78% clockwork-two-factor-authentication

Code Review | Two-Factor Authentication - Clockwork SMS

WordPress plugin Two-Factor Authentication - Clockwork SMS scored78%from 54 tests.

About plugin

  • Plugin page: clockwork-two-fac...
  • Plugin version: 1.1.3
  • PHP version: 7.4.16
  • WordPress compatibility: 3.0.0-4.0.0
  • WordPress version: 6.3.1
  • First release: May 1, 2013
  • Latest release: Jan 5, 2018
  • Number of updates: 13
  • Update frequency: every 131.9 days
  • Top authors: mediaburst (53.85%)martinsteel (30.77%)jamesinman (30.77%)

Code review

54 tests

User reviews

2 reviews

Install metrics

10+ active /2,953 total downloads

Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Verifying that this plugin installs correctly without errors
Installer ran successfully

Server metrics [RAM: ▲0.05MB] [CPU: ▼2.86ms] Passed 4 tests

Analyzing server-side resources used by Two-Factor Authentication - Clockwork SMS
This plugin has minimal impact on server resources
PageMemory (MB)CPU Time (ms)
Home /3.50 ▲0.0340.93 ▼1.66
Dashboard /wp-admin3.35 ▲0.0545.11 ▼4.72
Posts /wp-admin/edit.php3.47 ▲0.1147.15 ▼1.74
Add New Post /wp-admin/post-new.php5.95 ▲0.0783.53 ▼3.32
Media Library /wp-admin/upload.php3.28 ▲0.0532.50 ▼1.19
Two-Factor SMS /wp-admin/admin.php?page=clockwork_two_factor3.2729.56
Test /wp-admin/admin.php?page=clockwork_test_message3.2731.52
Clockwork Options /wp-admin/admin.php?page=clockwork_options3.2729.78

Server storage [IO: ▲0.31MB] [DB: ▲0.00MB] Passed 3 tests

How much does this plugin use your filesystem and database?
There were no storage issued detected upon installing this plugin
Filesystem: 23 new files
Database: no new tables, 7 new options
New WordPress options
widget_recent-comments
widget_theysaidso_widget
theysaidso_admin_options
db_upgraded
widget_recent-posts
clockwork_two_factor_credit
can_compress_scripts

Browser metrics Passed 4 tests

Two-Factor Authentication - Clockwork SMS: an overview of browser usage
This plugin has a minimal impact on browser resources
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,869 ▲9813.17 ▼1.635.30 ▲3.1944.65 ▼1.09
Dashboard /wp-admin2,253 ▲654.90 ▲0.0896.15 ▼21.2870.19 ▲26.92
Posts /wp-admin/edit.php2,132 ▲462.00 ▼0.0238.44 ▲2.0735.39 ▼1.46
Add New Post /wp-admin/post-new.php1,554 ▲3517.48 ▼5.78729.29 ▲34.6055.72 ▲4.16
Media Library /wp-admin/upload.php1,429 ▲444.28 ▼0.0198.81 ▼14.6678.46 ▲30.26
Two-Factor SMS /wp-admin/admin.php?page=clockwork_two_factor9041.8424.8929.73
Test /wp-admin/admin.php?page=clockwork_test_message8511.8326.7626.80
Clockwork Options /wp-admin/admin.php?page=clockwork_options8861.7024.9827.55

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces
The following items require your attention
  • Zombie WordPress options were found after uninstall: 7 options
    • widget_recent-posts
    • theysaidso_admin_options
    • clockwork_two_factor_credit
    • db_upgraded
    • widget_recent-comments
    • can_compress_scripts
    • widget_theysaidso_widget

Smoke tests 50% from 4 tests

Server-side errors 0% from 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Almost there, just fix the following server-side errors
    • > GET request to /wp-admin/admin.php?page=clockwork_two_factor
    • > Notice in wp-content/plugins/clockwork-two-factor-authentication/main.php+290
    Undefined index: settings-updated
    • > GET request to /wp-admin/admin.php?page=clockwork_test_message
    • > Notice in wp-content/plugins/clockwork-two-factor-authentication/templates/clockwork-test-message.php+8
    Undefined index: to

SRP 50% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Please fix the following items
  • 5× GET requests to PHP files have triggered server-side errors or warnings:
    • > PHP Fatal error
      Uncaught Error: Class 'Clockwork' not found in wp-content/plugins/clockwork-two-factor-authentication/lib/clockwork/class-WordPressClockwork.php:15
    • > PHP Fatal error
      Uncaught Error: Call to undefined function add_action() in wp-content/plugins/clockwork-two-factor-authentication/clockwork-two-factor.php:74
    • > PHP Fatal error
      Uncaught Error: Call to undefined function bloginfo() in wp-content/plugins/clockwork-two-factor-authentication/templates/required-number-form.php:3
    • > PHP Fatal error
      Uncaught Error: Class 'Clockwork_Plugin' not found in wp-content/plugins/clockwork-two-factor-authentication/main.php:2
    • > PHP Fatal error
      Uncaught Error: Call to undefined function bloginfo() in wp-content/plugins/clockwork-two-factor-authentication/templates/code-form.php:3

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
No browser errors were detected

Optimizations

Plugin configuration 93% from 29 tests

readme.txt 94% from 16 tests

The readme.txt file uses markdown syntax to describe your plugin to the world
Attributes that need to be fixed:
  • Screenshots: These screenshots do not have images: #1 (Settings for Clockwork two-factor authentication), #2 (Prompting for a password on login to the Administration panel), #3 (Not allowing access if you haven't set a mobile number), #4 (Not allowing access if you have entered an incorrect code)
The official readme.txt might help

clockwork-two-factor-authentication/clockwork-two-factor.php 92% from 13 tests

The primary PHP file in "Two-Factor Authentication - Clockwork SMS" version 1.1.3 is used by WordPress to initiate all plugin functionality
It is important to fix the following:
  • Main file name: Please rename the main PHP file in this plugin to the plugin slug ("clockwork-two-factor-authentication.php" instead of "clockwork-two-factor.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors
There were no executable files found in this plugin1,400 lines of code in 14 files:
LanguageFilesBlank linesComment linesLines of code
PHP122896571,352
CSS14025
JavaScript19323

PHP code Passed 2 tests

An short overview of logical lines of code, cyclomatic complexity, and other code metrics
No complexity issues detected
Cyclomatic complexity
Average complexity per logical line of code0.34
Average class complexity34.00
▷ Minimum class complexity1.00
▷ Maximum class complexity70.00
Average method complexity4.06
▷ Minimum method complexity1.00
▷ Maximum method complexity34.00
Code structure
Namespaces0
Interfaces0
Traits0
Classes5
▷ Abstract classes240.00%
▷ Concrete classes360.00%
▷ Final classes00.00%
Methods57
▷ Static methods11.75%
▷ Public methods4782.46%
▷ Protected methods915.79%
▷ Private methods11.75%
Functions1
▷ Named functions1100.00%
▷ Anonymous functions00.00%
Constants13
▷ Global constants00.00%
▷ Class constants13100.00%
▷ Public constants13100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin
7 PNG files occupy 0.24MB with 0.16MB in potential savings
Potential savings
Compression of 5 random PNG files using pngquant
FileSize - originalSize - compressedSavings
screenshot-1.png68.66KB20.43KB▼ 70.24%
screenshot-4.png26.34KB7.53KB▼ 71.41%
images/logo_16px_16px.png0.43KB0.31KB▼ 27.56%
screenshot-2.png27.42KB7.93KB▼ 71.09%
images/badrobot.png92.94KB10.20KB▼ 89.03%