Benchmarks

Plugin footprint Passed 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices

Installer ran successfully

Server metrics [RAM: ▼0.00MB] [CPU: ▼141.87ms] Passed 4 tests

This is a short check of server-side resources used by Two Factor Auth

Normal server usage

Page	Memory (MB)	CPU Time (ms)
Home /	2.83 ▲0.12	40.68 ▲14.60
Dashboard /wp-admin	3.06 ▲0.00	55.90 ▼0.61
Posts /wp-admin/edit.php	3.11 ▲0.00	55.22 ▲1.78
Add New Post /wp-admin/post-new.php	5.42 ▼0.02	102.22 ▼570.20
Media Library /wp-admin/upload.php	3.00 ▲0.00	39.75 ▲1.55

Server storage [IO: ▲0.48MB] [DB: ▲0.00MB] Passed 3 tests

A short overview of filesystem and database impact

There were no storage issued detected upon installing this plugin

Filesystem: 28 new files

Database: no new tables, no new options

Browser metrics Passed 4 tests

Two Factor Auth: an overview of browser usage

There were no issues detected in relation to browser resource usage

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	3,679 ▲97	16.13 ▲0.87	9.33 ▼0.48	49.30 ▼4.92
Dashboard /wp-admin	2,967 ▲36	5.96 ▼0.06	172.52 ▼0.88	113.12 ▲4.36
Posts /wp-admin/edit.php	2,739 ▼0	2.71 ▼0.00	71.25 ▼12.36	101.16 ▲5.37
Add New Post /wp-admin/post-new.php	1,683 ▲68	18.66 ▼2.66	447.69 ▲105.27	125.59 ▲16.79
Media Library /wp-admin/upload.php	1,807 ▼3	5.01 ▼0.01	179.81 ▲6.19	128.61 ▲8.88

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] Passed 4 tests

🔸 Tests weight: 35 | Checking the uninstaller removed all traces of the plugin

Uninstall script ran successfully

Smoke tests 50% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | This is a shallow check for server-side errors

Even though no errors were found, this is by no means an exhaustive test

SRP 0% from 2 tests

🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly

Please fix the following items

1× PHP files output non-empty strings when accessed directly via GET requests:
- > /wp-content/plugins/two-factor-auth/hotp-php-master/example.php
14× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_action() in wp-content/plugins/two-factor-auth/two-factor-login.php:36
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128
- > PHP Fatal error
  Uncaught Error: Call to undefined function is_admin() in wp-content/plugins/two-factor-auth/admin_settings.php:3
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128
- > PHP Fatal error
  Uncaught Error: Call to undefined function delete_option() in wp-content/plugins/two-factor-auth/uninstall.php:3
- > PHP Fatal error
  Uncaught Error: Call to undefined function plugin_dir_url() in wp-content/plugins/two-factor-auth/user_settings.php:21
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-auth/hotp-php-master/hotp.php on line 128

User-side errors Passed 1 test

🔹 Test weight: 20 | A shallow check that no browser errors were triggered

No browser issues were found

Optimizations

Plugin configuration 96% from 29 tests

readme.txt Passed 16 tests

Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world

9 plugin tags: login, security, auth, security plugin, two factor auth...

two-factor-auth/two-factor-login.php 92% from 13 tests

Analyzing the main PHP file in "Two Factor Auth" version 4.4

Please make the necessary changes and fix the following:

Main file name: It is recommended to name the main PHP file as the plugin slug ("two-factor-auth.php" instead of "two-factor-login.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are considered dangerous and should not be included with any WordPress plugin

No dangerous file extensions were detected2,254 lines of code in 17 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	9	309	184	1,264
PO File	5	344	704	864
Markdown	2	41	0	77
JavaScript	1	9	2	49

PHP code Passed 2 tests

A short review of cyclomatic complexity and code structure

No cyclomatic complexity issues were detected for this plugin

Cyclomatic complexity
Average complexity per logical line of code	0.30
Average class complexity	21.50
▷ Minimum class complexity	4.00
▷ Maximum class complexity	62.00
Average method complexity	3.34
▷ Minimum method complexity	1.00
▷ Maximum method complexity	18.00

Code structure
Namespaces	0
Interfaces	0
Traits	0
Classes	4
▷ Abstract classes	0	0.00%
▷ Concrete classes	4	100.00%
▷ Final classes	0	0.00%
Methods	35
▷ Static methods	7	20.00%
▷ Public methods	27	77.14%
▷ Protected methods	0	0.00%
▷ Private methods	8	22.86%
Functions	21
▷ Named functions	21	100.00%
▷ Anonymous functions	0	0.00%
Constants	2
▷ Global constants	2	100.00%
▷ Class constants	0	0.00%
▷ Public constants	0	0.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin

3 PNG files occupy 0.29MB with 0.20MB in potential savings

Potential savings

Compression of 3 random PNG files using pngquant
File	Size - original	Size - compressed	Savings
img/tfa_admin_icon_32x32.png	6.75KB	1.70KB	▼ 74.79%
img/tfa_header.png	290.17KB	118.72KB	▼ 59.09%
img/tfa_admin_icon_16x16.png	3.74KB	0.98KB	▼ 73.75%

Code Review | Two Factor Auth

About plugin

Code review

User reviews

Install metrics