Benchmarks
Plugin footprint 82% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | The install procedure must perform silently
This plugin's installer ran successfully
Server metrics [RAM: ▲2.97MB] [CPU: ▲20.22ms] Passed 4 tests
Server-side resources used by All-In-One Security (AIOS) – Security and Firewall
This plugin does not affect your website's performance
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 6.40 ▲2.93 | 63.87 ▲23.24 |
| Dashboard /wp-admin | 6.34 ▲3.04 | 71.96 ▲23.67 |
| Posts /wp-admin/edit.php | 6.38 ▲3.02 | 60.60 ▲13.92 |
| Add New Post /wp-admin/post-new.php | 8.85 ▲2.96 | 103.18 ▲20.03 |
| Media Library /wp-admin/upload.php | 6.19 ▲2.96 | 60.32 ▲25.59 |
| Database Security /wp-admin/admin.php?page=aiowpsec_database | 6.36 | 57.49 |
| Spam Prevention /wp-admin/admin.php?page=aiowpsec_spam | 6.30 | 54.40 |
| Firewall /wp-admin/admin.php?page=aiowpsec_firewall | 6.37 | 53.52 |
| Tools /wp-admin/admin.php?page=aiowpsec_tools | 6.28 | 52.36 |
| User Security /wp-admin/admin.php?page=aiowpsec_usersec | 6.41 | 59.14 |
| Scanner /wp-admin/admin.php?page=aiowpsec_filescan | 6.28 | 51.82 |
| Brute Force /wp-admin/admin.php?page=aiowpsec_brute_force | 6.37 | 55.37 |
| Premium Upgrade /wp-admin/admin.php?page=aiowpsec&tab=premium-upgrade | 6.46 | 53.02 |
| Settings /wp-admin/admin.php?page=aiowpsec_settings | 6.38 | 50.74 |
| Blacklist Manager /wp-admin/admin.php?page=aiowpsec_blacklist | 6.28 | 51.75 |
Server storage [IO: ▲4.43MB] [DB: ▲0.02MB] 67% from 3 tests
A short overview of filesystem and database impact
Please try to fix the following items
- The plugin illegally modified 4 files (1.05KB) outside of "wp-content/plugins/all-in-one-wp-security-and-firewall/" and "wp-content/uploads/"
- (new file) wp-content/aiowps_backups/index.html
- (new file) wp-content/aiowps_backups/.htaccess
- (new file) wp-content/aiowps_backups/.htaccess.backup
- (modified) .htaccess
Filesystem: 338 new files
Database: 8 new tables, 9 new options
| New tables |
|---|
| wp_aiowps_events |
| wp_aiowps_permanent_block |
| wp_aiowps_login_lockdown |
| wp_aiowps_message_store |
| wp_aiowps_debug_log |
| wp_aiowps_logged_in_users |
| wp_aiowps_audit_log |
| wp_aiowps_global_meta |
| New WordPress options |
|---|
| theysaidso_admin_options |
| aiowpsec_db_version |
| db_upgraded |
| widget_recent-comments |
| aio_wp_security_configs |
| widget_recent-posts |
| widget_theysaidso_widget |
| aiowpsec_firewall_version |
| can_compress_scripts |
Browser metrics Passed 4 tests
Checking browser requirements for All-In-One Security (AIOS) – Security and Firewall
There were no issues detected in relation to browser resource usage
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,923 ▲162 | 14.35 ▼0.00 | 1.75 ▼0.01 | 42.00 ▼2.78 |
| Dashboard /wp-admin | 2,317 ▲143 | 5.56 ▲0.04 | 97.71 ▲8.46 | 72.56 ▲33.60 |
| Posts /wp-admin/edit.php | 2,156 ▲56 | 2.00 ▼0.03 | 35.59 ▼4.07 | 29.94 ▼11.79 |
| Add New Post /wp-admin/post-new.php | 1,618 ▲90 | 17.94 ▼5.07 | 629.30 ▼50.46 | 88.59 ▲22.89 |
| Media Library /wp-admin/upload.php | 1,474 ▲74 | 4.19 ▼0.04 | 92.56 ▼0.67 | 71.75 ▲27.23 |
| Database Security /wp-admin/admin.php?page=aiowpsec_database | 1,168 | 4.57 | 42.48 | 39.43 |
| Spam Prevention /wp-admin/admin.php?page=aiowpsec_spam | 1,238 | 4.66 | 43.33 | 71.76 |
| Firewall /wp-admin/admin.php?page=aiowpsec_firewall | 1,356 | 4.56 | 41.47 | 55.78 |
| Tools /wp-admin/admin.php?page=aiowpsec_tools | 1,095 | 4.81 | 42.97 | 69.45 |
| User Security /wp-admin/admin.php?page=aiowpsec_usersec | 1,142 | 4.77 | 42.27 | 72.31 |
| Scanner /wp-admin/admin.php?page=aiowpsec_filescan | 1,326 | 4.61 | 42.54 | 72.35 |
| Brute Force /wp-admin/admin.php?page=aiowpsec_brute_force | 1,151 | 4.55 | 43.30 | 71.16 |
| Premium Upgrade /wp-admin/admin.php?page=aiowpsec&tab=premium-upgrade | 1,983 | 4.56 | 45.03 | 77.93 |
| Settings /wp-admin/admin.php?page=aiowpsec_settings | 1,252 | 4.67 | 43.36 | 62.58 |
| Blacklist Manager /wp-admin/admin.php?page=aiowpsec_blacklist | 1,227 | 4.64 | 55.94 | 65.23 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
Please fix the following items
- Zombie WordPress options were found after uninstall: 6 options
- can_compress_scripts
- widget_recent-posts
- theysaidso_admin_options
- widget_theysaidso_widget
- db_upgraded
- widget_recent-comments
Smoke tests 25% from 4 tests
Server-side errors 0% from 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Please fix the following server-side errors
- > GET request to /wp-admin/admin.php?page=aiowpsec_filescan
- > Notice in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-file-scan.php+191
fread(): read of 8192 bytes failed with errno=21 Is a directory
SRP 0% from 2 tests
🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Almost there! Just fix the following items
- 109× PHP files output text when accessed directly (only 10 are shown):
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/settings/wp-config-file-operations.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/filesystem-security/partials/wp-file-access.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/database-security/database-prefix.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/templates/shortcode-tfa-user-settings.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/6g.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/firewall/partials/xmlrpc-warning-notice.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/logged-in-users.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/dashboard/debug-logs.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/templates/wp-admin/user-security/manual-approval.php
- > /wp-content/plugins/all-in-one-wp-security-and-firewall/classes/wp-security-notices.php
- 45× GET requests to PHP files trigger server-side errors or Error 500 responses (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Class 'AIOWPS\\Firewall\\Rule' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/rule/rules/blacklist/rule-ips-blacklist.php:7
- > PHP Notice
Undefined property: HOTPResult::$hex in wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Fatal error
Uncaught Error: Class 'AIOWPS\\Firewall\\Rule' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/rule/rules/6g/rule-request-method-6g.php:7
- > PHP Fatal error
Uncaught Error: Call to undefined function is_admin() in wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-stop-users-enumeration.php:6
- > PHP Fatal error
Uncaught Error: Class 'AIOWPS\\Firewall\\Rule' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/rule/rules/blacklist/rule-user-agent-blacklist.php:7
- > PHP Fatal error
Uncaught Error: Class 'AIOWPS\\Firewall\\Rule' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/rule/rules/general/rule-proxy-comment-posting.php:7
- > PHP Fatal error
Uncaught Error: Class 'IPLib\\Range\\AbstractRange' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/vendor/mlocati/ip-lib/src/Range/Subnet.php:17
- > PHP Fatal error
Uncaught Error: Call to undefined function force_ssl_admin() in wp-content/plugins/all-in-one-wp-security-and-firewall/other-includes/wp-security-rename-login-feature.php:16
- > PHP Fatal error
Uncaught Error: Class 'AIOWPS\\Firewall\\Rule' not found in wp-content/plugins/all-in-one-wp-security-and-firewall/classes/firewall/rule/rules/6g/rule-block-query-strings-6g.php:7
- > PHP Notice
Undefined property: HOTPResult::$hex in wp-content/plugins/all-in-one-wp-security-and-firewall/includes/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | This is a shallow check for browser errors
Everything seems fine, but this is not an exhaustive test
Optimizations
Plugin configuration 96% from 29 tests
readme.txt Passed 16 tests
Often overlooked, readme.txt is one of the most important files in your plugin
5 plugin tags: firewall, malware scanning, two factor authentication, login security, security
all-in-one-wp-security-and-firewall/wp-security.php 92% from 13 tests
The principal PHP file in "All-In-One Security (AIOS) – Security and Firewall" v. 5.2.5 is loaded by WordPress automatically on each request
The following require your attention:
- Main file name: Please rename the main PHP file in this plugin to the plugin slug ("all-in-one-wp-security-and-firewall.php" instead of "wp-security.php")
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | There should be no dangerous file extensions present in any WordPress plugin
There were no executable files found in this plugin57,901 lines of code in 285 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 251 | 6,099 | 11,803 | 28,501 |
| PO File | 7 | 9,884 | 12,612 | 19,892 |
| JavaScript | 12 | 1,936 | 817 | 7,505 |
| CSS | 6 | 218 | 10 | 1,295 |
| Markdown | 4 | 231 | 0 | 494 |
| JSON | 3 | 0 | 0 | 197 |
| XML | 2 | 0 | 12 | 17 |
PHP code Passed 2 tests
This is a very shot review of cyclomatic complexity and code structure
Great job! No cyclomatic complexity issues were detected in this plugin
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.38 |
| Average class complexity | 26.11 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 286.00 |
| Average method complexity | 3.59 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 58.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 7 | |
| Interfaces | 2 | |
| Traits | 10 | |
| Classes | 138 | |
| ▷ Abstract classes | 8 | 5.80% |
| ▷ Concrete classes | 130 | 94.20% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 1,451 | |
| ▷ Static methods | 349 | 24.05% |
| ▷ Public methods | 1,135 | 78.22% |
| ▷ Protected methods | 145 | 9.99% |
| ▷ Private methods | 171 | 11.78% |
| Functions | 40 | |
| ▷ Named functions | 18 | 45.00% |
| ▷ Anonymous functions | 22 | 55.00% |
| Constants | 90 | |
| ▷ Global constants | 50 | 55.56% |
| ▷ Class constants | 40 | 44.44% |
| ▷ Public constants | 40 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
Using a strong compression for your PNG files is a great way to speed-up your plugin
26 PNG files occupy 0.18MB with 0.06MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| images/info-icon.png | 0.78KB | 0.85KB | 0.00% |
| images/plugin-logos/wp_optimize_logo.png | 2.49KB | 2.67KB | 0.00% |
| includes/simba-tfa/includes/tfa_admin_icon_16x16.png | 3.74KB | 0.98KB | ▼ 73.75% |
| images/plugin-logos/updraft-central.png | 5.02KB | 3.32KB | ▼ 33.86% |
| images/plugin-logos/easy-updates-manager-logo.png | 42.43KB | 17.05KB | ▼ 59.81% |