Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | The install procedure must perform silently
Installer ran successfully
Server metrics [RAM: ▲0.19MB] [CPU: ▼2.80ms] Passed 4 tests
Analyzing server-side resources used by GD Security Headers
No issues were detected with server-side resource usage
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 3.63 ▲0.17 | 47.89 ▲4.99 |
| Dashboard /wp-admin | 3.50 ▲0.20 | 49.66 ▼0.53 |
| Posts /wp-admin/edit.php | 3.55 ▲0.20 | 48.14 ▼3.87 |
| Add New Post /wp-admin/post-new.php | 6.08 ▲0.20 | 87.00 ▼11.78 |
| Media Library /wp-admin/upload.php | 3.42 ▲0.20 | 45.18 ▲12.93 |
Server storage [IO: ▲2.67MB] [DB: ▲0.02MB] Passed 3 tests
A short overview of filesystem and database impact
No storage issues were detected
Filesystem: 197 new files
Database: 2 new tables, 6 new options
| New tables |
|---|
| wp_gdsec_xxp_reports |
| wp_gdsec_csp_reports |
| New WordPress options |
|---|
| widget_recent-comments |
| db_upgraded |
| widget_theysaidso_widget |
| theysaidso_admin_options |
| widget_recent-posts |
| can_compress_scripts |
Browser metrics Passed 4 tests
GD Security Headers: an overview of browser usage
Minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,861 ▲100 | 14.36 ▲0.01 | 2.16 ▲0.52 | 46.78 ▼1.84 |
| Dashboard /wp-admin | 2,264 ▲87 | 5.68 ▲0.15 | 103.33 ▲12.17 | 49.20 ▲7.68 |
| Posts /wp-admin/edit.php | 2,175 ▲78 | 2.05 ▲0.03 | 45.17 ▲9.23 | 46.05 ▲13.90 |
| Add New Post /wp-admin/post-new.php | 1,569 ▲34 | 23.13 ▲5.00 | 677.54 ▲52.94 | 63.97 ▼4.29 |
| Media Library /wp-admin/upload.php | 1,472 ▲72 | 4.19 ▼0.08 | 117.36 ▲19.19 | 50.55 ▲5.69 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.02MB] 50% from 4 tests
🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
It is recommended to fix the following
- The plugin did not uninstall successfully, leaving 2 tables in the database
- wp_gdsec_xxp_reports
- wp_gdsec_csp_reports
- The uninstall procedure has failed, leaving 6 options in the database
- widget_recent-posts
- widget_theysaidso_widget
- widget_recent-comments
- can_compress_scripts
- db_upgraded
- theysaidso_admin_options
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | A smoke test targeting server-side errors
Even though everything seems fine, this is not an exhaustive test
SRP 0% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle: PHP files have to remain inert when accessed directly, throwing no errors and performing no actions
Please take a closer look at the following
- 1× GET requests to PHP files return non-empty strings:
- > /wp-content/plugins/gd-security-headers/forms/about/whatsnew.php
- 23× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_html_e() in wp-content/plugins/gd-security-headers/forms/dashboard/headers.php:2
- > PHP Fatal error
Uncaught Error: Call to undefined function do_action() in wp-content/plugins/gd-security-headers/forms/shared/top.php:3
- > PHP Warning
include(GDSIH_PATHforms/about/minor.php): failed to open stream: No such file or directory in wp-content/plugins/gd-security-headers/forms/about/whatsnew.php on line 1
- > PHP Warning
include(GDSIH_D4PLIBshared/d4p.about-plugins.php): failed to open stream: No such file or directory in wp-content/plugins/gd-security-headers/forms/about/dev4press.php on line 1
- > PHP Warning
include(): Failed opening 'GDSIH_PATHforms/about/minor.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/gd-security-headers/forms/about/whatsnew.php on line 1
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_html_e() in wp-content/plugins/gd-security-headers/forms/dashboard/reports.php:2
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_html_e() in wp-content/plugins/gd-security-headers/forms/about/info.php:5
- > PHP Fatal error
Uncaught Error: Call to undefined function plugins_url() in wp-content/plugins/gd-security-headers/gd-security-headers.php:35
- > PHP Warning
Use of undefined constant GDSIH_D4PLIB - assumed 'GDSIH_D4PLIB' (this will throw an Error in a future version of PHP) in wp-content/plugins/gd-security-headers/forms/about/dev4press.php on line 1
- > PHP Warning
include(): Failed opening 'GDSIH_D4PLIBshared/d4p.about-plugins.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/gd-security-headers/forms/about/dev4press.php on line 1
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | This is just a short smoke test looking for browser issues
Everything seems fine, but this is not an exhaustive test
Optimizations
Plugin configuration 96% from 29 tests
readme.txt Passed 16 tests
The readme.txt file is an important file in your plugin as it is parsed by WordPress.org to prepare the public listing of your plugin
9 plugin tags: csp, security headers, permission policy, dev4press, content security policy...
gd-security-headers/gd-security-headers.php 92% from 13 tests
The main PHP script in "GD Security Headers" version 1.7.1 is automatically included on every request by WordPress
You should first fix the following items:
- Description: If Twitter did it, so should we! Keep the description under 140 characters (currently 153 characters long)
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
No dangerous file extensions were detected17,259 lines of code in 157 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 104 | 2,670 | 809 | 10,391 |
| SVG | 2 | 0 | 0 | 3,151 |
| CSS | 25 | 724 | 38 | 3,138 |
| JavaScript | 26 | 129 | 59 | 579 |
PHP code Passed 2 tests
A short review of cyclomatic complexity and code structure
No complexity issues detected
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.43 |
| Average class complexity | 15.00 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 113.00 |
| Average method complexity | 2.73 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 58.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 0 | |
| Interfaces | 0 | |
| Traits | 0 | |
| Classes | 66 | |
| ▷ Abstract classes | 12 | 18.18% |
| ▷ Concrete classes | 54 | 81.82% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 558 | |
| ▷ Static methods | 21 | 3.76% |
| ▷ Public methods | 416 | 74.55% |
| ▷ Protected methods | 67 | 12.01% |
| ▷ Private methods | 75 | 13.44% |
| Functions | 141 | |
| ▷ Named functions | 141 | 100.00% |
| ▷ Anonymous functions | 0 | 0.00% |
| Constants | 64 | |
| ▷ Global constants | 24 | 37.50% |
| ▷ Class constants | 40 | 62.50% |
| ▷ Public constants | 40 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
PNG files should be compressed to save space and minimize bandwidth usage
1 PNG file occupies 0.08MB with 0.05MB in potential savings
Potential savings
| Compression of 1 random PNG file using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| d4plib/resources/flags/flags.png | 79.53KB | 25.86KB | ▼ 67.48% |