Benchmarks
Plugin footprint 82% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | The install procedure must perform silently
The plugin installed gracefully, with no errors
Server metrics [RAM: ▲0.08MB] [CPU: ▼293.54ms] 75% from 4 tests
This is a short check of server-side resources used by miniOrange Penetration Testing Tool
The following require your attention
- CPU: You should keep total CPU usage under 500.00ms (currently 1,652.24ms on /wp-admin/admin.php?page=moSPT_site_statistics)
Page | Memory (MB) | CPU Time (ms) |
---|---|---|
Home / | 3.68 ▲0.16 | 55.27 ▲4.59 |
Dashboard /wp-admin | 3.52 ▲0.11 | 33.99 ▼1.54 |
Posts /wp-admin/edit.php | 3.74 ▲0.10 | 39.87 ▲2.81 |
Add New Post /wp-admin/post-new.php | 6.98 ▲0.01 | 91.35 ▼1,175.50 |
Media Library /wp-admin/upload.php | 3.39 ▲0.10 | 23.45 ▲0.07 |
Summary /wp-admin/admin.php?page=moSPT_site_statistics | 3.42 | 1,652.24 |
Account /wp-admin/admin.php?page=moSPT_site_account | 3.49 | 32.59 |
Scan /wp-admin/admin.php?page=moSPT_site_PenTest | 3.39 | 28.87 |
Server storage [IO: ▲0.73MB] [DB: ▲0.00MB] Passed 3 tests
A short overview of filesystem and database impact
This plugin was installed successfully
Filesystem: 42 new files
Database: no new tables, 3 new options
New WordPress options |
---|
mo_wpns_new_registration |
mo_2factor_user_registration_status |
MoSPT_dbversion |
Browser metrics Passed 4 tests
An overview of browser requirements for miniOrange Penetration Testing Tool
This plugin has a minimal impact on browser resources
Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
---|---|---|---|---|
Home / | 3,801 ▲57 | 15.93 ▲0.25 | 5.87 ▼0.02 | 2.08 ▼0.40 |
Dashboard /wp-admin | 2,931 ▲70 | 6.13 ▲0.02 | 116.21 ▼19.79 | 171.61 ▲3.94 |
Posts /wp-admin/edit.php | 2,725 ▲34 | 3.24 ▲0.00 | 62.81 ▼0.84 | 145.50 ▲4.14 |
Add New Post /wp-admin/post-new.php | 1,693 ▲32 | 18.16 ▲1.94 | 376.08 ▼45.68 | 195.83 ▲46.70 |
Media Library /wp-admin/upload.php | 1,741 ▲43 | 5.71 ▲0.25 | 121.53 ▼12.84 | 204.84 ▲13.46 |
Summary /wp-admin/admin.php?page=moSPT_site_statistics | 1,416 | 3.14 | 65.15 | 211.98 |
Account /wp-admin/admin.php?page=moSPT_site_account | 1,273 | 2.76 | 65.64 | 175.56 |
Scan /wp-admin/admin.php?page=moSPT_site_PenTest | 1,310 | 2.98 | 66.09 | 233.72 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests
🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
Please fix the following items
- Zombie WordPress options detected upon uninstall: 2 options
- mo_wpns_new_registration
- mo_2factor_user_registration_status
Smoke tests 25% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
Even though everything seems fine, this is not an exhaustive test
SRP 0% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle applies for WordPress plugins as well - please make sure your PHP files perform no actions when accessed directly
Please fix the following
- 1× PHP files perform the task of outputting text when accessed with GET requests:
- > /wp-content/plugins/miniorange-penetration-testing-tool/views/SitePenTest_statistics.php
- 29× PHP files trigger server errors when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function add_action() in wp-content/plugins/miniorange-penetration-testing-tool/controllers/PenTest/ajax.php:7
- > PHP Fatal error
Uncaught Error: Call to undefined function sanitize_text_field() in wp-content/plugins/miniorange-penetration-testing-tool/views/navbar.php:11
- > PHP Fatal error
Uncaught Error: Call to undefined function site_url() in wp-content/plugins/miniorange-penetration-testing-tool/views/SitePenTest_statistics.php:100
- > PHP Fatal error
Uncaught Error: Call to undefined function get_site_option() in wp-content/plugins/miniorange-penetration-testing-tool/controllers/PenTest/registeration.php:2
- > PHP Fatal error
Uncaught Error: Class 'MoSPT_ajax' not found in wp-content/plugins/miniorange-penetration-testing-tool/controllers/PenTest/statistics.php:2
- > PHP Warning
include(): Failed opening 'controllers/navbar.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/miniorange-penetration-testing-tool/controllers/main_controller.php on line 5
- > PHP Notice
Undefined variable: logo_url in wp-content/plugins/miniorange-penetration-testing-tool/views/navbar.php on line 4
- > PHP Notice
Undefined variable: midCount in wp-content/plugins/miniorange-penetration-testing-tool/views/SitePenTest_statistics.php on line 31
- > PHP Fatal error
Uncaught Error: Call to undefined function plugin_dir_url() in wp-content/plugins/miniorange-penetration-testing-tool/controllers/navbar.php:3
- > PHP Fatal error
Uncaught Error: Call to undefined function current_user_can() in wp-content/plugins/miniorange-penetration-testing-tool/controllers/PenTest/account.php:4
- > PHP Fatal error
User-side errors 0% from 1 test
🔹 Test weight: 20 | A shallow check that no browser errors were triggered
Please fix the following user-side errors
- > GET request to /wp-admin/admin.php?page=moSPT_site_statistics
- > Javascript (severe) in unknown
/wp-admin/admin.php?page=moSPT_site_statistics 264:43 Uncaught SyntaxError: Unexpected token ','
Optimizations
Plugin configuration 96% from 29 tests
readme.txt Passed 16 tests
It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
5 plugin tags: security, pentest, vulnerabilities, penetration, analysis
miniorange-penetration-testing-tool/miniorange_mospt_settings.php 92% from 13 tests
"miniOrange Penetration Testing Tool" version 1.0.4's main PHP file describes plugin functionality and also serves as the entry point to any WordPress functionality
It is important to fix the following:
- Main file name: The principal plugin file should be the same as the plugin slug ("miniorange-penetration-testing-tool.php" instead of "miniorange_mospt_settings.php")
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | There should be no dangerous file extensions present in any WordPress plugin
No dangerous file extensions were detected17,047 lines of code in 31 files:
Language | Files | Blank lines | Comment lines | Lines of code |
---|---|---|---|---|
CSS | 4 | 2,381 | 21 | 15,410 |
PHP | 24 | 232 | 15 | 1,469 |
JavaScript | 3 | 3 | 25 | 168 |
PHP code Passed 2 tests
A short review of cyclomatic complexity and code structure
This plugin has no cyclomatic complexity issues
Cyclomatic complexity | |
---|---|
Average complexity per logical line of code | 0.28 |
Average class complexity | 6.12 |
▷ Minimum class complexity | 1.00 |
▷ Maximum class complexity | 22.00 |
Average method complexity | 2.24 |
▷ Minimum method complexity | 1.00 |
▷ Maximum method complexity | 18.00 |
Code structure | ||
---|---|---|
Namespaces | 0 | |
Interfaces | 0 | |
Traits | 0 | |
Classes | 8 | |
▷ Abstract classes | 0 | 0.00% |
▷ Concrete classes | 8 | 100.00% |
▷ Final classes | 0 | 0.00% |
Methods | 33 | |
▷ Static methods | 2 | 6.06% |
▷ Public methods | 33 | 100.00% |
▷ Protected methods | 0 | 0.00% |
▷ Private methods | 0 | 0.00% |
Functions | 13 | |
▷ Named functions | 13 | 100.00% |
▷ Anonymous functions | 0 | 0.00% |
Constants | 20 | |
▷ Global constants | 2 | 10.00% |
▷ Class constants | 18 | 90.00% |
▷ Public constants | 18 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
PNG files should be compressed to save space and minimize bandwidth usage
10 PNG files occupy 0.11MB with 0.05MB in potential savings
Potential savings
Compression of 5 random PNG files using pngquant | |||
---|---|---|---|
File | Size - original | Size - compressed | Savings |
includes/images/normal.png | 15.74KB | 7.91KB | ▼ 49.78% |
includes/images/normal1.png | 15.74KB | 7.91KB | ▼ 49.78% |
includes/images/sad.png | 18.16KB | 8.79KB | ▼ 51.62% |
includes/images/angry.png | 20.40KB | 9.65KB | ▼ 52.68% |
includes/images/miniorange_logo.png | 1.95KB | 1.16KB | ▼ 40.58% |