73% hillstone-wp-sso

Code Review | Hillstone WP SSO

WordPress plugin Hillstone WP SSO scored73%from 54 tests.

About plugin

  • Plugin page: hillstone-wp-sso
  • Plugin version: 1.2.10
  • PHP version: 7.4.16
  • WordPress compatibility: 3.1.0-5.8
  • WordPress version: 6.3.1
  • First release: Dec 21, 2015
  • Latest release: Aug 27, 2021
  • Number of updates: 23
  • Update frequency: every 90.4 days
  • Top authors: hillstone (100%)

Code review

54 tests

User reviews

1 review

Install metrics

10+ active /728 total downloads


Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Checking the installer triggered no errors
The plugin installed gracefully, with no errors

Server metrics [RAM: ▲0.08MB] [CPU: ▼1.86ms] Passed 4 tests

Analyzing server-side resources used by Hillstone WP SSO
This plugin has minimal impact on server resources
PageMemory (MB)CPU Time (ms)
Home /3.54 ▲0.0843.56 ▲2.19
Dashboard /wp-admin3.39 ▲0.0952.45 ▼3.42
Posts /wp-admin/edit.php3.50 ▲0.1555.31 ▲4.75
Add New Post /wp-admin/post-new.php5.97 ▲0.0887.67 ▼9.07
Media Library /wp-admin/upload.php3.31 ▲0.0842.00 ▲2.86
Hillstone SSO /wp-admin/options-general.php?page=hillstone-sso3.2934.58

Server storage [IO: ▲0.09MB] [DB: ▲0.00MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
There were no storage issued detected upon installing this plugin
Filesystem: 12 new files
Database: no new tables, 7 new options
New WordPress options

Browser metrics Passed 4 tests

A check of browser resources used by Hillstone WP SSO
There were no issues detected in relation to browser resource usage
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,793 ▲3214.24 ▼0.111.61 ▼0.0844.99 ▲3.05
Dashboard /wp-admin2,202 ▲255.62 ▼0.0396.19 ▲1.3837.00 ▼3.57
Posts /wp-admin/edit.php2,107 ▲41.98 ▼0.0345.00 ▲4.7437.50 ▼1.90
Add New Post /wp-admin/post-new.php1,529 ▼823.16 ▲4.88704.23 ▲47.4160.71 ▼16.78
Media Library /wp-admin/upload.php1,407 ▲104.23 ▲0.04101.54 ▼0.1046.22 ▼0.47
Hillstone SSO /wp-admin/options-general.php?page=hillstone-sso9051.9927.6931.71

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces
The following items require your attention
  • Zombie WordPress options were found after uninstall: 6 options
    • widget_recent-posts
    • can_compress_scripts
    • widget_recent-comments
    • theysaidso_admin_options
    • widget_theysaidso_widget
    • db_upgraded

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A shallow check that no server-side errors were triggered
Even though no errors were found, this is by no means an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please take a closer look at the following
  • 1× GET requests to PHP files have triggered server-side errors or warnings:
    • > PHP Fatal error
      Uncaught Error: Call to undefined function get_bloginfo() in wp-content/plugins/hillstone-wp-sso/LoginPage.php:4

User-side errors Passed 1 test

🔹 Test weight: 20 | This is just a short smoke test looking for browser issues
No browser issues were found


Plugin configuration 90% from 29 tests

readme.txt 94% from 16 tests

The readme.txt file uses markdown syntax to describe your plugin to the world
Attributes that need to be fixed:
  • Screenshots: Screenshot #1 (The Settings page is where you'll configure the plugin.) image missing
You can take inspiration from this readme.txt

hillstone-wp-sso/Hillstone-WP-SSO.php 85% from 13 tests

The entry point to "Hillstone WP SSO" version 1.2.10 is a PHP file that has certain tags in its header comment area
Please make the necessary changes and fix the following:
  • Main file name: Even though not officially enforced, the main plugin file should be the same as the plugin slug ("hillstone-wp-sso.php" instead of "Hillstone-WP-SSO.php")
  • Text Domain: You no longer need to specify the text domain since WordPress 4.6; it must be the same as the plugin slug

Code Analysis 5% from 3 tests

File types 0% from 1 test

🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
Almost there! Just fix the following issues
  • Do not include executable or dangerous files in your plugin
    • .crt - Security Certificate in Firefox, IE, Chrome, Safari
      • wp-content/plugins/hillstone-wp-sso/cert/ca.crt
591 lines of code in 6 files:
LanguageFilesBlank linesComment linesLines of code
PO File181228

PHP code Passed 2 tests

Analyzing cyclomatic complexity and code structure
All good! No complexity issues found
Cyclomatic complexity
Average complexity per logical line of code0.27
Average class complexity55.00
▷ Minimum class complexity55.00
▷ Maximum class complexity55.00
Average method complexity2.69
▷ Minimum method complexity1.00
▷ Maximum method complexity17.00
Code structure
▷ Abstract classes00.00%
▷ Concrete classes1100.00%
▷ Final classes00.00%
▷ Static methods13.12%
▷ Public methods32100.00%
▷ Protected methods00.00%
▷ Private methods00.00%
▷ Named functions1100.00%
▷ Anonymous functions00.00%
▷ Global constants00.00%
▷ Class constants00.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin
2 PNG files occupy 0.05MB with 0.03MB in potential savings
Potential savings
Compression of 2 random PNG files using pngquant
FileSize - originalSize - compressedSavings
screenshot-1.png48.68KB22.07KB▼ 54.66%
image/logo.png6.26KB2.12KB▼ 66.10%