78% jwt-auth

Code Review | JWT Auth - WordPress JSON Web Token Authentication

WordPress plugin JWT Auth - WordPress JSON Web Token Authentication scored78%from 54 tests.

About plugin

  • Plugin page: jwt-auth
  • Plugin version: 2.1.6
  • PHP compatiblity: 7.2+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.2-6.1
  • WordPress version: 6.3.1
  • First release: May 5, 2020
  • Latest release: Oct 26, 2023
  • Number of updates: 50
  • Update frequency: every 25.4 days
  • Top authors: contactjavas (84%)dominic_ks (12%)jwtauthbot (8%)

Code review

54 tests

User reviews

21 reviews

Install metrics

5,000+ active /58,010 total downloads

Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | It is important to correctly install your plugin, without throwing errors or notices
The plugin installed gracefully, with no errors

Server metrics [RAM: ▲0.23MB] [CPU: ▼5.10ms] Passed 4 tests

This is a short check of server-side resources used by JWT Auth - WordPress JSON Web Token Authentication
Server-side resource usage in normal parameters
PageMemory (MB)CPU Time (ms)
Home /3.68 ▲0.2134.70 ▼3.18
Dashboard /wp-admin3.53 ▲0.2245.89 ▼0.90
Posts /wp-admin/edit.php3.64 ▲0.2949.10 ▼0.37
Add New Post /wp-admin/post-new.php6.13 ▲0.2581.52 ▼15.96
Media Library /wp-admin/upload.php3.45 ▲0.2237.58 ▲3.38

Server storage [IO: ▲0.16MB] [DB: ▲0.00MB] Passed 3 tests

Filesystem and database footprint
This plugin installed successfully
Filesystem: 35 new files
Database: no new tables, 6 new options
New WordPress options
widget_recent-comments
theysaidso_admin_options
widget_recent-posts
widget_theysaidso_widget
db_upgraded
can_compress_scripts

Browser metrics Passed 4 tests

JWT Auth - WordPress JSON Web Token Authentication: an overview of browser usage
This plugin has a minimal impact on browser resources
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,814 ▲5314.37 ▼0.361.68 ▼0.0840.63 ▲0.32
Dashboard /wp-admin2,223 ▲465.62 ▼0.0083.95 ▼0.6138.74 ▼0.47
Posts /wp-admin/edit.php2,129 ▲262.07 ▲0.1136.14 ▼4.4434.71 ▼4.16
Add New Post /wp-admin/post-new.php1,555 ▲2718.18 ▼4.93619.62 ▼78.9067.74 ▲10.03
Media Library /wp-admin/upload.php1,428 ▲254.28 ▲0.0496.39 ▼12.8442.63 ▼6.12

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
You still need to fix the following
  • Zombie WordPress options detected upon uninstall: 6 options
    • widget_recent-comments
    • db_upgraded
    • can_compress_scripts
    • widget_recent-posts
    • widget_theysaidso_widget
    • theysaidso_admin_options

Smoke tests 50% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors
Good news, no errors were detected

SRP 0% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Please take a closer look at the following
  • 1× PHP files perform the task of outputting text when accessed with GET requests:
    • > /wp-content/plugins/jwt-auth/jwt-auth.php
  • 2× GET requests to PHP files trigger server-side errors or Error 500 responses:
    • > PHP Fatal error
      Uncaught Error: Interface 'Firebase\\JWT\\JWTExceptionWithPayloadInterface' not found in wp-content/plugins/jwt-auth/vendor/firebase/php-jwt/src/ExpiredException.php:5
    • > PHP Fatal error
      Uncaught Error: Interface 'Firebase\\JWT\\JWTExceptionWithPayloadInterface' not found in wp-content/plugins/jwt-auth/vendor/firebase/php-jwt/src/BeforeValidException.php:5

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
No browser issues were found

Optimizations

Plugin configuration 97% from 29 tests

readme.txt 94% from 16 tests

You should put a lot of thought into formatting readme.txt as it is used by WordPress.org to prepare the public listing of your plugin
These attributes need your attention:
  • Screenshots: These screenshots have no corresponding images in /assets: #1 (Success response when trying to generate token), #2 (Error response when trying to generate token), #3 (Other error responses)
The official readme.txt might help

jwt-auth/jwt-auth.php Passed 13 tests

This is the main PHP file of "JWT Auth - WordPress JSON Web Token Authentication" version 2.1.6, providing information about the plugin in the header fields and serving as the principal entry point to the plugin's functions
29 characters long description:
WordPress JWT Authentication.

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | A short glimpse at programming languages used with this plugin and a check that no dangerous files are present
Success! There were no dangerous files found in this plugin2,548 lines of code in 30 files:
LanguageFilesBlank linesComment linesLines of code
PHP255111,2052,286
Markdown2640120
JSON100116
JavaScript17324
YAML1002

PHP code Passed 2 tests

A brief analysis of cyclomatic complexity and code structure for this plugin
Everything seems fine, there were no complexity issues found
Cyclomatic complexity
Average complexity per logical line of code0.45
Average class complexity19.94
▷ Minimum class complexity1.00
▷ Maximum class complexity76.00
Average method complexity3.74
▷ Minimum method complexity1.00
▷ Maximum method complexity22.00
Code structure
Namespaces4
Interfaces1
Traits0
Classes16
▷ Abstract classes00.00%
▷ Concrete classes16100.00%
▷ Final classes00.00%
Methods122
▷ Static methods5040.98%
▷ Public methods9779.51%
▷ Protected methods00.00%
▷ Private methods2520.49%
Functions3
▷ Named functions00.00%
▷ Anonymous functions3100.00%
Constants12
▷ Global constants325.00%
▷ Class constants975.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Often times overlooked, PNG files can occupy unnecessary space in your plugin
There were not PNG files found in your plugin