Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | Checking the installer triggered no errors
Installer ran successfully
Server metrics [RAM: ▲1.30MB] [CPU: ▲3.94ms] Passed 4 tests
Server-side resources used by Malware Scanner
This plugin has minimal impact on server resources
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 4.89 ▲1.43 | 54.55 ▲12.59 |
| Dashboard /wp-admin | 4.64 ▲1.30 | 61.33 ▼2.35 |
| Posts /wp-admin/edit.php | 4.69 ▲1.34 | 61.00 ▲17.83 |
| Add New Post /wp-admin/post-new.php | 7.18 ▲1.29 | 92.74 ▼12.32 |
| Media Library /wp-admin/upload.php | 4.50 ▲1.27 | 52.33 ▲21.99 |
| Dashboard /wp-admin/admin.php?page=mo_mmp_dashboard | 4.54 | 75.61 |
| Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking | 4.59 | 56.41 |
| Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan | 4.68 | 51.19 |
| Backup /wp-admin/admin.php?page=mo_mmp_backup | 4.57 | 55.96 |
| Reports /wp-admin/admin.php?page=mo_mmp_reports | 4.56 | 51.29 |
| Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam | 4.63 | 55.55 |
| Notifications /wp-admin/admin.php?page=mo_mmp_notifications | 4.61 | 57.92 |
| Troubleshooting /wp-admin/admin.php?page=mo_mmp_troubleshooting | 4.54 | 48.95 |
| WAF /wp-admin/admin.php?page=mo_mmp_waf | 4.69 | 55.66 |
| Account /wp-admin/admin.php?page=mo_mmp_account | 4.62 | 52.83 |
Server storage [IO: ▲1.15MB] [DB: ▲0.01MB] Passed 3 tests
Analyzing filesystem and database footprints of this plugin
There were no storage issued detected upon installing this plugin
Filesystem: 116 new files
Database: 11 new tables, 33 new options
| New tables |
|---|
| wp_wpns_malware_scan_report_details |
| wp_wpns_blocked_ips |
| wp_wpns_transactions |
| wp_wpns_attack_logs |
| wp_wpns_email_sent_audit |
| wp_wpns_files_scan |
| wp_wpns_malware_hash_file |
| wp_wpns_whitelisted_ips |
| wp_wpns_ip_rate_details |
| wp_wpns_malware_scan_report |
| ... |
| New WordPress options |
|---|
| LFIAttack |
| mo_mmp_switch_adv_block |
| mo_wpns_enable_brute_force |
| mo_mmp_switch_notif |
| XSSAttack |
| mo_mmp_check_sql_injection |
| RCEAttack |
| mo_mmp_scan_themes |
| mo_mmp_check_vulnerable_code |
| mo_wpns_show_remaining_attempts |
| ... |
Browser metrics Passed 4 tests
An overview of browser requirements for Malware Scanner
Minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,982 ▲221 | 14.61 ▲0.24 | 1.68 ▲0.03 | 39.60 ▼7.08 |
| Dashboard /wp-admin | 2,373 ▲193 | 5.64 ▼0.21 | 85.40 ▼13.12 | 79.92 ▲38.58 |
| Posts /wp-admin/edit.php | 2,192 ▲89 | 2.11 ▲0.12 | 38.33 ▲2.75 | 36.37 ▲6.93 |
| Add New Post /wp-admin/post-new.php | 1,595 ▲61 | 22.92 ▲4.77 | 663.70 ▲47.44 | 148.12 ▲83.97 |
| Media Library /wp-admin/upload.php | 1,489 ▲86 | 4.24 ▲0.04 | 100.27 ▲4.85 | 67.24 ▲27.89 |
| Dashboard /wp-admin/admin.php?page=mo_mmp_dashboard | 1,185 | 2.26 | 29.93 | 39.18 |
| Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking | 2,181 | 2.37 | 31.27 | 42.25 |
| Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan | 1,800 | 2.45 | 45.87 | 32.65 |
| Backup /wp-admin/admin.php?page=mo_mmp_backup | 1,179 | 2.29 | 29.19 | 30.02 |
| Reports /wp-admin/admin.php?page=mo_mmp_reports | 1,501 | 2.57 | 46.40 | 33.54 |
| Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam | 1,527 | 2.29 | 32.04 | 34.97 |
| Notifications /wp-admin/admin.php?page=mo_mmp_notifications | 2,060 | 8.70 | 165.16 | 80.32 |
| Troubleshooting /wp-admin/admin.php?page=mo_mmp_troubleshooting | 1,195 | 2.26 | 28.24 | 28.39 |
| WAF /wp-admin/admin.php?page=mo_mmp_waf | 2,216 | 2.52 | 51.01 | 50.52 |
| Account /wp-admin/admin.php?page=mo_mmp_account | 1,177 | 2.28 | 29.12 | 33.90 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 50% from 4 tests
🔸 Tests weight: 35 | Checking the uninstaller removed all traces of the plugin
You still need to fix the following
- The plugin did not uninstall successfully, leaving 1 table in the database
- wp_wpns_ip_rate_details
- Zombie WordPress options detected upon uninstall: 17 options
- RFIAttack
- widget_recent-comments
- XSSAttack
- RCEAttack
- WAFEnabled
- widget_recent-posts
- limitAttack
- actionRateL
- LFIAttack
- theysaidso_admin_options
- ...
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Good news, no errors were detected
SRP 0% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle applies for WordPress plugins as well - please make sure your PHP files perform no actions when accessed directly
Please fix the following items
- 5× PHP files perform the action of outputting non-empty strings when accessed directly:
- > /wp-content/plugins/miniorange-malware-protection/views/troubleshooting.php
- > /wp-content/plugins/miniorange-malware-protection/handler/mo-block.php
- > /wp-content/plugins/miniorange-malware-protection/controllers/malware_scanner/scan_malware.php
- > /wp-content/plugins/miniorange-malware-protection/handler/mo-error.php
- > /wp-content/plugins/miniorange-malware-protection/views/login_spam.php
- 126× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function plugins_url() in wp-content/plugins/miniorange-malware-protection/controllers/change-password.php:7
- > PHP Warning
include(): Failed opening 'views/link_tracers.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/miniorange-malware-protection/views/advanced-blocking.php on line 4
- > PHP Warning
include_once(): Failed opening 'views/malware_scanner/scan_summary_view.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/miniorange-malware-protection/controllers/malware_scanner/scan_malware_summary.php on line 3
- > PHP Fatal error
Uncaught Error: Call to undefined function add_action() in wp-content/plugins/miniorange-malware-protection/handler/ajax.php:7
- > PHP Notice
Trying to access array offset on value of type null in wp-content/plugins/miniorange-malware-protection/views/advanced-blocking.php on line 12
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/miniorange-malware-protection/views/account/login.php:14
- > PHP Warning
Use of undefined constant ABSPATH - assumed 'ABSPATH' (this will throw an Error in a future version of PHP) in wp-content/plugins/miniorange-malware-protection/database/database_functions.php on line 3
- > PHP Fatal error
Uncaught Error: Call to undefined function add_query_arg() in wp-content/plugins/miniorange-malware-protection/controllers/login-security.php:5
- > PHP Warning
include_once(views/malware_scanner/scan_summary_view.php): failed to open stream: No such file or directory in wp-content/plugins/miniorange-malware-protection/controllers/malware_scanner/scan_malware_summary.php on line 3
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/miniorange-malware-protection/views/registration-security.php:13
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | A shallow check that no browser errors were triggered
Everything seems fine on the user side
Optimizations
Plugin configuration 96% from 29 tests
readme.txt Passed 16 tests
Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world
No tags were found
miniorange-malware-protection/mo_malware_protection_widget.php 92% from 13 tests
This is the main PHP file of "Malware Scanner" version 4.7, providing information about the plugin in the header fields and serving as the principal entry point to the plugin's functions
You should first fix the following items:
- Main file name: Name the main plugin file the same as the plugin slug ("miniorange-malware-protection.php" instead of "mo_malware_protection_widget.php")
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | This is an overview of programming languages used in this plugin; dangerous file extensions are not allowed
There were no executable files found in this plugin16,482 lines of code in 101 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 89 | 1,943 | 133 | 13,334 |
| CSS | 7 | 224 | 58 | 2,905 |
| JavaScript | 5 | 23 | 16 | 243 |
PHP code Passed 2 tests
Analyzing logical lines of code, cyclomatic complexity, and other code metrics
All good! No complexity issues found
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.31 |
| Average class complexity | 35.96 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 257.00 |
| Average method complexity | 4.12 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 45.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 0 | |
| Interfaces | 0 | |
| Traits | 0 | |
| Classes | 26 | |
| ▷ Abstract classes | 0 | 0.00% |
| ▷ Concrete classes | 26 | 100.00% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 291 | |
| ▷ Static methods | 16 | 5.50% |
| ▷ Public methods | 270 | 92.78% |
| ▷ Protected methods | 0 | 0.00% |
| ▷ Private methods | 21 | 7.22% |
| Functions | 81 | |
| ▷ Named functions | 81 | 100.00% |
| ▷ Anonymous functions | 0 | 0.00% |
| Constants | 127 | |
| ▷ Global constants | 2 | 1.57% |
| ▷ Class constants | 125 | 98.43% |
| ▷ Public constants | 125 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
PNG files should be compressed to save space and minimize bandwidth usage
13 PNG files occupy 0.20MB with 0.11MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| includes/images/success.png | 15.72KB | 1.48KB | ▼ 90.60% |
| includes/images/flags16.png | 61.80KB | 19.90KB | ▼ 67.79% |
| includes/images/miniorange_logo.png | 1.95KB | 1.16KB | ▼ 40.58% |
| includes/images/support3.png | 2.49KB | 2.11KB | ▼ 15.28% |
| includes/images/smile.png | 17.89KB | 8.79KB | ▼ 50.86% |