78% advanced-access-manager

Code Review | Advanced Access Manager

WordPress plugin Advanced Access Manager scored 78% from 54 tests.

About plugin

  • Plugin page: advanced-access-m...
  • Plugin version: 6.8.1
  • PHP compatiblity: 5.6.0+
  • PHP version: 7.4.16
  • WordPress compatibility: 4.7.0-5.9.0
  • WordPress version: 5.9.2
  • First release: Jul 30, 2011
  • Latest release: Mar 13, 2022
  • Number of updates: 681
  • Update frequency: every 5.7 days
  • Top authors: vasyl_m (77.97%)vasyltech (22.03%)

Code review

54 tests

User reviews

392 reviews

Install metrics

100,000+ active / 3,859,725 total downloads

Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
This plugin's installer ran successfully

Server metrics [RAM: ▲0.48MB] [CPU: ▼328.80ms] Passed 4 tests

Server-side resources used by Advanced Access Manager
This plugin does not affect your website's performance
PageMemory (MB)CPU Time (ms)
Home /3.98 ▲0.4759.90 ▲7.39
Dashboard /wp-admin3.90 ▲0.4937.96 ▲3.55
Posts /wp-admin/edit.php4.12 ▲0.4841.84 ▲5.13
Add New Post /wp-admin/post-new.php7.49 ▲0.52103.46 ▼1,329.94
Media Library /wp-admin/upload.php3.77 ▲0.4830.27 ▲6.08

Server storage [IO: ▲2.03MB] [DB: ▲0.00MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
The plugin installed successfully
Filesystem: 200 new files
Database: no new tables, 4 new options
New WordPress options
aam_access_settings
widget_aam_backend_login
aam_addons
aam_migrations

Browser metrics Passed 4 tests

This is an overview of browser requirements for Advanced Access Manager
This plugin renders optimally with no browser resource issues detected
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /3,827 ▲7316.11 ▲0.135.76 ▲0.032.27 ▼0.28
Dashboard /wp-admin2,953 ▲926.12 ▼0.04117.76 ▼13.09178.76 ▲23.20
Posts /wp-admin/edit.php2,750 ▲592.91 ▼0.3262.55 ▼4.83142.41 ▼12.08
Add New Post /wp-admin/post-new.php6,261 ▲4,50927.49 ▲5.94536.12 ▲85.33354.95 ▲196.66
Media Library /wp-admin/upload.php1,757 ▲595.51 ▼0.01127.80 ▼13.39198.15 ▲8.30

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | Checking the uninstaller removed all traces of the plugin
Please fix the following items
  • Zombie WordPress options detected upon uninstall: 3 options
    • aam_migrations
    • aam_addons
    • widget_aam_backend_login

Smoke tests 50% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Even though no errors were found, this is by no means an exhaustive test

SRP 0% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Please fix the following items
  • 51× PHP files output non-empty strings when accessed directly via GET requests (only 10 are shown):
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/service/logout-redirect.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/page/current-subject.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/metabox/post-iframe.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/metabox/user-metabox.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/metabox/iframe-header.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/metabox/post-metabox.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/service/metabox.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/page/main-panel.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/widget/login-backend.php
    • > /wp-content/plugins/advanced-access-manager/application/Backend/tmpl/metabox/principal-iframe.php
  • 88× PHP files trigger errors when accessed directly with GET requests (only 10 are shown):
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_RequestTrait' not found in wp-content/plugins/advanced-access-manager/application/Service/SecureLogin.php on line 25
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_ServiceTrait' not found in wp-content/plugins/advanced-access-manager/application/Service/AccessPolicy.php on line 26
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_SingletonTrait' not found in wp-content/plugins/advanced-access-manager/application/Core/ConfigPress.php on line 19
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_SingletonTrait' not found in wp-content/plugins/advanced-access-manager/application/Core/AccessSettings.php on line 20
    • > PHP Warning
      Use of undefined constant AAM_VERSION - assumed 'AAM_VERSION' (this will throw an Error in a future version of PHP) in wp-content/plugins/advanced-access-manager/application/Backend/tmpl/policy/default-policy.php on line 27
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_ServiceTrait' not found in wp-content/plugins/advanced-access-manager/application/Service/Cli.php on line 17
    • > PHP Fatal error
      Uncaught Error: Interface 'AAM_Core_Contract_MigrationInterface' not found in wp-content/plugins/advanced-access-manager/application/Migration/2019_06_30-base.php:42
    • > PHP Fatal error
      Trait 'AAM_Core_Contract_ServiceTrait' not found in wp-content/plugins/advanced-access-manager/application/Service/LoginRedirect.php on line 22
    • > PHP Fatal error
      Uncaught Error: Class 'AAM_Backend_Feature_Abstract' not found in wp-content/plugins/advanced-access-manager/application/Backend/Feature/Main/Jwt.php:19
    • > PHP Fatal error
      Uncaught Error: Interface 'Composer\\Semver\\Constraint\\ConstraintInterface' not found in wp-content/plugins/advanced-access-manager/vendor/composer/Constraint/MultiConstraint.php:17

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues
Everything seems fine on the user side

Optimizations

Plugin configuration 96% from 29 tests

readme.txt Passed 16 tests

Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world
7 plugin tags: access control, jwt, backend menu, membership, security...

advanced-access-manager/aam.php 92% from 13 tests

The main PHP file in "Advanced Access Manager" ver. 6.8.1 adds more information about the plugin and also serves as the entry point for this plugin
You should first fix the following items:
  • Main file name: It is recommended to name the main PHP file as the plugin slug ("advanced-access-manager.php" instead of "aam.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors
No dangerous file extensions were detected23,680 lines of code in 193 files:
LanguageFilesBlank linesComment linesLines of code
PHP1843,49812,59515,391
JavaScript35447334,788
CSS2272771,974
PO File15438331,408
SVG3642119

PHP code Passed 2 tests

An overview of cyclomatic complexity and code structure
No complexity issues detected
Cyclomatic complexity
Average complexity per logical line of code0.44
Average class complexity15.42
▷ Minimum class complexity1.00
▷ Maximum class complexity158.00
Average method complexity3.23
▷ Minimum method complexity1.00
▷ Maximum method complexity36.00
Code structure
Namespaces4
Interfaces4
Traits3
Classes120
▷ Abstract classes43.33%
▷ Concrete classes11696.67%
▷ Final classes65.17%
Methods796
▷ Static methods15219.10%
▷ Public methods51364.45%
▷ Protected methods23829.90%
▷ Private methods455.65%
Functions106
▷ Named functions00.00%
▷ Anonymous functions106100.00%
Constants144
▷ Global constants42.78%
▷ Class constants14097.22%
▷ Public constants140100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Often times overlooked, PNG files can occupy unnecessary space in your plugin
No PNG images were found in this plugin