84% stop-xml-rpc-attacks

Code Review | stop XML-RPC Attacks

WordPress plugin stop XML-RPC Attacks scored84%from 54 tests.

About plugin

  • Plugin page: stop-xml-rpc-attacks
  • Plugin version: 1.0.1
  • PHP compatiblity: 7.2+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.0-6.3
  • WordPress version: 6.3.1
  • First release: Apr 26, 2019
  • Latest release: Aug 9, 2023
  • Number of updates: 18
  • Update frequency: every 87.0 days
  • Top authors: pcescato (100%)

Code review

54 tests

User reviews

4 reviews

Install metrics

6,000+ active /15,462 total downloads

Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | The install procedure must perform silently
This plugin's installer ran successfully

Server metrics [RAM: ▼0.00MB] [CPU: ▼9.61ms] Passed 4 tests

This is a short check of server-side resources used by stop XML-RPC Attacks
Server-side resource usage in normal parameters
PageMemory (MB)CPU Time (ms)
Home /3.47 ▲0.0135.86 ▼6.20
Dashboard /wp-admin3.32 ▼0.0346.42 ▼18.90
Posts /wp-admin/edit.php3.37 ▲0.0145.23 ▼4.88
Add New Post /wp-admin/post-new.php5.90 ▲0.0194.69 ▼8.45
Media Library /wp-admin/upload.php3.24 ▲0.0134.05 ▼0.15

Server storage [IO: ▲0.04MB] [DB: ▲0.00MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
The plugin installed successfully
Filesystem: 3 new files
Database: no new tables, 6 new options
New WordPress options
can_compress_scripts
theysaidso_admin_options
widget_recent-posts
widget_recent-comments
widget_theysaidso_widget
db_upgraded

Browser metrics Passed 4 tests

Checking browser requirements for stop XML-RPC Attacks
Normal browser usage
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,800 ▲5413.24 ▼1.401.68 ▼0.2339.62 ▼4.21
Dashboard /wp-admin2,203 ▲125.79 ▲0.9492.12 ▼10.1439.39 ▲0.42
Posts /wp-admin/edit.php2,086 ▼02.00 ▲0.0136.16 ▲0.8634.03 ▲5.10
Add New Post /wp-admin/post-new.php1,517 ▼1117.70 ▼0.77640.01 ▲37.4854.55 ▲4.07
Media Library /wp-admin/upload.php1,388 ▼34.27 ▲0.0996.22 ▼4.0639.83 ▼3.19

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | Checking the uninstaller removed all traces of the plugin
It is recommended to fix the following
  • This plugin does not fully uninstall, leaving 6 options in the database
    • widget_recent-posts
    • db_upgraded
    • widget_recent-comments
    • theysaidso_admin_options
    • widget_theysaidso_widget
    • can_compress_scripts

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | This is a shallow check for server-side errors
The smoke test was a success, however most plugin functionality was not tested

SRP 50% from 2 tests

🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please take a closer look at the following
  • 1× PHP files trigger server-side errors or warnings when accessed directly:
    • > PHP Fatal error
      Uncaught Error: Call to undefined function add_filter() in wp-content/plugins/stop-xml-rpc-attacks/stop-xml-rpc-attacks.php:26

User-side errors Passed 1 test

🔹 Test weight: 20 | A shallow check that no browser errors were triggered
Everything seems fine, but this is not an exhaustive test

Optimizations

Plugin configuration Passed 29 tests

readme.txt Passed 16 tests

You should put a lot of thought into formatting readme.txt as it is used by WordPress.org to prepare the public listing of your plugin
4 plugin tags: xml-rpc, multicall, pingback, ddos

stop-xml-rpc-attacks/stop-xml-rpc-attacks.php Passed 13 tests

The principal PHP file in "stop XML-RPC Attacks" v. 1.0.1 is loaded by WordPress automatically on each request
85 characters long description:
Secure your site's XML-RPC by removing some methods, while you can still use XML-RPC.

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors
Good job! No executable or dangerous file extensions detected12 lines of code in 1 file:
LanguageFilesBlank linesComment linesLines of code
PHP161912

PHP code Passed 2 tests

Analyzing logical lines of code, cyclomatic complexity, and other code metrics
This plugin has no cyclomatic complexity problems
Cyclomatic complexity
Average complexity per logical line of code0.00
Average class complexity0.00
▷ Minimum class complexity0.00
▷ Maximum class complexity0.00
Average method complexity0.00
▷ Minimum method complexity0.00
▷ Maximum method complexity0.00
Code structure
Namespaces0
Interfaces0
Traits0
Classes0
▷ Abstract classes00.00%
▷ Concrete classes00.00%
▷ Final classes00.00%
Methods0
▷ Static methods00.00%
▷ Public methods00.00%
▷ Protected methods00.00%
▷ Private methods00.00%
Functions2
▷ Named functions00.00%
▷ Anonymous functions2100.00%
Constants0
▷ Global constants00.00%
▷ Class constants00.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin
There are no PNG files in this plugin