Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | The install procedure must perform silently

This plugin's installer ran successfully

Server metrics [RAM: ▲0.02MB] [CPU: ▼10.63ms] Passed 4 tests

Analyzing server-side resources used by Strict Security Headers

No issues were detected with server-side resource usage

Page	Memory (MB)	CPU Time (ms)
Home /	3.50 ▲0.04	37.09 ▼24.03
Dashboard /wp-admin	3.32 ▲0.02	44.91 ▼6.58
Posts /wp-admin/edit.php	3.43 ▲0.08	48.75 ▼2.96
Add New Post /wp-admin/post-new.php	5.90 ▲0.02	85.37 ▼8.93
Media Library /wp-admin/upload.php	3.24 ▲0.02	32.49 ▼2.12

Server storage [IO: ▲0.06MB] [DB: ▲0.00MB] Passed 3 tests

Input-output and database impact of this plugin

The plugin installed successfully

Filesystem: 22 new files

Database: no new tables, 6 new options

New WordPress options
db_upgraded
widget_recent-posts
can_compress_scripts
widget_recent-comments
widget_theysaidso_widget
theysaidso_admin_options

Browser metrics Passed 4 tests

An overview of browser requirements for Strict Security Headers

There were no issues detected in relation to browser resource usage

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,781 ▲35	14.46 ▼0.22	1.22 ▼1.18	12.62 ▼32.82
Dashboard /wp-admin	2,209 ▲21	5.93 ▲1.04	94.85 ▼18.50	37.62 ▼6.86
Posts /wp-admin/edit.php	1,906 ▼183	0.74 ▼1.30	2.79 ▼30.91	11.10 ▼25.80
Add New Post /wp-admin/post-new.php	1,514 ▼5	17.46 ▼5.77	679.77 ▲74.40	71.60 ▲17.04
Media Library /wp-admin/upload.php	1,391 ▲6	4.21 ▲0.06	95.23 ▼0.09	46.64 ▲3.05

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces

You still need to fix the following

This plugin did not uninstall successfully, leaving 6 options in the database
- widget_recent-comments
- can_compress_scripts
- widget_theysaidso_widget
- db_upgraded
- widget_recent-posts
- theysaidso_admin_options

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors

Everything seems fine, however this is by no means an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly

Please fix the following

7× GET requests to PHP files trigger server-side errors or Error 500 responses:
- > PHP Fatal error
  Uncaught Error: Interface 'DualFocus\\StrictSecurityHeaders\\HeaderInterface' not found in wp-content/plugins/strict-security-headers/lib/Header.php:14
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/ReferrerPolicy.php:16
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/XContentTypeOptions.php:16
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/PermissionsPolicy.php:16
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/XFrameOptions.php:16
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/ContentSecurityPolicy.php:16
- > PHP Fatal error
  Uncaught Error: Class 'DualFocus\\StrictSecurityHeaders\\Header' not found in wp-content/plugins/strict-security-headers/lib/StrictTransportSecurity.php:16

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a shallow check for browser errors

Everything seems fine on the user side

Optimizations

Plugin configuration Passed 29 tests

readme.txt Passed 16 tests

Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world

4 plugin tags: security headers, http headers, security, headers

strict-security-headers/strict-security-headers.php Passed 13 tests

The main PHP file in "Strict Security Headers" ver. 0.1.0 adds more information about the plugin and also serves as the entry point for this plugin

57 characters long description:

Enables enforcement of strict security headers on a site.

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | There should be no dangerous file extensions present in any WordPress plugin

Everything looks great! No dangerous files found in this plugin718 lines of code in 19 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	18	183	650	713
JSON	1	0	0	5

PHP code Passed 2 tests

This is a short overview of cyclomatic complexity and code structure for this plugin

This plugin has no cyclomatic complexity problems

Cyclomatic complexity
Average complexity per logical line of code	0.46
Average class complexity	8.38
▷ Minimum class complexity	1.00
▷ Maximum class complexity	48.00
Average method complexity	2.86
▷ Minimum method complexity	1.00
▷ Maximum method complexity	18.00

Code structure
Namespaces	3
Interfaces	1
Traits	0
Classes	12
▷ Abstract classes	1	8.33%
▷ Concrete classes	11	91.67%
▷ Final classes	1	9.09%
Methods	55
▷ Static methods	25	45.45%
▷ Public methods	49	89.09%
▷ Protected methods	3	5.45%
▷ Private methods	3	5.45%
Functions	2
▷ Named functions	0	0.00%
▷ Anonymous functions	2	100.00%
Constants	1
▷ Global constants	0	0.00%
▷ Class constants	1	100.00%
▷ Public constants	1	100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

It is recommended to compress PNG files in your plugin to minimize bandwidth usage

PNG images were not found in this plugin

Code Review | Strict Security Headers

About plugin

Code review

User reviews

Install metrics