87% 2fas

Code Review | 2FAS Classic - Two Factor Authentication

WordPress plugin 2FAS Classic - Two Factor Authentication scored 87% from 54 tests.

About plugin

  • Plugin page: 2fas
  • Plugin version: 3.2.0
  • PHP compatiblity: 5.6+
  • PHP version: 7.4.16
  • WordPress compatibility: 4.2-5.8
  • WordPress version: 5.8.1
  • First release: Aug 31, 2016
  • Latest release: Dec 1, 2021
  • Number of updates: 50
  • Update frequency: every 38.4 days
  • Top authors: 2fas (100%)

Code review

54 tests

User reviews

13 reviews

Install metrics

300+ active / 18,329 total downloads


Plugin footprint Passed 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | The install procedure must perform silently
Installer ran successfully

Server metrics [RAM: ▲7.61MB] [CPU: ▼121.35ms] 75% from 4 tests

Analyzing server-side resources used by 2FAS Classic - Two Factor Authentication
Please have a look at the following items
  • Extra RAM: Extra memory usage must be kept under 5MB (currently 7.61MB on /wp-admin/admin.php?page=twofas-submenu-dashboard)
PageMemory (MB)CPU Time (ms)
Home /9.45 ▲6.6162.25 ▲35.40
Dashboard /wp-admin11.05 ▲7.9891.02 ▲47.72
Posts /wp-admin/edit.php11.10 ▲7.9978.89 ▲41.13
Add New Post /wp-admin/post-new.php13.36 ▲7.92117.70 ▼600.76
Media Library /wp-admin/upload.php10.93 ▲7.9270.09 ▲38.82
Personal settings /wp-admin/admin.php?page=twofas-submenu-channel9.2850.61
Admin settings /wp-admin/admin.php?page=twofas-submenu-settings9.2451.66
Dashboard /wp-admin/admin.php?page=twofas-submenu-dashboard9.2548.74

Server storage [IO: ▲16.02MB] [DB: ▲0.01MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
This plugin installed successfully
Filesystem: 1,519 new files
Database: 5 new tables, 4 new options
New tables
New WordPress options

Browser metrics Passed 4 tests

This is an overview of browser requirements for 2FAS Classic - Two Factor Authentication
This plugin renders optimally with no browser resource issues detected
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /3,870 ▲26918.54 ▲2.584.93 ▼3.3186.48 ▲12.25
Dashboard /wp-admin3,093 ▲1987.54 ▲1.29164.96 ▲32.62171.36 ▼3.92
Posts /wp-admin/edit.php2,903 ▲1974.69 ▲1.33109.46 ▲42.70155.83 ▲18.55
Add New Post /wp-admin/post-new.php1,599 ▼2,21422.07 ▲3.42441.20 ▼36.18191.40 ▲28.63
Media Library /wp-admin/upload.php1,913 ▲1616.40 ▲0.90165.66 ▲20.76177.67 ▼2.92
Personal settings /wp-admin/admin.php?page=twofas-submenu-channel1,3575.00117.82149.71
Admin settings /wp-admin/admin.php?page=twofas-submenu-settings1,3574.99121.70135.53
Dashboard /wp-admin/admin.php?page=twofas-submenu-dashboard1,3574.99100.19152.93

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] Passed 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces
The plugin uninstalled completely, with no zombie files or tables

Smoke tests 50% from 4 tests

Server-side errors 0% from 1 test

🔹 Test weight: 20 | This is a shallow check for server-side errors
Smoke test failed, please fix the following
  • 3 occurences, only the last one shown
    • > GET request to /wp-admin/admin.php?page=twofas-submenu-dashboard
    • > Notice in wp-content/plugins/2fas/src/Helpers/Config.php+56
    Undefined index: pusher_key

SRP 50% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Please fix the following items
  • 440× PHP files trigger server errors when accessed directly (only 10 are shown):
    • > PHP Fatal error
      Uncaught Error: Interface 'Invoker\\ParameterResolver\\ParameterResolver' not found in wp-content/plugins/2fas/vendor/php-di/invoker/src/ParameterResolver/ResolverChain.php:14
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\ode\\Expression\\AbstractExpression' not found in wp-content/plugins/2fas/vendor/twig/twig/src/Node/Expression/Binary/AbstractBinary.php:18
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\\TokenParser\\AbstractTokenParser' not found in wp-content/plugins/2fas/vendor/twig/twig/src/TokenParser/SandboxTokenParser.php:31
    • > PHP Fatal error
      Uncaught Error: Class 'TwoFAS\\TwoFAS\\Authentication\\Middleware\\Middleware' not found in wp-content/plugins/2fas/src/Authentication/Middleware/Trusted_Device_Login.php:17
    • > PHP Fatal error
      Uncaught Error: Interface 'TwoFAS\\Core\\Hooks\\Hook_Interface' not found in wp-content/plugins/2fas/src/Hooks/Action_Links_Filter.php:8
    • > PHP Fatal error
      Uncaught Error: Class 'Twig\ode\\Expression\\Binary\\AbstractBinary' not found in wp-content/plugins/2fas/vendor/twig/twig/src/Node/Expression/Binary/BitwiseXorBinary.php:17
    • > PHP Fatal error
      Uncaught Error: Interface 'Twig\\RuntimeLoader\\RuntimeLoaderInterface' not found in wp-content/plugins/2fas/vendor/twig/twig/src/RuntimeLoader/ContainerRuntimeLoader.php:24
    • > PHP Fatal error
      Uncaught Error: Interface 'Twig\\TokenParser\\TokenParserInterface' not found in wp-content/plugins/2fas/vendor/twig/twig/src/TokenParser/AbstractTokenParser.php:21
    • > PHP Fatal error
      Uncaught Error: Class 'WhichBrowser\\Model\\Primitive\\Base' not found in wp-content/plugins/2fas/vendor/whichbrowser/parser/src/Model/Version.php:7
    • > PHP Fatal error
      Uncaught Error: Interface 'Twig\odeVisitor\odeVisitorInterface' not found in wp-content/plugins/2fas/vendor/twig/twig/src/NodeVisitor/AbstractNodeVisitor.php:24

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
Everything seems fine on the user side


Plugin configuration 93% from 29 tests

readme.txt 94% from 16 tests

It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
These attributes need your attention:
  • Tags: Too many tags (12 tag instead of maximum 10); only the first 5 tags are used in your directory listing
You can take inspiration from this readme.txt

2fas/twofas.php 92% from 13 tests

This is the main PHP file of "2FAS Classic - Two Factor Authentication" version 3.2.0, providing information about the plugin in the header fields and serving as the principal entry point to the plugin's functions
Please take the time to fix the following:
  • Main file name: Even though not officially enforced, the main plugin file should be the same as the plugin slug ("2fas.php" instead of "twofas.php")

Code Analysis 97% from 3 tests

File types Passed 1 test

🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
Success! There were no dangerous files found in this plugin132,045 lines of code in 1,180 files:
LanguageFilesBlank linesComment linesLines of code
PO File39061,1862,525
Bourne Shell16044
C/C++ Header171315

PHP code 50% from 2 tests

This plugin's cyclomatic complexity and code structure detailed below
These items need your attention
  • Please reduce cyclomatic complexity of methods to less than 100 (currently 107)
Cyclomatic complexity
Average complexity per logical line of code0.40
Average class complexity7.12
▷ Minimum class complexity1.00
▷ Maximum class complexity484.00
Average method complexity2.90
▷ Minimum method complexity1.00
▷ Maximum method complexity107.00
Code structure
▷ Abstract classes314.10%
▷ Concrete classes72695.90%
▷ Final classes344.68%
▷ Static methods1264.39%
▷ Public methods2,20977.00%
▷ Protected methods1936.73%
▷ Private methods46716.28%
▷ Named functions8357.24%
▷ Anonymous functions6242.76%
▷ Global constants102.33%
▷ Class constants42097.67%
▷ Public constants420100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

It is recommended to compress PNG files in your plugin to minimize bandwidth usage
80 PNG files occupy 0.43MB with 0.08MB in potential savings
Potential savings
Compression of 5 random PNG files using pngquant
FileSize - originalSize - compressedSavings
vendor/endroid/qr-code/assets/image/b.png0.83KB0.08KB▼ 90.25%