83% wp-security-audit-log-add-on-for-wpforms

Code Review | WP Activity Log for WPForms

WordPress plugin WP Activity Log for WPForms scored83%from 54 tests.

About plugin

  • Plugin page: wp-security-audit...
  • Plugin version: 1.2.3
  • PHP compatiblity: 7.2+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.0-6.1.1
  • WordPress version: 6.3.1
  • First release: Feb 1, 2020
  • Latest release: Aug 9, 2023
  • Number of updates: 48
  • Update frequency: every 27.3 days
  • Top authors: WPWhiteSecurity (100%)

Code review

54 tests

User reviews

1 review

Install metrics

4,000+ active /27,136 total downloads

Benchmarks

Plugin footprint 83% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
The plugin installed gracefully, with no errors

Server metrics [RAM: ▲0.10MB] [CPU: ▼5.61ms] Passed 4 tests

Server-side resources used by WP Activity Log for WPForms
Normal server usage
PageMemory (MB)CPU Time (ms)
Home /3.55 ▲0.0844.80 ▼1.79
Dashboard /wp-admin3.41 ▲0.1052.02 ▼7.41
Posts /wp-admin/edit.php3.52 ▲0.1652.82 ▼2.82
Add New Post /wp-admin/post-new.php6.01 ▲0.1297.93 ▼10.40
Media Library /wp-admin/upload.php3.33 ▲0.1043.42 ▲6.89

Server storage [IO: ▲0.15MB] [DB: ▲0.00MB] Passed 3 tests

A short overview of filesystem and database impact
The plugin installed successfully
Filesystem: 15 new files
Database: no new tables, 6 new options
New WordPress options
widget_recent-posts
theysaidso_admin_options
can_compress_scripts
widget_recent-comments
db_upgraded
widget_theysaidso_widget

Browser metrics Passed 4 tests

Checking browser requirements for WP Activity Log for WPForms
This plugin has a minimal impact on browser resources
PageNodesMemory (MB)Script (ms)Layout (ms)
Home /2,811 ▲6514.77 ▲0.661.76 ▼0.1841.25 ▼1.83
Dashboard /wp-admin2,217 ▲405.60 ▼0.0599.10 ▲4.0140.90 ▼0.29
Posts /wp-admin/edit.php2,123 ▲232.06 ▲0.0941.04 ▲2.0536.82 ▲2.06
Add New Post /wp-admin/post-new.php1,543 ▲1523.34 ▲0.23689.52 ▼23.3162.87 ▲5.38
Media Library /wp-admin/upload.php1,422 ▲254.24 ▲0.04112.78 ▼2.7949.20 ▲1.83

Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests

🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
You still need to fix the following
  • The uninstall procedure has failed, leaving 6 options in the database
    • widget_recent-comments
    • db_upgraded
    • widget_theysaidso_widget
    • widget_recent-posts
    • can_compress_scripts
    • theysaidso_admin_options

Smoke tests 75% from 4 tests

Server-side errors Passed 1 test

🔹 Test weight: 20 | A smoke test targeting server-side errors
Good news, no errors were detected

SRP 50% from 2 tests

🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please take a closer look at the following
  • 3× PHP files trigger server-side errors or warnings when accessed directly:
    • > PHP Fatal error
      Uncaught Error: Class 'WSAL_AbstractSensor' not found in wp-content/plugins/wp-security-audit-log-add-on-for-wpforms/wp-security-audit-log/custom-sensors/WPFormsSensor.php:18
    • > PHP Fatal error
      Uncaught Error: Call to undefined function esc_html__() in wp-content/plugins/wp-security-audit-log-add-on-for-wpforms/wp-security-audit-log/custom-alerts.php:12
    • > PHP Fatal error
      Uncaught Error: Call to undefined function plugin_dir_path() in wp-content/plugins/wp-security-audit-log-add-on-for-wpforms/wsal-wpforms.php:39

User-side errors Passed 1 test

🔹 Test weight: 20 | Just a short smoke test targeting errors on the browser (console and network errors and warnings)
Everything seems fine, but this is not an exhaustive test

Optimizations

Plugin configuration 90% from 29 tests

readme.txt 94% from 16 tests

The readme.txt file describes your plugin functionality and requirements and it is parsed to prepare the your plugin's listing
These attributes need to be fixed: You can look at the official readme.txt

wp-security-audit-log-add-on-for-wpforms/wsal-wpforms.php 85% from 13 tests

The primary PHP file in "WP Activity Log for WPForms" version 1.2.3 is used by WordPress to initiate all plugin functionality
It is important to fix the following:
  • Main file name: Name the main plugin file the same as the plugin slug ("wp-security-audit-log-add-on-for-wpforms.php" instead of "wsal-wpforms.php")
  • Text Domain: Since WordPress version 4.6 the text domain is optional; if specified, it must be the same as the plugin slug

Code Analysis 97% from 3 tests

File types Passed 1 test

🔸 Test weight: 35 | Executable files are considered dangerous and should not be included with any WordPress plugin
Good job! No executable or dangerous file extensions detected2,771 lines of code in 10 files:
LanguageFilesBlank linesComment linesLines of code
PHP93827622,699
JavaScript13272

PHP code 50% from 2 tests

Analyzing logical lines of code, cyclomatic complexity, and other code metrics
It is recommended to fix the following
  • Cyclomatic complexity of methods has to be reduced to less than 100 (currently 119)
Cyclomatic complexity
Average complexity per logical line of code0.58
Average class complexity87.20
▷ Minimum class complexity1.00
▷ Maximum class complexity189.00
Average method complexity7.84
▷ Minimum method complexity1.00
▷ Maximum method complexity119.00
Code structure
Namespaces3
Interfaces0
Traits0
Classes5
▷ Abstract classes00.00%
▷ Concrete classes5100.00%
▷ Final classes00.00%
Methods63
▷ Static methods2336.51%
▷ Public methods4977.78%
▷ Protected methods00.00%
▷ Private methods1422.22%
Functions4
▷ Named functions250.00%
▷ Anonymous functions250.00%
Constants1
▷ Global constants1100.00%
▷ Class constants00.00%
▷ Public constants00.00%

Plugin size Passed 2 tests

Image compression Passed 2 tests

PNG files should be compressed to save space and minimize bandwidth usage
There were not PNG files found in your plugin