Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | Verifying that this plugin installs correctly without errors
Install script ran successfully
Server metrics [RAM: ▲0.11MB] [CPU: ▲2.77ms] Passed 4 tests
Analyzing server-side resources used by Wordpress Security - Firewall, Malware Scanner, Secure Login and Backup
Server-side resource usage in normal parameters
Page | Memory (MB) | CPU Time (ms) |
---|---|---|
Home / | 3.66 ▲0.20 | 44.42 ▲2.89 |
Dashboard /wp-admin | 3.41 ▲0.11 | 59.06 ▲4.97 |
Posts /wp-admin/edit.php | 3.46 ▲0.11 | 55.60 ▲3.23 |
Add New Post /wp-admin/post-new.php | 6.01 ▲0.12 | 91.16 ▼0.01 |
Media Library /wp-admin/upload.php | 3.33 ▲0.10 | 46.14 ▲6.86 |
WAF /wp-admin/admin.php?page=mo_mmp_waf | 3.52 | 78.11 |
Backup /wp-admin/admin.php?page=mo_mmp_backup | 3.41 | 49.25 |
Dashboard /wp-admin/admin.php?page=mo_mmp_dashboard | 3.35 | 47.51 |
Upgrade /wp-admin/admin.php?page=mo_mmp_upgrade | 3.36 | 49.79 |
Account /wp-admin/admin.php?page=mo_mmp_account | 3.40 | 46.96 |
Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan | 3.51 | 56.40 |
Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam | 3.41 | 56.50 |
Reports /wp-admin/admin.php?page=mo_mmp_reports | 3.38 | 48.44 |
Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking | 3.42 | 50.86 |
Notifications /wp-admin/admin.php?page=mo_mmp_notifications | 3.41 | 55.51 |
Server storage [IO: ▲1.12MB] [DB: ▲0.08MB] Passed 3 tests
Filesystem and database footprint
There were no storage issued detected upon installing this plugin
Filesystem: 125 new files
Database: 11 new tables, 33 new options
New tables |
---|
wp_wpns_blocked_ips |
wp_wpns_transactions |
wp_wpns_attack_logs |
wp_wpns_whitelisted_ips |
wp_wpns_malware_skip_files |
wp_wpns_malware_scan_report |
wp_wpns_malware_scan_report_details |
wp_wpns_malware_hash_file |
wp_wpns_files_scan |
wp_wpns_email_sent_audit |
... |
New WordPress options |
---|
mo_mmp_scan_plugins |
mo_mmp_dbversion |
limitAttack |
mo_mmp_switch_loginspam |
XSSAttack |
mo_mmp_switch_backup |
mo_wpns_enable_ip_blocked_email_to_admin |
WAFEnabled |
Rate_request |
mo_mmp_switch_reports |
... |
Browser metrics Passed 4 tests
This is an overview of browser requirements for Wordpress Security - Firewall, Malware Scanner, Secure Login and Backup
Minimal impact on browser resources
Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
---|---|---|---|---|
Home / | 3,002 ▲241 | 13.22 ▼1.03 | 4.77 ▲2.84 | 39.26 ▼2.28 |
Dashboard /wp-admin | 2,365 ▲185 | 5.82 ▲0.21 | 88.56 ▼9.88 | 96.03 ▲56.66 |
Posts /wp-admin/edit.php | 2,190 ▲90 | 2.10 ▲0.12 | 37.18 ▼3.92 | 35.04 ▼3.29 |
Add New Post /wp-admin/post-new.php | 1,593 ▲67 | 23.49 ▼0.04 | 727.77 ▲27.98 | 53.99 ▲0.41 |
Media Library /wp-admin/upload.php | 1,486 ▲86 | 4.22 ▲0.00 | 110.72 ▲8.42 | 73.15 ▲26.30 |
WAF /wp-admin/admin.php?page=mo_mmp_waf | 2,215 | 2.45 | 53.72 | 47.37 |
Backup /wp-admin/admin.php?page=mo_mmp_backup | 1,181 | 2.32 | 32.07 | 34.64 |
Dashboard /wp-admin/admin.php?page=mo_mmp_dashboard | 1,051 | 2.22 | 28.57 | 40.89 |
Upgrade /wp-admin/admin.php?page=mo_mmp_upgrade | 1,114 | 2.24 | 29.75 | 41.71 |
Account /wp-admin/admin.php?page=mo_mmp_account | 1,195 | 2.27 | 30.37 | 31.28 |
Malware Scan /wp-admin/admin.php?page=mo_mmp_malwarescan | 1,800 | 2.47 | 45.68 | 34.81 |
Login and Spam /wp-admin/admin.php?page=mo_mmp_login_and_spam | 1,446 | 2.32 | 32.93 | 33.22 |
Reports /wp-admin/admin.php?page=mo_mmp_reports | 1,509 | 2.54 | 46.92 | 37.46 |
Advanced Blocking /wp-admin/admin.php?page=mo_mmp_advancedblocking | 2,200 | 2.40 | 30.85 | 44.64 |
Notifications /wp-admin/admin.php?page=mo_mmp_notifications | 2,071 | 8.73 | 167.93 | 75.44 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.07MB] 50% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
You still need to fix the following
- The plugin did not uninstall successfully, leaving 1 table in the database
- wp_wpns_ip_rate_details
- Zombie WordPress options detected upon uninstall: 17 options
- widget_theysaidso_widget
- db_upgraded
- widget_recent-comments
- theysaidso_admin_options
- limitAttack
- WAFEnabled
- Rate_request
- LFIAttack
- XSSAttack
- mo_wpns_new_registration
- ...
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | Just a short smoke test targeting errors on the server (in the Apache logs)
The smoke test was a success, however most plugin functionality was not tested
SRP 0% from 2 tests
🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please take a closer look at the following
- 5× PHP files output text when accessed directly:
- > /wp-content/plugins/wp-security-pro/controllers/malware_scanner/scan_malware.php
- > /wp-content/plugins/wp-security-pro/views/troubleshooting.php
- > /wp-content/plugins/wp-security-pro/handler/mo-error.php
- > /wp-content/plugins/wp-security-pro/views/login_spam.php
- > /wp-content/plugins/wp-security-pro/handler/mo-block.php
- 123× PHP files trigger server-side errors or warnings when accessed directly (only 10 are shown):
- > PHP Warning
include_once(views/login_spam.php): failed to open stream: No such file or directory in wp-content/plugins/wp-security-pro/controllers/login-spam.php on line 8
- > PHP Warning
include(): Failed opening 'views/troubleshooting.php' for inclusion (include_path='.:/usr/share/php') in wp-content/plugins/wp-security-pro/controllers/troubleshooting.php on line 5
- > PHP Notice
Trying to get property 'data' of non-object in wp-content/plugins/wp-security-pro/controllers/change-password.php on line 5
- > PHP Notice
Undefined variable: user in wp-content/plugins/wp-security-pro/controllers/change-password.php on line 5
- > PHP Fatal error
Uncaught Error: Call to undefined function add_query_arg() in wp-content/plugins/wp-security-pro/controllers/licensing.php:5
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_url() in wp-content/plugins/wp-security-pro/views/login-security.php:15
- > PHP Notice
Trying to get property 'user_login' of non-object in wp-content/plugins/wp-security-pro/controllers/change-password.php on line 5
- > PHP Warning
include(helper/link_tracers.php): failed to open stream: No such file or directory in wp-content/plugins/wp-security-pro/views/waf.php on line 4
- > PHP Fatal error
Uncaught Error: Call to undefined function __() in wp-content/plugins/wp-security-pro/views/change-password.php:21
- > PHP Warning
Invalid argument supplied for foreach() in wp-content/plugins/wp-security-pro/views/ip-blocking.php on line 37
- > PHP Warning
User-side errors Passed 1 test
🔹 Test weight: 20 | This is just a short smoke test looking for browser issues
There were no browser issues found
Optimizations
Plugin configuration 93% from 29 tests
readme.txt 94% from 16 tests
The readme.txt file is an important file in your plugin as it is parsed by WordPress.org to prepare the public listing of your plugin
These attributes need your attention:
- Tags: You are using too many tags: 27 tag instead of maximum 10
wp-security-pro/mo-wpns.php 92% from 13 tests
This is the main PHP file of "Wordpress Security - Firewall, Malware Scanner, Secure Login and Backup" version 4.3.2, providing information about the plugin in the header fields and serving as the principal entry point to the plugin's functions
The following require your attention:
- Main file name: It is recommended to name the main PHP file as the plugin slug ("wp-security-pro.php" instead of "mo-wpns.php")
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | There should be no dangerous file extensions present in any WordPress plugin
There were no executable files found in this plugin17,975 lines of code in 110 files:
Language | Files | Blank lines | Comment lines | Lines of code |
---|---|---|---|---|
PHP | 100 | 1,763 | 111 | 14,824 |
CSS | 7 | 225 | 54 | 2,913 |
JavaScript | 3 | 23 | 15 | 238 |
PHP code Passed 2 tests
Cyclomatic complexity and code structure are the fingerprint of this plugin
There are no cyclomatic complexity problems detected for this plugin
Cyclomatic complexity | |
---|---|
Average complexity per logical line of code | 0.32 |
Average class complexity | 37.39 |
▷ Minimum class complexity | 1.00 |
▷ Maximum class complexity | 257.00 |
Average method complexity | 4.37 |
▷ Minimum method complexity | 1.00 |
▷ Maximum method complexity | 45.00 |
Code structure | ||
---|---|---|
Namespaces | 0 | |
Interfaces | 0 | |
Traits | 0 | |
Classes | 28 | |
▷ Abstract classes | 0 | 0.00% |
▷ Concrete classes | 28 | 100.00% |
▷ Final classes | 0 | 0.00% |
Methods | 302 | |
▷ Static methods | 15 | 4.97% |
▷ Public methods | 281 | 93.05% |
▷ Protected methods | 0 | 0.00% |
▷ Private methods | 21 | 6.95% |
Functions | 77 | |
▷ Named functions | 77 | 100.00% |
▷ Anonymous functions | 0 | 0.00% |
Constants | 127 | |
▷ Global constants | 3 | 2.36% |
▷ Class constants | 124 | 97.64% |
▷ Public constants | 124 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
It is recommended to compress PNG files in your plugin to minimize bandwidth usage
13 PNG files occupy 0.20MB with 0.07MB in potential savings
Potential savings
Compression of 5 random PNG files using pngquant | |||
---|---|---|---|
File | Size - original | Size - compressed | Savings |
includes/images/error.png | 1.04KB | 1.13KB | 0.00% |
includes/images/61456.png | 3.64KB | 3.62KB | ▼ 0.62% |
includes/images/flags16.png | 61.80KB | 19.90KB | ▼ 67.79% |
includes/images/smile.png | 17.89KB | 8.79KB | ▼ 50.86% |
includes/images/wrong.png | 30.98KB | 13.50KB | ▼ 56.42% |