Benchmarks

Plugin footprint 65% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | Verifying that this plugin installs correctly without errors

The plugin installed gracefully, with no errors

Server metrics [RAM: ▼0.01MB] [CPU: ▼4.37ms] Passed 4 tests

Server-side resources used by WP-OTP

No issues were detected with server-side resource usage

Page	Memory (MB)	CPU Time (ms)
Home /	3.46 ▲0.00	45.16 ▲2.96
Dashboard /wp-admin	3.31 ▼0.04	52.66 ▼11.13
Posts /wp-admin/edit.php	3.36 ▲0.00	51.56 ▼1.39
Add New Post /wp-admin/post-new.php	5.89 ▲0.00	95.23 ▼7.09
Media Library /wp-admin/upload.php	3.23 ▲0.00	36.41 ▲2.12

Server storage [IO: ▲2.12MB] [DB: ▲0.00MB] Passed 3 tests

Filesystem and database footprint

This plugin installed successfully

Filesystem: 378 new files

Database: no new tables, 6 new options

New WordPress options
widget_recent-posts
db_upgraded
can_compress_scripts
theysaidso_admin_options
widget_recent-comments
widget_theysaidso_widget

Browser metrics Passed 4 tests

This is an overview of browser requirements for WP-OTP

This plugin has a minimal impact on browser resources

Page	Nodes	Memory (MB)	Script (ms)	Layout (ms)
Home /	2,789 ▲43	14.75 ▲0.39	1.84 ▼0.88	42.62 ▼3.99
Dashboard /wp-admin	2,195 ▲21	5.65 ▲0.04	94.58 ▲4.33	42.79 ▲3.89
Posts /wp-admin/edit.php	2,097 ▼3	2.04 ▼0.00	40.42 ▲2.26	39.33 ▲2.57
Add New Post /wp-admin/post-new.php	1,545 ▲19	23.38 ▲5.88	651.47 ▼63.16	51.41 ▼8.66
Media Library /wp-admin/upload.php	1,394 ▼6	4.23 ▲0.02	96.89 ▼7.90	39.31 ▼11.60

Uninstaller [IO: ▲2.12MB] [DB: ▲0.00MB] 50% from 4 tests

🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces

Please fix the following items

The plugin did not uninstall correctly, leaving 378 files (2.12MB) in the plugin directory
- (new file) admin/images/freeotpplus.png
- (new file) admin/images/app-store.png
- (new file) admin/images/onetimepass.png
- (new file) admin/class-wp-otp-admin.php
- (new file) admin/images/play-store.png
- (new file) admin/images/andotp.png
- (new file) admin/images/f-droid.png
- (new file) admin/images/aegis.png
- (new file) admin/css/wp-otp-admin.css
- (new file) admin/images/otp-authenticator.png
- ...
Zombie WordPress options were found after uninstall: 6 options
- widget_recent-comments
- can_compress_scripts
- db_upgraded
- theysaidso_admin_options
- widget_theysaidso_widget
- widget_recent-posts

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | This is a short smoke test looking for server-side errors

Even though everything seems fine, this is not an exhaustive test

SRP 50% from 2 tests

🔹 Tests weight: 20 | The single-responsibility principle: PHP files have to remain inert when accessed directly, throwing no errors and performing no actions

Almost there! Just fix the following items

174× PHP files trigger errors when accessed directly with GET requests (only 10 are shown):
- > PHP Fatal error
  Uncaught Error: Interface 'OTPHP\\FactoryInterface' not found in wp-content/plugins/wp-otp/vendor/spomky-labs/otphp/src/Factory.php:25
- > PHP Fatal error
  Uncaught Error: Class 'chillerlan\\QRCodeTest\\Output\\QROutputTestAbstract' not found in wp-content/plugins/wp-otp/vendor/chillerlan/php-qrcode/tests/Output/QRFpdfTest.php:24
- > PHP Fatal error
  Uncaught Error: Class 'chillerlan\\QRCode\\Output\\QRImage' not found in wp-content/plugins/wp-otp/vendor/chillerlan/php-qrcode/examples/QRImageWithLogo.php:24
- > PHP Fatal error
  Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/wp-otp/vendor/thecodingmachine/safe/generated/Exceptions/IconvException.php:4
- > PHP Fatal error
  require_once(): Failed opening required 'wp-content/plugins/wp-otp/vendor/chillerlan/php-qrcode/examples/../vendor/autoload.php' (include_path='.:/usr/share/php') in wp-content/plugins/wp-otp/vendor/chillerlan/php-qrcode/examples/fpdf.php on line 7
- > PHP Warning
  require_once(wp-content/plugins/wp-otp/vendor/chillerlan/php-settings-container/examples/../vendor/autoload.php): failed to open stream: No such file or directory in wp-content/plugins/wp-otp/vendor/chillerlan/php-settings-container/examples/advanced.php on line 14
- > PHP Fatal error
  Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/wp-otp/vendor/thecodingmachine/safe/generated/Exceptions/InfoException.php:4
- > PHP Fatal error
  Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/wp-otp/vendor/thecodingmachine/safe/generated/Exceptions/LdapException.php:4
- > PHP Fatal error
  Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/wp-otp/vendor/thecodingmachine/safe/generated/Exceptions/FunchandException.php:4
- > PHP Fatal error
  Uncaught Error: Interface 'Safe\\Exceptions\\SafeExceptionInterface' not found in wp-content/plugins/wp-otp/vendor/thecodingmachine/safe/generated/Exceptions/GmpException.php:4

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues

No browser issues were found

Optimizations

Plugin configuration Passed 29 tests

readme.txt Passed 16 tests

The readme.txt file uses markdown syntax to describe your plugin to the world

9 plugin tags: google authenticator, one time password, login, recovery, 2fa...

wp-otp/wp-otp.php Passed 13 tests

The entry point to "WP-OTP" version 0.6.1 is a PHP file that has certain tags in its header comment area

95 characters long description:

WP-OTP adds 2 Factor Authentication using TOTP. (Based on "WP Secure Login" by Brijesh Kothari)

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin

Everything looks great! No dangerous files found in this plugin25,338 lines of code in 343 files:

Language	Files	Blank lines	Comment lines	Lines of code
PHP	304	5,371	39,854	23,317
JSON	7	0	0	890
Markdown	9	160	0	490
YAML	11	80	37	293
XML	7	0	0	163
HTML	1	26	0	137
CSS	1	4	0	24
JavaScript	1	1	0	11
Dockerfile	1	5	2	10
Bourne Shell	1	2	0	3

PHP code Passed 2 tests

An short overview of logical lines of code, cyclomatic complexity, and other code metrics

All good! No complexity issues found

Cyclomatic complexity
Average complexity per logical line of code	0.33
Average class complexity	5.42
▷ Minimum class complexity	1.00
▷ Maximum class complexity	213.00
Average method complexity	2.24
▷ Minimum method complexity	1.00
▷ Maximum method complexity	19.00

Code structure
Namespaces	21
Interfaces	10
Traits	5
Classes	175
▷ Abstract classes	17	9.71%
▷ Concrete classes	158	90.29%
▷ Final classes	19	12.03%
Methods	709
▷ Static methods	288	40.62%
▷ Public methods	570	80.39%
▷ Protected methods	107	15.09%
▷ Private methods	32	4.51%
Functions	1,134
▷ Named functions	1,122	98.94%
▷ Anonymous functions	12	1.06%
Constants	135
▷ Global constants	5	3.70%
▷ Class constants	130	96.30%
▷ Public constants	123	94.62%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Often times overlooked, PNG files can occupy unnecessary space in your plugin

11 PNG files occupy 0.04MB with 0.01MB in potential savings

Potential savings

Compression of 5 random PNG files using pngquant
File	Size - original	Size - compressed	Savings
admin/images/play-store.png	1.56KB	1.38KB	▼ 11.88%
admin/images/aegis.png	1.82KB	1.81KB	▼ 0.70%
vendor/chillerlan/php-qrcode/examples/octocat.png	2.41KB	2.46KB	0.00%
vendor/chillerlan/php-qrcode/examples/example_svg.png	15.55KB	6.70KB	▼ 56.90%
admin/images/onetimepass.png	3.39KB	2.59KB	▼ 23.48%

Code Review | WP-OTP

About plugin

Code review

User reviews

Install metrics