Benchmarks

Plugin footprint 65% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Checking the installer triggered no errors

The plugin installed gracefully, with no errors

Server metrics [RAM: ▲1.31MB] [CPU: ▲14.93ms] Passed 4 tests

This is a short check of server-side resources used by Web Application Firewall - website security

This plugin does not affect your website's performance

Page	Memory (MB)	CPU Time (ms)
Home /	4.90 ▲1.43	48.11 ▲8.40
Dashboard /wp-admin	4.65 ▲1.31	64.34 ▲8.84
Posts /wp-admin/edit.php	4.70 ▲1.34	69.72 ▲27.22
Add New Post /wp-admin/post-new.php	7.19 ▲1.30	109.48 ▲15.24
Media Library /wp-admin/upload.php	4.51 ▲1.28	63.21 ▲28.52
Upgrade /wp-admin/admin.php?page=mo_mmp_upgrade	4.54	72.44
Reports /wp-admin/admin.php?page=mo_mmp_reports	4.56	57.97
Backup /wp-admin/admin.php?page=mo_mmp_backup	4.57	74.66
Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan	4.68	58.46
Troubleshooting /wp-admin/admin.php?page=mo_mmp_troubleshooting	4.54	51.96
Firewall /wp-admin/admin.php?page=mo_mmp_waf	4.69	56.64
Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam	4.62	60.91
Notifications /wp-admin/admin.php?page=mo_mmp_notifications	4.61	63.45
Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking	4.58	57.12
Account /wp-admin/admin.php?page=mo_mmp_account	4.62	53.61

Server storage [IO: ▲1.60MB] [DB: ▲0.01MB] Passed 3 tests

A short overview of filesystem and database impact

This plugin was installed successfully

Filesystem: 145 new files

Database: 11 new tables, 33 new options

New tables
wp_wpns_malware_scan_report_details
wp_wpns_files_scan
wp_wpns_malware_skip_files
wp_wpns_ip_rate_details
wp_wpns_email_sent_audit
wp_wpns_transactions
wp_wpns_attack_logs
wp_wpns_blocked_ips
wp_wpns_malware_hash_file
wp_wpns_malware_scan_report
...

New WordPress options
RFIAttack
mo_mmp_scan_themes
mo_wpns_show_remaining_attempts
mo_wpns_enable_brute_force
mo_mmp_check_vulnerable_code
actionRateL
RCEAttack
mo_mmp_check_sql_injection
mo_mmp_switch_waf
Rate_request
...

Browser metrics Passed 4 tests

Checking browser requirements for Web Application Firewall - website security

There were no issues detected in relation to browser resource usage

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,986 ▲240	14.34 ▲0.11	1.69 ▲0.08	34.38 ▼6.23
Dashboard /wp-admin	2,374 ▲200	5.73 ▲0.19	85.52 ▼6.35	97.39 ▲57.79
Posts /wp-admin/edit.php	2,190 ▲90	2.10 ▲0.10	43.32 ▲6.19	38.27 ▲5.96
Add New Post /wp-admin/post-new.php	1,759 ▲231	24.43 ▲1.34	725.14 ▲64.01	52.70 ▼1.18
Media Library /wp-admin/upload.php	1,493 ▲93	4.19 ▼0.04	106.95 ▲12.44	80.43 ▲37.43
Upgrade /wp-admin/admin.php?page=mo_mmp_upgrade	1,119	2.24	28.08	37.34
Reports /wp-admin/admin.php?page=mo_mmp_reports	1,511	2.56	47.91	38.74
Backup /wp-admin/admin.php?page=mo_mmp_backup	1,191	2.26	42.49	41.59
Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan	1,803	2.47	50.59	42.78
Troubleshooting /wp-admin/admin.php?page=mo_mmp_troubleshooting	1,209	2.25	27.60	36.00
Firewall /wp-admin/admin.php?page=mo_mmp_waf	2,231	2.34	50.43	51.04
Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam	1,541	2.34	30.90	33.52
Notifications /wp-admin/admin.php?page=mo_mmp_notifications	2,080	8.91	170.09	67.77
Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking	2,209	2.39	31.20	43.22
Account /wp-admin/admin.php?page=mo_mmp_account	1,204	2.24	29.97	31.23

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 50% from 4 tests

🔸 Tests weight: 35 | All plugins must uninstall correctly, removing their source code and extra database tables they might have created

It is recommended to fix the following

The plugin did not uninstall successfully, leaving 1 table in the database
- wp_wpns_ip_rate_details
The uninstall procedure has failed, leaving 17 options in the database
- WAFEnabled
- XSSAttack
- Rate_request
- limitAttack
- mo_wpns_new_registration
- LFIAttack
- RFIAttack
- SQLInjection
- RCEAttack
- widget_recent-comments
- ...

Smoke tests 25% from 4 tests

Server-side errors 0% from 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)

Please fix the following server-side errors

- > GET request to /wp-admin/admin.php?page=mo_mmp_waf
- > Notice in wp-content/plugins/web-application-firewall/views/waf.php+414
Undefined index: Local File Inclusion Protection

SRP 0% from 2 tests

🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle

Please fix the following items

5× PHP files output text when accessed directly:
- > /wp-content/plugins/web-application-firewall/controllers/malware_scanner/scan_malware.php
- > /wp-content/plugins/web-application-firewall/views/login_spam.php
- > /wp-content/plugins/web-application-firewall/handler/mo-error.php
- > /wp-content/plugins/web-application-firewall/handler/mo-block.php
- > /wp-content/plugins/web-application-firewall/views/troubleshooting.php
126× GET requests to PHP files trigger server-side errors or Error 500 responses (only 10 are shown):
- > PHP Fatal error
  Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/web-application-firewall/views/registration-security.php:13
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_action() in wp-content/plugins/web-application-firewall/controllers/wpns-loginsecurity-ajax.php:6
- > PHP Fatal error
  require_once(): Failed opening required 'ABSPATHwp-admin/includes/upgrade.php' (include_path='.:/usr/share/php') in wp-content/plugins/web-application-firewall/database/database_functions.php on line 3
- > PHP Warning
  include_once(): Failed opening 'views/navbar.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/web-application-firewall/views/dashboard.php on line 3
- > PHP Fatal error
  Uncaught Error: Call to undefined function add_action() in wp-content/plugins/web-application-firewall/controllers/backup_ajax.php:6
- > PHP Warning
  include_once(controllers/content-protection.php): failed to open stream: No such file or directory in wp-content/plugins/web-application-firewall/views/login_spam.php on line 35
- > PHP Fatal error
  Uncaught Error: Call to undefined function wp_create_nonce() in wp-content/plugins/web-application-firewall/views/request_demo.php:6
- > PHP Notice
  Undefined variable: safe in wp-content/plugins/web-application-firewall/views/navbar.php on line 5
- > PHP Notice
  Undefined variable: mo_waf_premium_docfile in wp-content/plugins/web-application-firewall/views/advanced-blocking.php on line 12
- > PHP Fatal error
  Uncaught Error: Call to undefined function current_user_can() in wp-content/plugins/web-application-firewall/controllers/account.php:5

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)

No browser errors were detected

Optimizations

Plugin configuration 90% from 29 tests

readme.txt 88% from 16 tests

The readme.txt file is undoubtedly the most important file in your plugin, preparing it for public listing on WordPress.org

Attributes that need to be fixed:

Tags: There are too many tags (16 tag instead of maximum 10)
Screenshots: These screenshots do not have images: #1 (Web Application Firewall Dashboard), #2 (IP Blocking), #3 (Tracking), #4 (Email alert)

You can look at the official readme.txt

web-application-firewall/miniorange_firewall_settings.php 92% from 13 tests

The primary PHP file in "Web Application Firewall - website security" version 2.1.1 is used by WordPress to initiate all plugin functionality

Please take the time to fix the following:

Main file name: Name the main plugin file the same as the plugin slug ("web-application-firewall.php" instead of "miniorange_firewall_settings.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | An overview of files in this plugin; executable files are not allowed

Success! There were no dangerous files found in this plugin18,298 lines of code in 107 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	93	1,986	133	13,572
CSS	8	529	54	4,482
JavaScript	6	23	22	244

PHP code Passed 2 tests

A brief analysis of cyclomatic complexity and code structure for this plugin

No cyclomatic complexity issues were detected for this plugin

Cyclomatic complexity
Average complexity per logical line of code	0.32
Average class complexity	35.00
▷ Minimum class complexity	1.00
▷ Maximum class complexity	257.00
Average method complexity	4.14
▷ Minimum method complexity	1.00
▷ Maximum method complexity	45.00

Code structure
Namespaces	0
Interfaces	0
Traits	0
Classes	28
▷ Abstract classes	0	0.00%
▷ Concrete classes	28	100.00%
▷ Final classes	0	0.00%
Methods	303
▷ Static methods	22	7.26%
▷ Public methods	282	93.07%
▷ Protected methods	0	0.00%
▷ Private methods	21	6.93%
Functions	82
▷ Named functions	82	100.00%
▷ Anonymous functions	0	0.00%
Constants	128
▷ Global constants	3	2.34%
▷ Class constants	125	97.66%
▷ Public constants	125	100.00%

Plugin size 50% from 2 tests

Image compression 50% from 2 tests

PNG files should be compressed to save space and minimize bandwidth usage

35 PNG files occupy 0.55MB with 0.24MB in potential savings

Potential savings

Compression of 5 random PNG files using pngquant
File	Size - original	Size - compressed	Savings
includes/images/angry.png	20.40KB	9.65KB	▼ 52.68%
includes/images/normal.png	15.74KB	7.91KB	▼ 49.78%
includes/images/normal1.png	15.74KB	7.91KB	▼ 49.78%
includes/images/theme_my_login.png	2.13KB	2.17KB	0.00%
includes/images/ultimate_member.png	16.03KB	5.35KB	▼ 66.63%

Code Review | Web Application Firewall - website security

About plugin

Code review

User reviews

Install metrics