Benchmarks
Plugin footprint 63% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | Verifying that this plugin installs correctly without errors
The plugin installed gracefully, with no errors
Server metrics [RAM: ▲11.60MB] [CPU: ▲79.55ms] 25% from 4 tests
Analyzing server-side resources used by Wordfence Security - Firewall, Malware Scan, and Login Security
Please fix the following
- RAM: The total memory usage must be kept under 10MB (currently 14.99MB on /wp-admin/admin.php?page=WordfenceSupport)
- CPU: Total CPU usage must kept under 500.00ms (currently 744.21ms on /wp-admin/admin.php?page=Wordfence)
- Extra RAM: The extra memory usage must be under 5MB (currently 11.60MB on /wp-admin/admin.php?page=WordfenceSupport)
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 14.90 ▲11.43 | 130.75 ▲89.63 |
| Dashboard /wp-admin | 15.08 ▲11.77 | 140.34 ▲84.11 |
| Posts /wp-admin/edit.php | 15.05 ▲11.68 | 119.81 ▲70.60 |
| Add New Post /wp-admin/post-new.php | 17.54 ▲11.65 | 168.47 ▲73.86 |
| Media Library /wp-admin/upload.php | 14.86 ▲11.63 | 133.57 ▲99.85 |
| Upgrade to Premium /wp-admin/admin.php?page=WordfenceUpgradeToPremium | 14.84 | 111.64 |
| Scan /wp-admin/admin.php?page=WordfenceScan | 16.10 | 1,397.90 |
| Firewall /wp-admin/admin.php?page=WordfenceWAF | 13.55 | 76.04 |
| Tools /wp-admin/admin.php?page=WordfenceTools | 14.56 | 100.15 |
| All Options /wp-admin/admin.php?page=WordfenceOptions | 16.36 | 794.33 |
| Login Security /wp-admin/admin.php?page=WFLS | 15.43 | 129.45 |
| Dashboard 0 /wp-admin/admin.php?page=Wordfence | 16.11 | 744.21 |
| Install /wp-admin/admin.php?page=WordfenceInstall | 14.92 | 112.31 |
| Help /wp-admin/admin.php?page=WordfenceSupport | 14.99 | 110.98 |
Server storage [IO: ▲15.05MB] [DB: ▲0.04MB] 67% from 3 tests
Filesystem and database footprint
It is recommended to fix the following issues
- The plugin illegally modified 10 files (6,054.66KB) outside of "wp-content/plugins/wordfence/" and "wp-content/uploads/"
- (new file) wp-content/wflogs/GeoLite2-Country.mmdb
- (new file) wp-content/wflogs/config.php
- (new file) wp-content/wflogs/config-transient.php
- (new file) wp-content/wflogs/config-synced.php
- (new file) wp-content/wflogs/attack-data.php
- (new file) wp-content/wflogs/template.php
- (new file) wp-content/wflogs/.htaccess
- (new file) wp-content/wflogs/ips.php
- (new file) wp-content/wflogs/rules.php
- (new file) wp-content/wflogs/config-livewaf.php
Filesystem: 713 new files
Database: 24 new tables, 12 new options
| New tables |
|---|
| wp_wfhoover |
| wp_wflocs |
| wp_wffilechanges |
| wp_wfls_settings |
| wp_wffilemods |
| wp_wfblockediplog |
| wp_wfnotifications |
| wp_wfwaffailures |
| wp_wfcrawlers |
| wp_wfsecurityevents |
| ... |
| New WordPress options |
|---|
| wf_plugin_act_error |
| wordfenceActivated |
| widget_recent-comments |
| theysaidso_admin_options |
| widget_recent-posts |
| wordfence_case |
| widget_theysaidso_widget |
| wordfence_version |
| wordfence_ls_version |
| db_upgraded |
| ... |
Browser metrics Passed 4 tests
Wordfence Security - Firewall, Malware Scan, and Login Security: an overview of browser usage
Minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 3,579 ▲817 | 13.92 ▼0.79 | 9.24 ▲7.59 | 30.34 ▼15.16 |
| Dashboard /wp-admin | 2,783 ▲603 | 5.07 ▼0.57 | 103.35 ▲10.93 | 70.02 ▲27.27 |
| Posts /wp-admin/edit.php | 2,411 ▲311 | 2.44 ▲0.46 | 37.48 ▼2.80 | 43.11 ▲4.30 |
| Add New Post /wp-admin/post-new.php | 1,877 ▲351 | 21.94 ▼1.16 | 696.65 ▲91.44 | 52.16 ▼5.91 |
| Media Library /wp-admin/upload.php | 1,714 ▲314 | 4.58 ▲0.42 | 101.85 ▲8.76 | 53.22 ▲12.08 |
| Upgrade to Premium /wp-admin/admin.php?page=WordfenceUpgradeToPremium | 1,083 | 2.40 | 47.58 | 38.88 |
| Scan /wp-admin/admin.php?page=WordfenceScan | 2,532 | 3.45 | 88.51 | 110.07 |
| Firewall /wp-admin/admin.php?page=WordfenceWAF | 2,741 | 5.32 | 229.54 | 115.67 |
| Tools /wp-admin/admin.php?page=WordfenceTools | 5,975 | 2.45 | 39.68 | 54.25 |
| All Options /wp-admin/admin.php?page=WordfenceOptions | 10,290 | 4.91 | 172.55 | 79.02 |
| Login Security /wp-admin/admin.php?page=WFLS | 2,586 | 3.78 | 98.40 | 90.13 |
| Dashboard 0 /wp-admin/admin.php?page=Wordfence | 1,722 | 5.84 | 193.36 | 82.80 |
| Install /wp-admin/admin.php?page=WordfenceInstall | 1,307 | 2.51 | 36.40 | 62.54 |
| Help /wp-admin/admin.php?page=WordfenceSupport | 2,063 | 2.84 | 62.72 | 61.66 |
Uninstaller [IO: ▲5.91MB] [DB: ▲0.04MB] 50% from 4 tests
🔸 Tests weight: 35 | All plugins must uninstall correctly, removing their source code and extra database tables they might have created
Please fix the following items
- The uninstall procedure failed, leaving 24 tables in the database
- wp_wfknownfilelist
- wp_wfcrawlers
- wp_wffilechanges
- wp_wflivetraffichuman
- wp_wflocs
- wp_wfconfig
- wp_wfls_2fa_secrets
- wp_wflogins
- wp_wfnotifications
- wp_wfsecurityevents
- ...
- This plugin did not uninstall successfully, leaving 11 options in the database
- db_upgraded
- wordfence_case
- wordfenceActivated
- wf_plugin_act_error
- widget_recent-comments
- wordfence_version
- can_compress_scripts
- widget_theysaidso_widget
- widget_recent-posts
- wordfence_installed
- ...
Smoke tests 25% from 4 tests
Server-side errors 0% from 1 test
🔹 Test weight: 20 | This is a shallow check for server-side errors
These errors were triggered by the plugin
- > GET request to /wp-admin/admin.php?page=WordfenceWAF
- > Warning in wp-content/plugins/wordfence/lib/wordfenceClass.php+2223
unlink(wp-content/wflogs/template.0529828001701634713.tmp): No such file or directory
- > GET request to /wp-admin/admin.php?page=WordfenceTools
- > Notice in wp-content/plugins/wordfence/lib/wfDiagnostic.php+354
Only variables should be passed by reference
SRP 50% from 2 tests
🔹 Tests weight: 20 | It is important to ensure that your PHP files perform no action when accessed directly, respecting the single-responsibility principle
Almost there! Just fix the following items
- 174× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Class 'ParagonIE_Sodium_Core_Util' not found in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/src/Core/ChaCha20.php:11
- > PHP Notice
Constant SODIUM_CRYPTO_PWHASH_SCRYPTSALSA208SHA256_SALTBYTES already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 64
- > PHP Fatal error
Uncaught Error: Interface 'Wordfence\\MmdbReader\\IpAddressInterface' not found in wp-content/plugins/wordfence/vendor/wordfence/mmdb-reader/src/IpAddress.php:7
- > PHP Notice
Constant SODIUM_CRYPTO_KX_SECRETKEYBYTES already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 46
- > PHP Fatal error
Uncaught Error: Class 'ParagonIE_Sodium_Core32_ChaCha20_Ctx' not found in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/src/Core32/ChaCha20/IetfCtx.php:11
- > PHP Notice
Constant SODIUM_CRYPTO_BOX_SEALBYTES already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 30
- > PHP Notice
Constant SODIUM_LIBRARY_MAJOR_VERSION already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 4
- > PHP Notice
Constant SODIUM_CRYPTO_AUTH_KEYBYTES already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 29
- > PHP Warning
Use of undefined constant WORDFENCE_PATH - assumed 'WORDFENCE_PATH' (this will throw an Error in a future version of PHP) in wp-content/plugins/wordfence/lib/sodium_compat_fast.php on line 4
- > PHP Notice
Constant SODIUM_CRYPTO_AEAD_XCHACHA20POLY1305_IETF_NSECBYTES already defined in wp-content/plugins/wordfence/crypto/vendor/paragonie/sodium_compat/lib/php72compat_const.php on line 25
- > PHP Fatal error
User-side errors 0% from 1 test
🔹 Test weight: 20 | A shallow check that no browser errors were triggered
Please fix the following user-side errors
- > GET request to /wp-admin/admin.php?page=WordfenceUpgradeToPremium
- > Javascript (severe) in unknown
/wp-admin/admin.php?page=WordfenceUpgradeToPremium 87:18 Uncaught DOMException: Failed to execute 'replaceState' on 'History': A h…-admin/admin.php?page=WordfenceUpgradeToPremium'.
Optimizations
Plugin configuration 97% from 29 tests
readme.txt 94% from 16 tests
It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
These attributes need your attention:
- Tags: Too many tags (16 tag instead of maximum 10); only the first 5 tags are used in your directory listing
wordfence/wordfence.php Passed 13 tests
Analyzing the main PHP file in "Wordfence Security - Firewall, Malware Scan, and Login Security" version 7.11.0
58 characters long description:
Wordfence Security - Anti-virus, Firewall and Malware Scan
Code Analysis 95% from 3 tests
File types Passed 1 test
🔸 Test weight: 35 | An overview of files in this plugin; executable files are not allowed
Good job! No executable or dangerous file extensions detected113,208 lines of code in 617 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 532 | 11,882 | 22,875 | 101,532 |
| JavaScript | 23 | 1,510 | 804 | 10,644 |
| CSS | 38 | 46 | 53 | 549 |
| JSON | 3 | 0 | 0 | 302 |
| SVG | 21 | 0 | 2 | 181 |
PHP code 0% from 2 tests
A short review of cyclomatic complexity and code structure
Please fix the following
- Please reduce cyclomatic complexity of classes to less than 1000 (currently 1,996)
- Please reduce cyclomatic complexity of methods to less than 100 (currently 168)
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.42 |
| Average class complexity | 32.37 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 1,996.00 |
| Average method complexity | 4.11 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 168.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 17 | |
| Interfaces | 11 | |
| Traits | 0 | |
| Classes | 386 | |
| ▷ Abstract classes | 33 | 8.55% |
| ▷ Concrete classes | 353 | 91.45% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 4,063 | |
| ▷ Static methods | 1,593 | 39.21% |
| ▷ Public methods | 3,485 | 85.77% |
| ▷ Protected methods | 156 | 3.84% |
| ▷ Private methods | 422 | 10.39% |
| Functions | 217 | |
| ▷ Named functions | 188 | 86.64% |
| ▷ Anonymous functions | 29 | 13.36% |
| Constants | 1,152 | |
| ▷ Global constants | 130 | 11.28% |
| ▷ Class constants | 1,022 | 88.72% |
| ▷ Public constants | 1,022 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
Often times overlooked, PNG files can occupy unnecessary space in your plugin
33 compressed PNG files occupy 0.23MB
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| images/flags.png | 80.28KB | 26.56KB | ▼ 66.91% |
| images/loading_background.png | 0.15KB | 0.15KB | ▼ 0.64% |
| images/sort_asc.png | 0.16KB | 0.25KB | 0.00% |
| modules/login-security/img/ui-icons_777620_256x240.png | 4.44KB | 4.17KB | ▼ 6.02% |
| images/sort_asc_disabled.png | 0.14KB | 0.25KB | 0.00% |