Benchmarks

Plugin footprint 65% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Checking the installer triggered no errors

This plugin's installer ran successfully

Server metrics [RAM: ▲0.29MB] [CPU: ▼1.97ms] Passed 4 tests

Server-side resources used by WP OAuth Server (OAuth Authentication)

This plugin does not affect your website's performance

Page	Memory (MB)	CPU Time (ms)
Home /	3.72 ▲0.25	39.33 ▲2.74
Dashboard /wp-admin	3.62 ▲0.27	52.12 ▼7.18
Posts /wp-admin/edit.php	3.73 ▲0.37	46.60 ▲2.09
Add New Post /wp-admin/post-new.php	6.22 ▲0.33	96.28 ▼5.36
Media Library /wp-admin/upload.php	3.54 ▲0.31	36.27 ▲2.59
Edit Clients /wp-admin/admin.php?page=wo_edit_client	3.51	32.05
Clients /wp-admin/admin.php?page=wo_manage_clients	3.53	36.05
Settings /wp-admin/admin.php?page=wo_settings	3.51	31.53
Add Client /wp-admin/admin.php?page=wo_add_client	3.51	32.81
Status /wp-admin/admin.php?page=wo_server_status	3.52	33.54

Server storage [IO: ▲0.71MB] [DB: ▲0.01MB] Passed 3 tests

A short overview of filesystem and database impact

This plugin installed successfully

Filesystem: 111 new files

Database: 6 new tables, 10 new options

New tables
wp_oauth_refresh_tokens
wp_oauth_scopes
wp_oauth_public_keys
wp_oauth_jwt
wp_oauth_authorization_codes
wp_oauth_access_tokens

New WordPress options
wp_oauth_server_db_version
wpoauth_version
widget_theysaidso_widget
widget_recent-posts
theysaidso_admin_options
wp_oauth_activation_time
wo_options
db_upgraded
can_compress_scripts
widget_recent-comments

Browser metrics Passed 4 tests

Checking browser requirements for WP OAuth Server (OAuth Authentication)

Normal browser usage

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,816 ▲70	14.36 ▲0.00	1.72 ▲0.13	38.12 ▼1.37
Dashboard /wp-admin	2,222 ▲41	5.55 ▼0.12	84.16 ▼12.35	40.45 ▼2.01
Posts /wp-admin/edit.php	2,124 ▲24	1.95 ▼0.00	35.14 ▼1.56	35.17 ▼0.64
Add New Post /wp-admin/post-new.php	1,548 ▲22	23.53 ▲0.51	609.83 ▼72.32	57.61 ▲6.56
Media Library /wp-admin/upload.php	1,427 ▲27	4.20 ▼0.01	95.95 ▲1.25	39.33 ▼4.79
Edit Clients /wp-admin/admin.php?page=wo_edit_client	790	2.07	34.66	22.66
Clients /wp-admin/admin.php?page=wo_manage_clients	1,002	2.10	37.30	42.99
Settings /wp-admin/admin.php?page=wo_settings	1,198	2.31	33.11	65.54
Add Client /wp-admin/admin.php?page=wo_add_client	1,046	2.36	33.53	40.69
Status /wp-admin/admin.php?page=wo_server_status	986	1.74	24.35	26.30

Uninstaller [IO: ▲0.00MB] [DB: ▲0.01MB] 50% from 4 tests

🔸 Tests weight: 35 | All plugins must uninstall correctly, removing their source code and extra database tables they might have created

It is recommended to fix the following

Zombie tables detected upon uninstall: 6 tables
- wp_oauth_access_tokens
- wp_oauth_authorization_codes
- wp_oauth_refresh_tokens
- wp_oauth_public_keys
- wp_oauth_scopes
- wp_oauth_jwt
Zombie WordPress options detected upon uninstall: 10 options
- wp_oauth_activation_time
- wpoauth_version
- widget_recent-posts
- theysaidso_admin_options
- wo_options
- db_upgraded
- wp_oauth_server_db_version
- widget_theysaidso_widget
- widget_recent-comments
- can_compress_scripts

Smoke tests 25% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)

Even though no errors were found, this is by no means an exhaustive test

SRP 0% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle

Please fix the following

7× GET requests to PHP files return non-empty strings:
- > /wp-content/plugins/oauth2-provider/includes/functions.php
- > /wp-content/plugins/oauth2-provider/includes/admin/tabs/support.php
- > /wp-content/plugins/oauth2-provider/wp-oauth-server.php
- > /wp-content/plugins/oauth2-provider/library/class-wo-api.php
- > /wp-content/plugins/oauth2-provider/library/WPOAuth2/Server.php
- > /wp-content/plugins/oauth2-provider/wp-oauth-main.php
- > /wp-content/plugins/oauth2-provider/library/class-wo-table.php
59× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\Controller\\TokenControllerInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/Controller/TokenController.php:17
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_action() in wp-content/plugins/oauth2-provider/includes/actions.php:25
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\Controller\\ResourceControllerInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/Controller/ResourceController.php:15
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\ResponseType\\ResponseTypeInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/OpenID/ResponseType/TokenIdTokenInterface.php:7
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\TokenType\\TokenTypeInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/TokenType/Mac.php:11
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\Storage\\ClientInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/Storage/ClientCredentialsInterface.php:11
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_action() in wp-content/plugins/oauth2-provider/includes/ajax/class-wo-ajax.php:17
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_filter() in wp-content/plugins/oauth2-provider/includes/wo-personal-data-gpdr.php:16
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\ResponseType\\AuthorizationCodeInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/OpenID/ResponseType/AuthorizationCodeInterface.php:11
- > PHP Fatal error
  Uncaught Error: Interface 'WPOAuth2\\Storage\\AuthorizationCodeInterface' not found in wp-content/plugins/oauth2-provider/library/WPOAuth2/Storage/Memory.php:16

User-side errors 0% from 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)

Please take a look at the following user-side issues

- > GET request to /wp-admin/admin.php?page=wo_server_status
- > Console-api (warning) in unknown
/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,utils&ver=6.3.1 1:28609 "jQuery.Deferred exception: $(...).chosen is not a function" "TypeError: $(...).chosen is not a function\n at HTMLDocument.\u003Canonymous> (/wp-content/plugins/oauth2-provider/assets/js/admin.js?ver=6.3.1:31:36)\n at e (/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,utils&ver=6.3.1:2:26990)\n at t (/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,utils&ver=6.3.1:2:27292)" undefined
- > GET request to /wp-admin/admin.php?page=wo_server_status
- > Javascript (severe) in unknown
/wp-admin/load-scripts.php?c=0&load%5Bchunk_0%5D=jquery-core,jquery-migrate,utils&ver=6.3.1 1:28721 Uncaught TypeError: $(...).chosen is not a function

Optimizations

Plugin configuration 87% from 29 tests

readme.txt 88% from 16 tests

Perhaps the most important file in your plugin readme.txt gets parsed in order to generate the public listing of your plugin

Attributes that require attention:

Screenshots: Screenshot #1 (Adding a Client) image not found
Tags: Please delete some tags, you are using 12 tag instead of maximum 10

You can take inspiration from this readme.txt

oauth2-provider/wp-oauth-server.php 85% from 13 tests

The entry point to "WP OAuth Server (OAuth Authentication)" version 4.3.3 is a PHP file that has certain tags in its header comment area

Please make the necessary changes and fix the following:

Text Domain: You no longer need to specify the text domain since WordPress 4.6; it must be the same as the plugin slug
Main file name: Even though not officially enforced, the main plugin file should be the same as the plugin slug ("oauth2-provider.php" instead of "wp-oauth-server.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors

Everything looks great! No dangerous files found in this plugin9,262 lines of code in 104 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	96	2,110	3,288	7,906
CSS	2	101	164	694
JavaScript	4	79	36	533
PO File	1	40	43	128
HTML	1	0	0	1

PHP code Passed 2 tests

This is a short overview of cyclomatic complexity and code structure for this plugin

This plugin has no cyclomatic complexity issues

Cyclomatic complexity
Average complexity per logical line of code	0.35
Average class complexity	10.49
▷ Minimum class complexity	1.00
▷ Maximum class complexity	104.00
Average method complexity	2.46
▷ Minimum method complexity	1.00
▷ Maximum method complexity	29.00

Code structure
Namespaces	12
Interfaces	33
Traits	0
Classes	43
▷ Abstract classes	0	0.00%
▷ Concrete classes	43	100.00%
▷ Final classes	0	0.00%
Methods	559
▷ Static methods	7	1.25%
▷ Public methods	489	87.48%
▷ Protected methods	56	10.02%
▷ Private methods	14	2.50%
Functions	75
▷ Named functions	73	97.33%
▷ Anonymous functions	2	2.67%
Constants	19
▷ Global constants	8	42.11%
▷ Class constants	11	57.89%
▷ Public constants	11	100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin

3 PNG files occupy 0.11MB with 0.03MB in potential savings

Potential savings

Compression of 3 random PNG files using pngquant
File	Size - original	Size - compressed	Savings
assets/images/logo.png	3.77KB	3.68KB	▼ 2.18%
assets/images/openid-config-json.png	104.42KB	32.10KB	▼ 69.26%
assets/images/cer.png	4.67KB	4.60KB	▼ 1.51%

Code Review | WP OAuth Server (OAuth Authentication)

About plugin

Code review

User reviews

Install metrics