Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | The install procedure must perform silently
The plugin installed successfully, without throwing any errors or notices
Server metrics [RAM: ▲2.06MB] [CPU: ▲18.52ms] Passed 4 tests
This is a short check of server-side resources used by Defender Security - Malware Scanner, Login Security & Firewall
Server-side resource usage in normal parameters
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 5.59 ▲2.13 | 62.94 ▲17.60 |
| Dashboard /wp-admin | 5.34 ▲1.99 | 70.26 ▲11.32 |
| Posts /wp-admin/edit.php | 5.49 ▲2.13 | 69.88 ▲25.86 |
| Add New Post /wp-admin/post-new.php | 7.94 ▲2.05 | 108.04 ▲19.29 |
| Media Library /wp-admin/upload.php | 5.28 ▲2.05 | 72.86 ▲38.93 |
| Settings /wp-admin/admin.php?page=wdf-setting | 5.03 | 51.08 |
| Malware Scanning /wp-admin/admin.php?page=wdf-scan | 5.03 | 50.12 |
| Defender /wp-admin/admin.php?page=wp-defender | 6.17 | 70.68 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 5.43 | 118.83 |
| Tutorials /wp-admin/admin.php?page=wdf-tutorial | 5.04 | 53.83 |
| Audit Logging /wp-admin/admin.php?page=wdf-logging | 5.03 | 47.63 |
| Recommendations /wp-admin/admin.php?page=wdf-hardener | 5.03 | 50.35 |
| WAF /wp-admin/admin.php?page=wdf-waf | 5.03 | 46.82 |
| 2FA /wp-admin/admin.php?page=wdf-2fa | 5.03 | 50.49 |
| Notifications /wp-admin/admin.php?page=wdf-notification | 5.03 | 49.28 |
Server storage [IO: ▲16.95MB] [DB: ▲0.01MB] 67% from 3 tests
Input-output and database impact of this plugin
Just a few items left to fix
- Illegal file modification detected: 1 file (0.32KB) outside of "wp-content/plugins/defender-security/" and "wp-content/uploads/"
- (new file) wp-content/wp-defender-secrets.php
Filesystem: 1,695 new files
Database: 10 new tables, 10 new options
| New tables |
|---|
| wp_defender_email_log |
| wp_defender_lockout_log |
| wp_defender_lockout |
| wp_defender_scan_item |
| wp_defender_scan |
| wp_actionscheduler_logs |
| wp_actionscheduler_claims |
| wp_actionscheduler_actions |
| wp_actionscheduler_groups |
| wp_defender_audit_log |
| New WordPress options |
|---|
| db_upgraded |
| theysaidso_admin_options |
| widget_recent-posts |
| schema-ActionScheduler_StoreSchema |
| schema-ActionScheduler_LoggerSchema |
| action_scheduler_lock_async-request-runner |
| action_scheduler_hybrid_store_demarkation |
| widget_theysaidso_widget |
| can_compress_scripts |
| widget_recent-comments |
Browser metrics Passed 4 tests
This is an overview of browser requirements for Defender Security - Malware Scanner, Login Security & Firewall
This plugin has a minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,877 ▲106 | 14.09 ▼0.26 | 1.66 ▼0.39 | 43.02 ▼0.59 |
| Dashboard /wp-admin | 2,280 ▲109 | 5.56 ▲0.01 | 82.01 ▼5.73 | 40.69 ▲4.55 |
| Posts /wp-admin/edit.php | 2,188 ▲88 | 1.98 ▼0.03 | 36.14 ▼4.82 | 34.72 ▼4.31 |
| Add New Post /wp-admin/post-new.php | 1,582 ▲54 | 22.56 ▼0.58 | 669.77 ▲41.62 | 57.68 ▲5.56 |
| Media Library /wp-admin/upload.php | 1,488 ▲91 | 4.22 ▲0.05 | 113.55 ▲11.02 | 50.48 ▲8.07 |
| Settings /wp-admin/admin.php?page=wdf-setting | 948 | 3.92 | 67.46 | 79.92 |
| Malware Scanning /wp-admin/admin.php?page=wdf-scan | 948 | 3.91 | 61.82 | 30.09 |
| Defender /wp-admin/admin.php?page=wp-defender | 948 | 3.43 | 44.97 | 30.21 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 1,333 | 1.96 | 24.48 | 31.97 |
| Tutorials /wp-admin/admin.php?page=wdf-tutorial | 948 | 3.41 | 45.88 | 33.21 |
| Audit Logging /wp-admin/admin.php?page=wdf-logging | 948 | 3.42 | 44.39 | 32.31 |
| Recommendations /wp-admin/admin.php?page=wdf-hardener | 948 | 3.39 | 45.66 | 31.34 |
| WAF /wp-admin/admin.php?page=wdf-waf | 948 | 3.35 | 44.76 | 30.58 |
| 2FA /wp-admin/admin.php?page=wdf-2fa | 948 | 3.39 | 45.80 | 29.84 |
| Notifications /wp-admin/admin.php?page=wdf-notification | 948 | 3.39 | 45.03 | 30.58 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.01MB] 50% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
Please fix the following items
- The uninstall procedure failed, leaving 10 tables in the database
- wp_defender_lockout
- wp_defender_scan_item
- wp_actionscheduler_claims
- wp_defender_email_log
- wp_defender_audit_log
- wp_defender_lockout_log
- wp_actionscheduler_actions
- wp_actionscheduler_logs
- wp_defender_scan
- wp_actionscheduler_groups
- Zombie WordPress options were found after uninstall: 11 options
- schema-ActionScheduler_StoreSchema
- action_scheduler_migration_status
- action_scheduler_hybrid_store_demarkation
- theysaidso_admin_options
- can_compress_scripts
- widget_recent-comments
- schema-ActionScheduler_LoggerSchema
- widget_theysaidso_widget
- action_scheduler_lock_async-request-runner
- db_upgraded
- ...
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | This is a short smoke test looking for server-side errors
The smoke test was a success, however most plugin functionality was not tested
SRP 0% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle: PHP files have to remain inert when accessed directly, throwing no errors and performing no actions
Almost there! Just fix the following items
- 5× PHP files output text when accessed directly:
- > /wp-content/plugins/defender-security/src/view/two-fa/providers/biometric.php
- > /wp-content/plugins/defender-security/src/view/main.php
- > /wp-content/plugins/defender-security/vendor/mixpanel/mixpanel-php/examples/error_handling.php
- > /wp-content/plugins/defender-security/src/view/two-fa/providers/totp-enabled.php
- > /wp-content/plugins/defender-security/vendor/mixpanel/mixpanel-php/examples/custom_consumer.php
- 868× GET requests to PHP files trigger server-side errors or Error 500 responses (only 10 are shown):
- > [ Base_MixpanelBase - line 113 ]
Flush called - queue size: 2
- > PHP Fatal error
Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/defender-security/vendor/thecodingmachine/safe/generated/Exceptions/RpminfoException.php:4
- > PHP Fatal error
Trait 'WP_Defender\\Traits\\User' not found in wp-content/plugins/defender-security/src/upgrader.php on line 32
- > PHP Fatal error
Uncaught Error: Interface 'Ramsey\\Uuid\\Exception\\UuidExceptionInterface' not found in wp-content/plugins/defender-security/vendor/ramsey/uuid/src/Exception/NodeException.php:22
- > PHP Fatal error
Uncaught Error: Class 'Calotes\\Model\\Setting' not found in wp-content/plugins/defender-security/src/model/setting/blacklist-lockout.php:14
- > PHP Fatal error
Uncaught Error: Class 'CronExpression_AbstractField' not found in wp-content/plugins/defender-security/vendor/woocommerce/action-scheduler/lib/cron-expression/CronExpression_MonthField.php:8
- > PHP Fatal error
Uncaught Error: Call to undefined function is_admin() in wp-content/plugins/defender-security/extra/recommended-plugins-notice/notice.php:266
- > PHP Fatal error
Uncaught Error: Interface 'League\\Uri\\Contracts\\UriComponentInterface' not found in wp-content/plugins/defender-security/vendor/league/uri-interfaces/src/Contracts/UserInfoInterface.php:16
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_AdminView_Deprecated' not found in wp-content/plugins/defender-security/vendor/woocommerce/action-scheduler/classes/ActionScheduler_AdminView.php:7
- > PHP Fatal error
Uncaught Error: Class 'Cose\\Algorithm\\Signature\\RSA\\PSSRSA' not found in wp-content/plugins/defender-security/vendor/web-auth/cose-lib/src/Algorithm/Signature/RSA/PS256.php:18
- > [ Base_MixpanelBase - line 113 ]
User-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
No browser issues were found
Optimizations
Plugin configuration 90% from 29 tests
readme.txt 94% from 16 tests
Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world
These attributes need to be fixed:
- Tags: Please delete some tags, you are using 26 tag instead of maximum 10
defender-security/wp-defender.php 85% from 13 tests
"Defender Security - Malware Scanner, Login Security & Firewall" version 4.2.1's main PHP file describes plugin functionality and also serves as the entry point to any WordPress functionality
Please make the necessary changes and fix the following:
- Main file name: It is recommended to name the main PHP file as the plugin slug ("defender-security.php" instead of "wp-defender.php")
- Description: If Twitter did it, so should we! Keep the description under 140 characters (currently 189 characters long)
Code Analysis 3% from 3 tests
File types 0% from 1 test
🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors
Almost there! Just fix the following issues
- For security reasons, never distribute binary or executable files with your plugin
- .bat - Batch File in Windows
- ☣ wp-content/plugins/defender-security/vendor/gettext/languages/bin/export-plural-rules.bat
- .bat - Batch File in Windows
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 1,296 | 23,545 | 77,491 | 119,330 |
| JavaScript | 73 | 4,896 | 2,442 | 37,008 |
| HTML | 34 | 1,771 | 169 | 11,482 |
| JSON | 41 | 1 | 0 | 6,351 |
| Markdown | 45 | 1,386 | 0 | 4,022 |
| CSS | 22 | 208 | 56 | 2,512 |
| SVG | 23 | 4 | 28 | 1,467 |
| C | 1 | 118 | 25 | 668 |
| XML | 3 | 7 | 0 | 94 |
| m4 | 1 | 8 | 0 | 32 |
| C/C++ Header | 1 | 4 | 12 | 8 |
| DOS Batch | 1 | 0 | 0 | 1 |
PHP code 50% from 2 tests
This is a short overview of cyclomatic complexity and code structure for this plugin
It is recommended to fix the following
- Method cyclomatic complexity has to be reduced to less than 100 (currently 313)
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.38 |
| Average class complexity | 12.13 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 454.00 |
| Average method complexity | 2.87 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 313.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 165 | |
| Interfaces | 119 | |
| Traits | 33 | |
| Classes | 962 | |
| ▷ Abstract classes | 74 | 7.69% |
| ▷ Concrete classes | 888 | 92.31% |
| ▷ Final classes | 161 | 18.13% |
| Methods | 6,951 | |
| ▷ Static methods | 1,044 | 15.02% |
| ▷ Public methods | 5,626 | 80.94% |
| ▷ Protected methods | 554 | 7.97% |
| ▷ Private methods | 771 | 11.09% |
| Functions | 1,340 | |
| ▷ Named functions | 1,223 | 91.27% |
| ▷ Anonymous functions | 117 | 8.73% |
| Constants | 1,009 | |
| ▷ Global constants | 113 | 11.20% |
| ▷ Class constants | 896 | 88.80% |
| ▷ Public constants | 766 | 85.49% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
It is recommended to compress PNG files in your plugin to minimize bandwidth usage
56 PNG files occupy 0.32MB with 0.13MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| extra/recommended-plugins-notice/assets/images/plugins-forminator.png | 11.71KB | 4.57KB | ▼ 60.99% |
| assets/img/plugins-smush-icon.png | 2.12KB | 1.33KB | ▼ 37.37% |
| extra/free-dashboard/assets/images/giveaway/form/branda.png | 3.54KB | 2.16KB | ▼ 38.99% |
| vendor/mixpanel/mixpanel-php/docs/images/icon-trait-13x13.png | 0.33KB | 0.23KB | ▼ 30.59% |
| assets/email-images/logo.png | 0.96KB | 0.65KB | ▼ 32.08% |