82% baw-wordpress-plugin-security-checker

Code Review | Plugin Security Checker

WordPress plugin Plugin Security Checker scored 82% from 54 tests.

About plugin

  • Plugin page: baw-wordpress-plu...
  • Plugin version: 2.2.1
  • PHP version: 7.4.16
  • WordPress compatibility: 3.1-3.6.1
  • WordPress version: 5.8.1
  • First release: Feb 24, 2011
  • Latest release: Dec 13, 2013
  • Number of updates: 29
  • Update frequency: every 35.3 days
  • Top authors: juliobox (100%)

Code review

54 tests

User reviews

8 reviews

Install metrics

1,000+ active / 10,095 total downloads


Plugin footprint Passed 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | The install procedure must perform silently
Install script ran successfully

Server metrics [RAM: ▲0.92MB] [CPU: ▼140.78ms] Passed 4 tests

Server-side resources used by Plugin Security Checker
This plugin has minimal impact on server resources
PageMemory (MB)CPU Time (ms)
Home /2.89 ▲0.1730.90 ▲12.52
Dashboard /wp-admin4.39 ▲1.3346.63 ▲9.30
Posts /wp-admin/edit.php4.44 ▲1.3439.99 ▼7.02
Add New Post /wp-admin/post-new.php6.30 ▲0.8690.86 ▼562.77
Media Library /wp-admin/upload.php4.39 ▲1.3931.42 ▼2.64
Plugin Checker /wp-admin/options-general.php?page=baw-wordpress-plugin-security-checker4.3731.17

Server storage [IO: ▲0.29MB] [DB: ▲0.00MB] Passed 3 tests

Input-output and database impact of this plugin
This plugin installed successfully
Filesystem: 8 new files
Database: no new tables, no new options

Browser metrics Passed 4 tests

Checking browser requirements for Plugin Security Checker
There were no issues detected in relation to browser resource usage
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /3,684 ▲8815.88 ▲0.3711.08 ▲1.1548.51 ▼2.40
Dashboard /wp-admin2,972 ▲385.96 ▼0.02135.32 ▼26.76107.47 ▼9.84
Posts /wp-admin/edit.php2,744 ▲52.72 ▼0.0063.37 ▼6.9094.81 ▲0.42
Add New Post /wp-admin/post-new.php1,675 ▲17518.89 ▲0.33380.14 ▲1.17117.33 ▲13.17
Media Library /wp-admin/upload.php1,812 ▲25.02 ▲0.00163.75 ▲17.54121.31 ▲4.56
Plugin Checker /wp-admin/options-general.php?page=baw-wordpress-plugin-security-checker1,2942.1055.3367.03

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] Passed 4 tests

🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
Uninstaller ran successfully

Smoke tests 25% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Even though everything seems fine, this is not an exhaustive test

SRP 0% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
The following issues need your attention
  • 3× PHP files perform the action of outputting non-empty strings when accessed directly:
    • > /wp-content/plugins/baw-wordpress-plugin-security-checker/inc/removed.inc.php
    • > /wp-content/plugins/baw-wordpress-plugin-security-checker/inc/about.inc.php
    • > /wp-content/plugins/baw-wordpress-plugin-security-checker/inc/vulnerables.inc.php
  • 1× PHP files trigger errors when accessed directly with GET requests:
    • > PHP Fatal error
      Uncaught Error: Call to undefined function is_admin() in wp-content/plugins/baw-wordpress-plugin-security-checker/sppc.php:12

User-side errors 0% from 1 test

🔹 Test weight: 20 | A shallow check that no browser errors were triggered
There are user-side issues you should fix
    • > GET request to /wp-admin/options-general.php?page=baw-wordpress-plugin-security-checker
    • > Network (severe)
    https://dl.dropbox.com/u/45956904/plugins/paypal_big.png - Failed to load resource: the server responded with a status of 404 ()
    • > GET request to /wp-admin/options-general.php?page=baw-wordpress-plugin-security-checker
    • > Network (severe)
    https://dl.dropbox.com/u/45956904/plugins/bawlogo.png - Failed to load resource: the server responded with a status of 404 ()


Plugin configuration 93% from 29 tests

readme.txt Passed 16 tests

Perhaps the most important file in your plugin readme.txt gets parsed in order to generate the public listing of your plugin
5 plugin tags: secure, protection, exploit, security, guard

baw-wordpress-plugin-security-checker/sppc.php 85% from 13 tests

The principal PHP file in "Plugin Security Checker" v. 2.2.1 is loaded by WordPress automatically on each request
You should first fix the following items:
  • Main file name: The principal plugin file should be the same as the plugin slug ("baw-wordpress-plugin-security-checker.php" instead of "sppc.php")
  • Description: The description should be shorter than 140 characters (currently 153 characters long)

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | This is a short overview of programming languages used in this plugin, detecting executable files
Everything looks great! No dangerous files found in this plugin12,067 lines of code in 5 files:
LanguageFilesBlank linesComment linesLines of code
PO File1202166

PHP code Passed 2 tests

This plugin's cyclomatic complexity and code structure detailed below
Everything seems fine, there were no complexity issues found
Cyclomatic complexity
Average complexity per logical line of code0.55
Average class complexity0.00
▷ Minimum class complexity0.00
▷ Maximum class complexity0.00
Average method complexity0.00
▷ Minimum method complexity0.00
▷ Maximum method complexity0.00
Code structure
▷ Abstract classes00.00%
▷ Concrete classes00.00%
▷ Final classes00.00%
▷ Static methods00.00%
▷ Public methods00.00%
▷ Protected methods00.00%
▷ Private methods00.00%
▷ Named functions8100.00%
▷ Anonymous functions00.00%
▷ Global constants4100.00%
▷ Class constants00.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin
There are no PNG files in this plugin