Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | Checking the installer triggered no errors
Installer ran successfully
Server metrics [RAM: ▲0.05MB] [CPU: ▲0.19ms] Passed 4 tests
Server-side resources used by Website Security Check
This plugin has minimal impact on server resources
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 3.49 ▲0.03 | 33.90 ▼3.91 |
| Dashboard /wp-admin | 3.41 ▲0.11 | 46.84 ▲2.12 |
| Posts /wp-admin/edit.php | 3.46 ▲0.10 | 48.75 ▲0.89 |
| Add New Post /wp-admin/post-new.php | 5.93 ▲0.04 | 107.95 ▲3.44 |
| Media Library /wp-admin/upload.php | 3.27 ▲0.04 | 35.52 ▲1.65 |
Server storage [IO: ▲1.76MB] [DB: ▲0.00MB] Passed 3 tests
How much does this plugin use your filesystem and database?
This plugin installed successfully
Filesystem: 64 new files
Database: no new tables, 8 new options
| New WordPress options |
|---|
| widget_recent-posts |
| theysaidso_admin_options |
| widget_theysaidso_widget |
| db_upgraded |
| wsc_securitycheck |
| wsc_securitycheck_time |
| can_compress_scripts |
| widget_recent-comments |
Browser metrics Passed 4 tests
A check of browser resources used by Website Security Check
This plugin renders optimally with no browser resource issues detected
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,891 ▲156 | 13.74 ▼0.46 | 1.56 ▼0.71 | 29.01 ▼16.55 |
| Dashboard /wp-admin | 2,297 ▲106 | 4.95 ▲0.07 | 113.52 ▲15.28 | 73.77 ▲30.89 |
| Posts /wp-admin/edit.php | 2,132 ▲40 | 2.02 ▲0.01 | 41.94 ▲1.35 | 35.40 ▼2.99 |
| Add New Post /wp-admin/post-new.php | 1,548 ▲6 | 18.27 ▲0.06 | 682.15 ▲79.68 | 57.62 ▲4.60 |
| Media Library /wp-admin/upload.php | 1,418 ▲30 | 4.12 ▼0.07 | 110.70 ▲11.38 | 45.68 ▼0.90 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 50% from 4 tests
🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
The following items require your attention
- Uninstall procedure validation failed for this plugin
- > Notice in wp-content/plugins/website-security-check/config/config.php+30
Constant WSC_OPTION already defined
- The uninstall procedure has failed, leaving 8 options in the database
- widget_recent-comments
- wsc_securitycheck_time
- widget_recent-posts
- wsc_securitycheck
- can_compress_scripts
- theysaidso_admin_options
- widget_theysaidso_widget
- db_upgraded
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | A smoke test targeting server-side errors
Even though no errors were found, this is by no means an exhaustive test
SRP 0% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle applies for WordPress plugins as well - please make sure your PHP files perform no actions when accessed directly
Please fix the following
- 19× PHP files perform the task of outputting text when accessed with GET requests (only 10 are shown):
- > /wp-content/plugins/website-security-check/index.php
- > /wp-content/plugins/website-security-check/classes/DisplayController.php
- > /wp-content/plugins/website-security-check/models/Settings.php
- > /wp-content/plugins/website-security-check/controllers/SecurityCheck.php
- > /wp-content/plugins/website-security-check/config/paths.php
- > /wp-content/plugins/website-security-check/controllers/Menu.php
- > /wp-content/plugins/website-security-check/classes/Error.php
- > /wp-content/plugins/website-security-check/models/Security.php
- > /wp-content/plugins/website-security-check/controllers/Settings.php
- > /wp-content/plugins/website-security-check/debug/index.php
- 5× PHP files trigger server-side errors or warnings when accessed directly:
- > PHP Fatal error
Uncaught Error: Call to undefined function _e() in wp-content/plugins/website-security-check/view/SecurityCheck.php:5
- > PHP Fatal error
Uncaught Error: Class 'WSC_Classes_Tools' not found in wp-content/plugins/website-security-check/view/Dashboard.php:4
- > PHP Notice
Undefined variable: message in wp-content/plugins/website-security-check/view/Notices.php on line 1
- > PHP Fatal error
Uncaught Error: Call to undefined function do_action() in wp-content/plugins/website-security-check/view/Connect.php:3
- > PHP Notice
Undefined variable: type in wp-content/plugins/website-security-check/view/Notices.php on line 1
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
There were no browser issues found
Optimizations
Plugin configuration 93% from 29 tests
readme.txt Passed 16 tests
It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
4 plugin tags: wordpress security check, security, security check, website security check
website-security-check/index.php 85% from 13 tests
The principal PHP file in "Website Security Check" v. 1.2.00 is loaded by WordPress automatically on each request
Please make the necessary changes and fix the following:
- Text Domain: The text domain must be the same as the plugin slug, although optional since WordPress version 4.6
- Main file name: It is recommended to name the main PHP file as the plugin slug ("website-security-check.php" instead of "index.php")
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | Executable files are not allowed as they can serve as attack vectors
Everything looks great! No dangerous files found in this plugin9,046 lines of code in 38 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 23 | 546 | 818 | 2,714 |
| SVG | 2 | 0 | 0 | 2,710 |
| CSS | 7 | 41 | 9 | 2,044 |
| PO File | 2 | 346 | 396 | 1,312 |
| JavaScript | 3 | 17 | 6 | 229 |
| JSON | 1 | 0 | 0 | 37 |
PHP code Passed 2 tests
A short review of cyclomatic complexity and code structure
Everything seems fine, there were no complexity issues found
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.62 |
| Average class complexity | 32.07 |
| ▷ Minimum class complexity | 3.00 |
| ▷ Maximum class complexity | 148.00 |
| Average method complexity | 3.99 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 21.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 0 | |
| Interfaces | 0 | |
| Traits | 0 | |
| Classes | 15 | |
| ▷ Abstract classes | 0 | 0.00% |
| ▷ Concrete classes | 15 | 100.00% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 156 | |
| ▷ Static methods | 61 | 39.10% |
| ▷ Public methods | 151 | 96.79% |
| ▷ Protected methods | 1 | 0.64% |
| ▷ Private methods | 4 | 2.56% |
| Functions | 0 | |
| ▷ Named functions | 0 | 0.00% |
| ▷ Anonymous functions | 0 | 0.00% |
| Constants | 26 | |
| ▷ Global constants | 26 | 100.00% |
| ▷ Class constants | 0 | 0.00% |
| ▷ Public constants | 0 | 0.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
Often times overlooked, PNG files can occupy unnecessary space in your plugin
14 PNG files occupy 0.30MB with 0.06MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| view/img/security_check.png | 23.70KB | 13.61KB | ▼ 42.58% |
| view/img/cache.png | 10.36KB | 10.79KB | 0.00% |
| view/img/pro_captcha.png | 5.37KB | 2.70KB | ▼ 49.66% |
| view/img/speedometer_medium.png | 20.89KB | 21.60KB | 0.00% |
| view/img/minloading.png | 3.45KB | 3.54KB | 0.00% |