendor/twig/twig/src/TokenParser/FilterTokenParser.php:29
    • > PHP Fatal error
      Uncaught Error: Interface 'DI\\Definition\\Helper\\DefinitionHelper' not found in wp-content/plugins/2fas/vendor/php-di/php-di/src/DI/Definition/EntryReference.php:14
    • > PHP Fatal error
      Uncaught Error: Class 'WhichBrowser\\Data\\DeviceModels' not found in wp-content/plugins/2fas/vendor/whichbrowser/parser/data/indices/models-kddi.php:5
    • > PHP Fatal error
      Uncaught Error: Interface 'TwoFAS\\Encryption\\Random\\RandomIntGenerator' not found in wp-content/plugins/2fas/vendor/twofas/encryption/src/Random/NonCryptographicalRandomIntGenerator.php:8
    • > PHP Fatal error
      Uncaught Error: Class 'TwoFAS\\TwoFAS\\Update\\Migration' not found in wp-content/plugins/2fas/src/Update/Migrations/Migration_2018_11_30_Create_Trusted_Devices_Table.php:9
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\\TokenParser\\AbstractTokenParser' not found in wp-content/plugins/2fas/vendor/twig/twig/src/TokenParser/SpacelessTokenParser.php:29
    • > PHP Fatal error
      Uncaught Error: Class 'TwoFAS\\Api\\Exception\\IntegrationUserNotFoundException' not found in wp-content/plugins/2fas/vendor/twofas/sdk/src/Exception/ResourceNotFoundException.php:11

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
Everything seems fine on the user side

Optimizations

Plugin configuration 93% from 29 tests

readme.txt 94% from 16 tests

It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
These attributes need your attention:
  • Tags: Too many tags (12 tag instead of maximum 10); only the first 5 tags are used in your directory listing
You can take inspiration from this readme.txt

2fas/twofas.php 92% from 13 tests

This is the main PHP file of "2FAS Classic - Two Factor Authentication" version 3.1.0, providing information about the plugin in the header fields and serving as the principal entry point to the plugin's functions
Please take the time to fix the following:
  • Main file name: Even though not officially enforced, the main plugin file should be the same as the plugin slug ("2fas.php" instead of "twofas.php")

Code Analysis 97% from 3 tests

File types Passed 1 test

🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
Success! There were no dangerous files found in this plugin132,468 lines of code in 1,184 files:
LanguageFilesBlank linesComment linesLines of code
PHP93112,62417,21786,823
JavaScript426,19613,06622,000
CSS9951298,220
Sass36780403,969
reStructuredText852,4552,1833,361
PO File39061,1862,525
Twig4719702,081
Markdown1558201,323
JSON200925
C1171186860
YAML9280302
Bourne Shell16044
C/C++ Header171315
make16015
m41215

PHP code 50% from 2 tests

This plugin's cyclomatic complexity and code structure detailed below
These items need your attention
  • Please reduce cyclomatic complexity of methods to less than 100 (currently 107)
Cyclomatic complexity
Average complexity per logical line of code0.40
Average class complexity7.12
▷ Minimum class complexity1.00
▷ Maximum class complexity484.00
Average method complexity2.89
▷ Minimum method complexity1.00
▷ Maximum method complexity107.00
Code structure
Namespaces121
Interfaces75
Traits25
Classes760
▷ Abstract classes314.08%
▷ Concrete classes72995.92%
▷ Final classes354.80%
Methods2,898
▷ Static methods1274.38%
▷ Public methods2,23076.95%
▷ Protected methods1946.69%
▷ Private methods47416.36%
Functions145
▷ Named functions8357.24%
▷ Anonymous functions6242.76%
Constants430
▷ Global constants102.33%
▷ Class constants42097.67%
▷ Public constants420100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

It is recommended to compress PNG files in your plugin to minimize bandwidth usage
80 compressed PNG files occupy 0.43MB
Potential savings
Compression of 5 random PNG files using pngquant
FileSize - originalSize - compressedSavings
vendor/endroid/qr-code/assets/image/qrv34.png0.26KB0.24KB▼ 7.46%
vendor/endroid/qr-code/assets/image/qrv20.png0.23KB0.22KB▼ 6.69%
vendor/container-interop/container-interop/docs/images/interoperating_containers.png25.13KB12.83KB▼ 48.97%
vendor/endroid/qr-code/assets/image/qrv23.png0.23KB0.21KB▼ 9.32%
assets/sprites/tick.png0.22KB0.38KB0.00%