74% two-factor-provider-webauthn

Code Review | WebAuthn Provider for Two Factor

WordPress plugin WebAuthn Provider for Two Factor scored 74% from 54 tests.

About plugin

  • Plugin page: two-factor-provid...
  • Plugin version: 2.1.0
  • PHP compatiblity: 7.4+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.5-6.2.0
  • WordPress version: 6.3.1
  • First release: Jan 28, 2022
  • Latest release: May 9, 2023
  • Number of updates: 19
  • Update frequency: every 24.5 days
  • Top authors: volodymyrkolesnykov (100%)

Code review

54 tests

User reviews

6 reviews

Install metrics

600+ active / 11,072 total downloads


Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
This plugin's installer ran successfully

Server metrics [RAM: ▼0.05MB] [CPU: ▼11.23ms] Passed 4 tests

An overview of server-side resources used by WebAuthn Provider for Two Factor
This plugin has minimal impact on server resources
PageMemory (MB)CPU Time (ms)
Home /3.52 ▲0.0238.88 ▼14.57
Dashboard /wp-admin3.38 ▲0.0751.32 ▲5.43
Posts /wp-admin/edit.php3.49 ▼0.3548.19 ▼12.55
Add New Post /wp-admin/post-new.php5.96 ▲0.0794.75 ▼20.53
Media Library /wp-admin/upload.php3.30 ▲0.0737.04 ▲2.74
TwoFactor WebAuthn /wp-admin/options-general.php?page=2fa-webauthn3.3032.59

Server storage [IO: ▲3.04MB] [DB: ▲0.08MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin
No storage issues were detected
Filesystem: 887 new files
Database: 2 new tables, 6 new options
New tables
New WordPress options

Browser metrics Passed 4 tests

Checking browser requirements for WebAuthn Provider for Two Factor
Normal browser usage
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,804 ▲7213.22 ▼0.801.69 ▲0.0243.08 ▲1.74
Dashboard /wp-admin2,207 ▲224.87 ▼1.01105.43 ▲2.9841.71 ▼0.78
Posts /wp-admin/edit.php2,093 ▲12.01 ▲0.0037.56 ▼2.4732.75 ▲3.47
Add New Post /wp-admin/post-new.php1,544 ▲2522.93 ▲0.82661.27 ▲3.8555.17 ▼1.11
Media Library /wp-admin/upload.php1,386 ▼54.19 ▲0.0298.24 ▼0.4041.04 ▼2.35
TwoFactor WebAuthn /wp-admin/options-general.php?page=2fa-webauthn9092.0327.9632.38

Uninstaller [IO: ▲0.00MB] [DB: ▲0.07MB] 75% from 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces
Please fix the following items
  • Zombie WordPress options detected upon uninstall: 6 options
    • can_compress_scripts
    • db_upgraded
    • theysaidso_admin_options
    • widget_theysaidso_widget
    • widget_recent-comments
    • widget_recent-posts

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors
Even though no errors were found, this is by no means an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please fix the following items
  • 452× PHP files trigger errors when accessed directly with GET requests (only 10 are shown):
    • > PHP Fatal error
      Uncaught Error: Interface 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Crypto\\CoseKeyInterface' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Crypto/CoseKey.php:12
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\Asymmetric\\PrivateKey' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/Asymmetric/EC/ECPrivateKey.php:25
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\AlgorithmIdentifier\\Signature\\RFC3279RSASignatureAlgorithmIdentifier' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/AlgorithmIdentifier/Signature/SHA1WithRSAEncryptionAlgorithmIdentifier.php:12
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\Asymmetric\\PublicKey' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/Asymmetric/RSA/RSAPublicKey.php:22
    • > PHP Fatal error
      Uncaught Error: Interface 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Metadata\\MetadataResolverInterface' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Metadata/NullMetadataResolver.php:8
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\X501\\ASN1\\AttributeValue\\AttributeValue' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/x509/lib/X509/CertificationRequest/Attribute/ExtensionRequestValue.php:19
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Dom\\AbstractDictionary' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Dom/AuthenticationExtensionsClientInputs.php:9
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Server\\AbstractContext' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Server/Authentication/AuthenticationContext.php:12
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\ASN1\\Type\\Primitive\\Integer' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/asn1/lib/ASN1/Type/Primitive/Enumerated.php:10
    • > PHP Fatal error
      Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\X501\\ASN1\\Collection\\AttributeCollection' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/x501/lib/X501/ASN1/Collection/SetOfAttributes.php:18

User-side errors Passed 1 test

🔹 Test weight: 20 | This is just a short smoke test looking for browser issues
No browser errors were detected


Plugin configuration 96% from 29 tests

readme.txt Passed 16 tests

Perhaps the most important file in your plugin readme.txt gets parsed in order to generate the public listing of your plugin
6 plugin tags: security, two factor, webauthn, authentication, login...

two-factor-provider-webauthn/index.php 92% from 13 tests

The primary PHP file in "WebAuthn Provider for Two Factor" version 2.1.0 is used by WordPress to initiate all plugin functionality
It is important to fix the following:
  • Main file name: The principal plugin file should be the same as the plugin slug ("two-factor-provider-webauthn.php" instead of "index.php")

Code Analysis 5% from 3 tests

File types 0% from 1 test

🔸 Test weight: 35 | An overview of files in this plugin; executable files are not allowed
These items require your attention
  • Even if your plugin relies on executable files (for example a companion app), never distribute executable files with your plugin
    • .crt - Security Certificate in Firefox, IE, Chrome, Safari
      • wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/data/apple/apple-webauthn-root.crt
53,458 lines of code in 838 files:
LanguageFilesBlank linesComment linesLines of code

PHP code Passed 2 tests

Cyclomatic complexity and code structure are the fingerprint of this plugin
All good! No complexity issues found
Cyclomatic complexity
Average complexity per logical line of code0.37
Average class complexity7.78
▷ Minimum class complexity1.00
▷ Maximum class complexity184.00
Average method complexity2.24
▷ Minimum method complexity1.00
▷ Maximum method complexity54.00
Code structure
▷ Abstract classes589.46%
▷ Concrete classes55590.54%
▷ Final classes15928.65%
▷ Static methods61215.53%
▷ Public methods3,25182.49%
▷ Protected methods3057.74%
▷ Private methods3859.77%
▷ Named functions4313.83%
▷ Anonymous functions26886.17%
▷ Global constants10.15%
▷ Class constants68699.85%
▷ Public constants61189.07%

Plugin size Passed 2 tests

Image compression Passed 2 tests

It is recommended to compress PNG files in your plugin to minimize bandwidth usage
There were not PNG files found in your plugin