Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Checking the installer triggered no errors

The plugin installed successfully, without throwing any errors or notices

Server metrics [RAM: ▲0.08MB] [CPU: ▼7.16ms] Passed 4 tests

Server-side resources used by Two Factor Authentication

This plugin has minimal impact on server resources

Page	Memory (MB)	CPU Time (ms)
Home /	3.55 ▲0.09	38.39 ▼3.21
Dashboard /wp-admin	3.39 ▲0.08	45.12 ▼3.56
Posts /wp-admin/edit.php	3.50 ▲0.14	48.00 ▼1.26
Add New Post /wp-admin/post-new.php	5.97 ▲0.08	82.21 ▼20.61
Media Library /wp-admin/upload.php	3.31 ▲0.08	34.78 ▲4.03
Two Factor Authentication /wp-admin/options-general.php?page=two-factor-auth	3.38	34.31

Server storage [IO: ▲0.49MB] [DB: ▲0.07MB] Passed 3 tests

Filesystem and database footprint

The plugin installed successfully

Filesystem: 37 new files

Database: no new tables, 6 new options

New WordPress options
db_upgraded
widget_recent-posts
widget_recent-comments
theysaidso_admin_options
can_compress_scripts
widget_theysaidso_widget

Browser metrics Passed 4 tests

A check of browser resources used by Two Factor Authentication

This plugin renders optimally with no browser resource issues detected

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,815 ▲80	14.47 ▲0.20	1.59 ▼0.35	41.16 ▼2.42
Dashboard /wp-admin	2,224 ▲39	5.83 ▲0.97	101.30 ▲0.59	64.26 ▲17.33
Posts /wp-admin/edit.php	2,107 ▲18	1.98 ▼0.03	37.64 ▼2.86	34.51 ▼0.66
Add New Post /wp-admin/post-new.php	1,527 ▲10	23.15 ▲5.46	769.69 ▲167.31	50.42 ▲1.31
Media Library /wp-admin/upload.php	1,403 ▲15	4.23 ▼0.04	102.97 ▲7.16	46.24 ▲6.24
Two Factor Authentication /wp-admin/options-general.php?page=two-factor-auth	1,125	2.07	24.35	27.12

Uninstaller [IO: ▲0.00MB] [DB: ▲0.08MB] 75% from 4 tests

🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables

You still need to fix the following

This plugin did not uninstall successfully, leaving 6 options in the database
- theysaidso_admin_options
- db_upgraded
- widget_theysaidso_widget
- widget_recent-posts
- can_compress_scripts
- widget_recent-comments

Smoke tests 50% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A shallow check that no server-side errors were triggered

The smoke test was a success, however most plugin functionality was not tested

SRP 0% from 2 tests

🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly

Please fix the following

9× PHP files output non-empty strings when accessed directly via GET requests:
- > /wp-content/plugins/two-factor-authentication/simba-tfa/includes/tfa_frontend.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/example.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/templates/admin-settings.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/loader.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/includes/tfa-encryption-muplugin.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/templates/user-settings.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/templates/shortcode-tfa-user-settings.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/simba-tfa.php
- > /wp-content/plugins/two-factor-authentication/simba-tfa/includes/login-form-integrations.php
12× PHP files trigger server errors when accessed directly (only 10 are shown):
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Fatal error
  Uncaught Error: Call to undefined function current_user_can() in wp-content/plugins/two-factor-authentication/simba-tfa/templates/settings-intro-notices.php:4
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128
- > PHP Notice
  Undefined property: HOTPResult::$hex in wp-content/plugins/two-factor-authentication/simba-tfa/providers/totp/hotp-php-master/hotp.php on line 128

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues

No browser errors were detected

Optimizations

Plugin configuration 93% from 29 tests

readme.txt 94% from 16 tests

The readme.txt file is undoubtedly the most important file in your plugin, preparing it for public listing on WordPress.org

These attributes need to be fixed:

Screenshots: Screenshot #13 (Allowing users to have trusted devices (Premium version)) image not found

Please take inspiration from this readme.txt

two-factor-authentication/two-factor-login.php 92% from 13 tests

The entry point to "Two Factor Authentication" version 1.14.17 is a PHP file that has certain tags in its header comment area

The following require your attention:

Main file name: The principal plugin file should be the same as the plugin slug ("two-factor-authentication.php" instead of "two-factor-login.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are considered dangerous and should not be included with any WordPress plugin

Everything looks great! No dangerous files found in this plugin5,900 lines of code in 29 files:

Language	Files	Blank lines	Comment lines	Lines of code
JavaScript	8	677	403	2,455
PHP	15	828	1,104	2,408
PO File	3	468	586	980
Markdown	2	20	0	47
CSS	1	2	1	10

PHP code Passed 2 tests

This is a short overview of cyclomatic complexity and code structure for this plugin

No complexity issues detected

Cyclomatic complexity
Average complexity per logical line of code	0.48
Average class complexity	57.33
▷ Minimum class complexity	4.00
▷ Maximum class complexity	285.00
Average method complexity	4.21
▷ Minimum method complexity	1.00
▷ Maximum method complexity	41.00

Code structure
Namespaces	0
Interfaces	0
Traits	0
Classes	9
▷ Abstract classes	0	0.00%
▷ Concrete classes	9	100.00%
▷ Final classes	0	0.00%
Methods	158
▷ Static methods	7	4.43%
▷ Public methods	132	83.54%
▷ Protected methods	7	4.43%
▷ Private methods	19	12.03%
Functions	2
▷ Named functions	1	50.00%
▷ Anonymous functions	1	50.00%
Constants	4
▷ Global constants	3	75.00%
▷ Class constants	1	25.00%
▷ Public constants	1	100.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Using a strong compression for your PNG files is a great way to speed-up your plugin

2 PNG files occupy 0.01MB with 0.01MB in potential savings

Potential savings

Compression of 2 random PNG files using pngquant
File	Size - original	Size - compressed	Savings
simba-tfa/includes/tfa_admin_icon_32x32.png	6.75KB	1.70KB	▼ 74.79%
simba-tfa/includes/tfa_admin_icon_16x16.png	3.74KB	0.98KB	▼ 73.75%

Code Review | Two Factor Authentication

About plugin

Code review

User reviews

Install metrics