Benchmarks
Plugin footprint 81% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
The plugin installed successfully, without throwing any errors or notices
Server metrics [RAM: ▲6.00MB] [CPU: ▲46.81ms] 50% from 4 tests
An overview of server-side resources used by Solid Security – Password, Two Factor Authentication, and Brute Force Protection
Please have a look at the following items
- RAM: Total memory usage must be kept under 10MB (currently 13.46MB on /wp-admin/admin.php?page=itsec-go-pro)
- Extra RAM: The extra memory usage must be under 5MB (currently 6.00MB on /wp-admin/admin.php?page=itsec-go-pro)
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 12.20 ▲8.74 | 90.16 ▲50.61 |
| Dashboard /wp-admin | 8.65 ▲5.35 | 90.11 ▲38.35 |
| Posts /wp-admin/edit.php | 8.73 ▲5.38 | 100.50 ▲55.55 |
| Add New Post /wp-admin/post-new.php | 13.72 ▲7.83 | 143.69 ▲42.71 |
| Media Library /wp-admin/upload.php | 8.66 ▲5.43 | 87.48 ▲55.91 |
| Setup /wp-admin/admin.php?page=itsec | 13.65 | 124.54 |
| Get More Security /wp-admin/admin.php?page=itsec-go-pro | 13.46 | 114.45 |
Server storage [IO: ▲20.93MB] [DB: ▲0.02MB] 67% from 3 tests
Filesystem and database footprint
Just a few items left to fix
- Illegal file modification found: 2 files (7.09KB) outside of "wp-content/plugins/better-wp-security/" and "wp-content/uploads/"
- (modified) .htaccess
- (modified) wp-config.php
Filesystem: 2,000 new files
Database: 14 new tables, 7 new options
| New tables |
|---|
| wp_itsec_dashboard_events |
| wp_itsec_bans |
| wp_itsec_logs |
| wp_itsec_mutexes |
| wp_itsec_user_groups |
| wp_itsec_vulnerabilities |
| wp_itsec_lockouts |
| wp_itsec_geolocation_cache |
| wp_itsec_firewall_rules |
| wp_itsec_temp |
| ... |
| New WordPress options |
|---|
| db_upgraded |
| widget_theysaidso_widget |
| theysaidso_admin_options |
| widget_recent-posts |
| can_compress_scripts |
| itsec-storage |
| widget_recent-comments |
Browser metrics Passed 4 tests
Checking browser requirements for Solid Security – Password, Two Factor Authentication, and Brute Force Protection
This plugin renders optimally with no browser resource issues detected
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,927 ▲180 | 19.80 ▲5.45 | 1.61 ▼0.19 | 40.93 ▼5.35 |
| Dashboard /wp-admin | 2,348 ▲174 | 9.99 ▲4.34 | 278.66 ▲186.81 | 44.86 ▲3.20 |
| Posts /wp-admin/edit.php | 2,241 ▲144 | 9.65 ▲7.64 | 114.55 ▲78.28 | 40.83 ▲6.81 |
| Add New Post /wp-admin/post-new.php | 1,766 ▲240 | 26.62 ▲3.20 | 681.73 ▲57.21 | 39.24 ▼3.57 |
| Media Library /wp-admin/upload.php | 1,617 ▲217 | 11.56 ▲7.37 | 166.30 ▲68.12 | 53.55 ▲11.88 |
| Setup /wp-admin/admin.php?page=itsec | 1,461 | 13.12 | 248.66 | 48.38 |
| Get More Security /wp-admin/admin.php?page=itsec-go-pro | 963 | 10.55 | 160.07 | 43.87 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.01MB] 75% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
Please fix the following items
- This plugin does not fully uninstall, leaving 6 options in the database
- widget_recent-posts
- widget_recent-comments
- widget_theysaidso_widget
- db_upgraded
- theysaidso_admin_options
- can_compress_scripts
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Even though no errors were found, this is by no means an exhaustive test
SRP 0% from 2 tests
🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly
Please fix the following items
- 3× PHP files output text when accessed directly:
- > /wp-content/plugins/better-wp-security/vendor-prod/deliciousbrains/wp-background-processing/tests/bootstrap.php
- > /wp-content/plugins/better-wp-security/lib/index.php
- > /wp-content/plugins/better-wp-security/index.php
- 380× GET requests to PHP files have triggered server-side errors or warnings (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function __() in wp-content/plugins/better-wp-security/core/modules/feature-flags/labels.php:4
- > PHP Fatal error
Uncaught Error: Call to undefined function __() in wp-content/plugins/better-wp-security/core/modules/two-factor/labels.php:4
- > PHP Fatal error
Uncaught Error: Class 'iThemesSecurity\\Lib\\Config_Password_Requirement' not found in wp-content/plugins/better-wp-security/core/modules/hibp/HIBP_Requirement.php:10
- > PHP Fatal error
Uncaught Error: Class 'Two_Factor_Provider' not found in wp-content/plugins/better-wp-security/core/modules/two-factor/providers/class.two-factor-email.php:9
- > PHP Fatal error
Uncaught Error: Interface 'iThemesSecurity\\Lib\\Site_Types\\Question' not found in wp-content/plugins/better-wp-security/core/lib/site-types/Templated_Question.php:5
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_url() in wp-content/plugins/better-wp-security/core/modules/sync-connect/templates/connect-prompt.php:2
- > PHP Fatal error
Uncaught Error: Class 'ITSEC_Login_Interstitial' not found in wp-content/plugins/better-wp-security/core/lib/login-interstitial/class-itsec-login-interstitial-config-driven.php:6
- > PHP Fatal error
Uncaught Error: Call to undefined function add_action() in wp-content/plugins/better-wp-security/core/modules/file-change/class-itsec-file-change.php:26
- > PHP Fatal error
Uncaught Error: Interface 'iThemesSecurity\\Ban_Hosts\\Ban' not found in wp-content/plugins/better-wp-security/core/lib/ban-hosts/Repository_Ban.php:5
- > PHP Fatal error
require_once(): Failed opening required 'ABSPATHwp-admin/includes/file.php' (include_path='.:/usr/share/php') in wp-content/plugins/better-wp-security/core/modules/file-change/scanner.php on line 3
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | A shallow check that no browser errors were triggered
There were no browser issues found
Optimizations
Plugin configuration Passed 29 tests
readme.txt Passed 16 tests
The readme.txt file uses markdown syntax to describe your plugin to the world
5 plugin tags: malware, password protection, security, brute force protection, two factor authentication
better-wp-security/better-wp-security.php Passed 13 tests
The main PHP script in "Solid Security – Password, Two Factor Authentication, and Brute Force Protection" version 9.1.0 is automatically included on every request by WordPress
130 characters long description:
Shield your site from cyberattacks and prevent security vulnerabilities. The only security plugin you need for a solid foundation.
Code Analysis 97% from 3 tests
File types Passed 1 test
🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
Everything looks great! No dangerous files found in this plugin113,690 lines of code in 1,455 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 591 | 15,614 | 18,637 | 62,138 |
| JavaScript | 631 | 5,466 | 6,244 | 38,375 |
| JSON | 46 | 0 | 0 | 3,917 |
| HTML | 31 | 495 | 155 | 2,837 |
| Sass | 55 | 439 | 19 | 2,226 |
| SVG | 56 | 0 | 0 | 1,656 |
| CSS | 29 | 146 | 45 | 1,346 |
| Markdown | 5 | 190 | 0 | 602 |
| Bourne Shell | 1 | 23 | 11 | 147 |
| Python | 2 | 27 | 73 | 140 |
| YAML | 2 | 13 | 0 | 116 |
| reStructuredText | 1 | 96 | 139 | 97 |
| XML | 4 | 12 | 16 | 79 |
| make | 1 | 4 | 0 | 14 |
PHP code 50% from 2 tests
A brief analysis of cyclomatic complexity and code structure for this plugin
The following items need your attention
- Cyclomatic complexity of methods should be reduced to less than 100 (currently 116)
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.41 |
| Average class complexity | 18.43 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 346.00 |
| Average method complexity | 3.05 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 116.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 50 | |
| Interfaces | 50 | |
| Traits | 2 | |
| Classes | 408 | |
| ▷ Abstract classes | 18 | 4.41% |
| ▷ Concrete classes | 390 | 95.59% |
| ▷ Final classes | 156 | 40.00% |
| Methods | 3,993 | |
| ▷ Static methods | 885 | 22.16% |
| ▷ Public methods | 3,337 | 83.57% |
| ▷ Protected methods | 276 | 6.91% |
| ▷ Private methods | 380 | 9.52% |
| Functions | 427 | |
| ▷ Named functions | 166 | 38.88% |
| ▷ Anonymous functions | 261 | 61.12% |
| Constants | 325 | |
| ▷ Global constants | 12 | 3.69% |
| ▷ Class constants | 313 | 96.31% |
| ▷ Public constants | 297 | 94.89% |
Plugin size 50% from 2 tests
Image compression 50% from 2 tests
It is recommended to compress PNG files in your plugin to minimize bandwidth usage
33 PNG files occupy 7.00MB with 3.85MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| core/img/mail/logo.png | 14.70KB | 5.21KB | ▼ 64.55% |
| core/img/mail/pro_logo.png | 15.80KB | 5.59KB | ▼ 64.60% |
| dist/20ba44d1ff0f0e29ccb0.png | 958.19KB | 345.35KB | ▼ 63.96% |
| dist/388febe5c99ff56cba7e.png | 798.03KB | 244.49KB | ▼ 69.36% |
| core/img/mail/icon_lock.png | 0.37KB | 0.32KB | ▼ 12.80% |