Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices

This plugin's installer ran successfully

Server metrics [RAM: ▼0.05MB] [CPU: ▼11.23ms] Passed 4 tests

An overview of server-side resources used by WebAuthn Provider for Two Factor

This plugin has minimal impact on server resources

Page	Memory (MB)	CPU Time (ms)
Home /	3.52 ▲0.02	38.88 ▼14.57
Dashboard /wp-admin	3.38 ▲0.07	51.32 ▲5.43
Posts /wp-admin/edit.php	3.49 ▼0.35	48.19 ▼12.55
Add New Post /wp-admin/post-new.php	5.96 ▲0.07	94.75 ▼20.53
Media Library /wp-admin/upload.php	3.30 ▲0.07	37.04 ▲2.74
TwoFactor WebAuthn /wp-admin/options-general.php?page=2fa-webauthn	3.30	32.59

Server storage [IO: ▲3.04MB] [DB: ▲0.08MB] Passed 3 tests

Analyzing filesystem and database footprints of this plugin

No storage issues were detected

Filesystem: 887 new files

Database: 2 new tables, 6 new options

New tables
wp_2fa_webauthn_credentials
wp_2fa_webauthn_users

New WordPress options
widget_recent-comments
db_upgraded
widget_recent-posts
theysaidso_admin_options
widget_theysaidso_widget
can_compress_scripts

Browser metrics Passed 4 tests

Checking browser requirements for WebAuthn Provider for Two Factor

Normal browser usage

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,804 ▲72	13.22 ▼0.80	1.69 ▲0.02	43.08 ▲1.74
Dashboard /wp-admin	2,207 ▲22	4.87 ▼1.01	105.43 ▲2.98	41.71 ▼0.78
Posts /wp-admin/edit.php	2,093 ▲1	2.01 ▲0.00	37.56 ▼2.47	32.75 ▲3.47
Add New Post /wp-admin/post-new.php	1,544 ▲25	22.93 ▲0.82	661.27 ▲3.85	55.17 ▼1.11
Media Library /wp-admin/upload.php	1,386 ▼5	4.19 ▲0.02	98.24 ▼0.40	41.04 ▼2.35
TwoFactor WebAuthn /wp-admin/options-general.php?page=2fa-webauthn	909	2.03	27.96	32.38

Uninstaller [IO: ▲0.00MB] [DB: ▲0.07MB] 75% from 4 tests

🔸 Tests weight: 35 | It is important to correctly uninstall your plugin, without leaving any traces

Please fix the following items

Zombie WordPress options detected upon uninstall: 6 options
- can_compress_scripts
- db_upgraded
- theysaidso_admin_options
- widget_theysaidso_widget
- widget_recent-comments
- widget_recent-posts

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors

Even though no errors were found, this is by no means an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser

Please fix the following items

452× PHP files trigger errors when accessed directly with GET requests (only 10 are shown):
- > PHP Fatal error
  Uncaught Error: Interface 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Crypto\\CoseKeyInterface' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Crypto/CoseKey.php:12
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\Asymmetric\\PrivateKey' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/Asymmetric/EC/ECPrivateKey.php:25
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\AlgorithmIdentifier\\Signature\\RFC3279RSASignatureAlgorithmIdentifier' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/AlgorithmIdentifier/Signature/SHA1WithRSAEncryptionAlgorithmIdentifier.php:12
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\CryptoTypes\\Asymmetric\\PublicKey' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/crypto-types/lib/CryptoTypes/Asymmetric/RSA/RSAPublicKey.php:22
- > PHP Fatal error
  Uncaught Error: Interface 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Metadata\\MetadataResolverInterface' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Metadata/NullMetadataResolver.php:8
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\X501\\ASN1\\AttributeValue\\AttributeValue' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/x509/lib/X509/CertificationRequest/Attribute/ExtensionRequestValue.php:19
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Dom\\AbstractDictionary' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Dom/AuthenticationExtensionsClientInputs.php:9
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\MadWizard\\WebAuthn\\Server\\AbstractContext' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/src/Server/Authentication/AuthenticationContext.php:12
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\ASN1\\Type\\Primitive\\Integer' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/asn1/lib/ASN1/Type/Primitive/Enumerated.php:10
- > PHP Fatal error
  Uncaught Error: Class 'WildWolf\\WordPress\\TwoFactorWebAuthn\\Vendor\\Sop\\X501\\ASN1\\Collection\\AttributeCollection' not found in wp-content/plugins/two-factor-provider-webauthn/vendor/sop/x501/lib/X501/ASN1/Collection/SetOfAttributes.php:18

User-side errors Passed 1 test

🔹 Test weight: 20 | This is just a short smoke test looking for browser issues

No browser errors were detected

Optimizations

Plugin configuration 96% from 29 tests

readme.txt Passed 16 tests

Perhaps the most important file in your plugin readme.txt gets parsed in order to generate the public listing of your plugin

6 plugin tags: security, two factor, webauthn, authentication, login...

two-factor-provider-webauthn/index.php 92% from 13 tests

The primary PHP file in "WebAuthn Provider for Two Factor" version 2.1.0 is used by WordPress to initiate all plugin functionality

It is important to fix the following:

Main file name: The principal plugin file should be the same as the plugin slug ("two-factor-provider-webauthn.php" instead of "index.php")

Code Analysis 5% from 3 tests

File types 0% from 1 test

🔸 Test weight: 35 | An overview of files in this plugin; executable files are not allowed

These items require your attention

Even if your plugin relies on executable files (for example a companion app), never distribute executable files with your plugin
- .crt - Security Certificate in Firefox, IE, Chrome, Safari
  - ☣ wp-content/plugins/two-factor-provider-webauthn/vendor/madwizard/webauthn/data/apple/apple-webauthn-root.crt

53,458 lines of code in 838 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	765	9,471	24,500	45,510
Markdown	39	1,681	0	4,668
JSON	31	0	0	3,258
YAML	1	1	0	20
JavaScript	2	0	0	2

PHP code Passed 2 tests

Cyclomatic complexity and code structure are the fingerprint of this plugin

All good! No complexity issues found

Cyclomatic complexity
Average complexity per logical line of code	0.37
Average class complexity	7.78
▷ Minimum class complexity	1.00
▷ Maximum class complexity	184.00
Average method complexity	2.24
▷ Minimum method complexity	1.00
▷ Maximum method complexity	54.00

Code structure
Namespaces	128
Interfaces	114
Traits	21
Classes	613
▷ Abstract classes	58	9.46%
▷ Concrete classes	555	90.54%
▷ Final classes	159	28.65%
Methods	3,941
▷ Static methods	612	15.53%
▷ Public methods	3,251	82.49%
▷ Protected methods	305	7.74%
▷ Private methods	385	9.77%
Functions	311
▷ Named functions	43	13.83%
▷ Anonymous functions	268	86.17%
Constants	687
▷ Global constants	1	0.15%
▷ Class constants	686	99.85%
▷ Public constants	611	89.07%

Plugin size Passed 2 tests

Image compression Passed 2 tests

It is recommended to compress PNG files in your plugin to minimize bandwidth usage

There were not PNG files found in your plugin

Code Review | WebAuthn Provider for Two Factor

About plugin

Code review

User reviews

Install metrics