Benchmarks
Plugin footprint 83% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | Verifying that this plugin installs correctly without errors
This plugin's installer ran successfully
Server metrics [RAM: ▲0.07MB] [CPU: ▼0.41ms] Passed 4 tests
Analyzing server-side resources used by wp-security-txt
This plugin does not affect your website's performance
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 3.52 ▲0.06 | 37.51 ▼3.74 |
| Dashboard /wp-admin | 3.37 ▲0.07 | 49.47 ▼0.31 |
| Posts /wp-admin/edit.php | 3.43 ▲0.07 | 52.34 ▲5.80 |
| Add New Post /wp-admin/post-new.php | 5.95 ▲0.07 | 88.37 ▼2.20 |
| Media Library /wp-admin/upload.php | 3.30 ▲0.07 | 37.08 ▲4.59 |
| security.txt /wp-admin/options-general.php?page=wordpress-security-txt | 3.35 | 36.12 |
Server storage [IO: ▲0.24MB] [DB: ▲0.00MB] Passed 3 tests
Filesystem and database footprint
The plugin installed successfully
Filesystem: 85 new files
Database: no new tables, 7 new options
| New WordPress options |
|---|
| wordpress-security-txt-options |
| can_compress_scripts |
| widget_theysaidso_widget |
| widget_recent-posts |
| theysaidso_admin_options |
| db_upgraded |
| widget_recent-comments |
Browser metrics Passed 4 tests
wp-security-txt: an overview of browser usage
This plugin has a minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,835 ▲100 | 13.22 ▼1.17 | 1.71 ▼0.05 | 41.36 ▼6.76 |
| Dashboard /wp-admin | 2,227 ▲39 | 5.82 ▲0.93 | 99.92 ▼16.26 | 39.68 ▼5.95 |
| Posts /wp-admin/edit.php | 2,110 ▲21 | 2.04 ▲0.02 | 39.75 ▲0.52 | 35.56 ▲2.50 |
| Add New Post /wp-admin/post-new.php | 1,528 ▲14 | 17.73 ▲0.29 | 672.58 ▼7.17 | 54.82 ▲2.47 |
| Media Library /wp-admin/upload.php | 1,403 ▲15 | 4.28 ▲0.08 | 98.78 ▲4.07 | 43.21 ▼1.30 |
| security.txt /wp-admin/options-general.php?page=wordpress-security-txt | 1,302 | 2.55 | 60.76 | 42.88 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.00MB] 75% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
The following items require your attention
- This plugin does not fully uninstall, leaving 7 options in the database
- theysaidso_admin_options
- widget_recent-comments
- wordpress-security-txt-options
- db_upgraded
- widget_theysaidso_widget
- can_compress_scripts
- widget_recent-posts
Smoke tests 50% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | This is a short smoke test looking for server-side errors
The smoke test was a success, however most plugin functionality was not tested
SRP 0% from 2 tests
🔹 Tests weight: 20 | SRP (Single-Responsibility Principle) - PHP files must act as libraries and never output text or perform any action when accessed directly in a browser
Please take a closer look at the following
- 3× PHP files output non-empty strings when accessed directly via GET requests:
- > /wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-section-directives.php
- > /wp-content/plugins/wp-security-txt/public/partials/wordpress-security-txt-public-display.php
- > /wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-section-general.php
- 20× PHP files trigger server errors when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-field-select.php:23
- > PHP Warning
Use of undefined constant DB_HOST - assumed 'DB_HOST' (this will throw an Error in a future version of PHP) in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-section-debug.php on line 23
- > PHP Fatal error
Uncaught Error: Class 'WordPress_Security_Txt_Admin' not found in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-section-debug.php:27
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-field-repeater.php:30
- > PHP Notice
Undefined variable: setatts in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-field-repeater.php on line 27
- > PHP Fatal error
Uncaught Error: Call to undefined function esc_attr() in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-field-text.php:19
- > PHP Warning
Use of undefined constant WORDPRESS_SECURITY_TXT_VERSION - assumed 'WORDPRESS_SECURITY_TXT_VERSION' (this will throw an Error in a future version of PHP) in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-page-help.php on line 29
- > PHP Notice
Undefined variable: count in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-field-repeater.php on line 23
- > PHP Fatal error
Uncaught Error: Interface 'AustinHeap\\Security\\Txt\\SecurityTxtInterface' not found in wp-content/plugins/wp-security-txt/lib/src/SecurityTxt.php:27
- > PHP Fatal error
Uncaught Error: Call to undefined function plugin_dir_path() in wp-content/plugins/wp-security-txt/admin/partials/wordpress-security-txt-page-help.php:40
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | This is just a short smoke test looking for browser issues
No browser errors were detected
Optimizations
Plugin configuration 93% from 29 tests
readme.txt Passed 16 tests
It's important to format your readme.txt file correctly as it is parsed for the public listing of your plugin
6 plugin tags: security, netsec, infosec, responsible disclosure, securitytxt...
wp-security-txt/wordpress-security-txt.php 85% from 13 tests
The entry point to "wp-security-txt" version 1.0.0 is a PHP file that has certain tags in its header comment area
It is important to fix the following:
- Main file name: The principal plugin file should be the same as the plugin slug ("wp-security-txt.php" instead of "wordpress-security-txt.php")
- Text Domain: You no longer need to specify the text domain since WordPress 4.6; it must be the same as the plugin slug
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
No dangerous file extensions were detected3,262 lines of code in 60 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 34 | 453 | 1,587 | 1,802 |
| PO File | 17 | 425 | 595 | 952 |
| JavaScript | 4 | 64 | 27 | 176 |
| Sass | 1 | 23 | 0 | 137 |
| CSS | 1 | 6 | 1 | 105 |
| Markdown | 3 | 26 | 0 | 90 |
PHP code Passed 2 tests
This is a very shot review of cyclomatic complexity and code structure
No cyclomatic complexity issues were detected for this plugin
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.37 |
| Average class complexity | 10.06 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 36.00 |
| Average method complexity | 2.25 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 27.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 2 | |
| Interfaces | 1 | |
| Traits | 4 | |
| Classes | 13 | |
| ▷ Abstract classes | 0 | 0.00% |
| ▷ Concrete classes | 13 | 100.00% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 132 | |
| ▷ Static methods | 11 | 8.33% |
| ▷ Public methods | 114 | 86.36% |
| ▷ Protected methods | 0 | 0.00% |
| ▷ Private methods | 18 | 13.64% |
| Functions | 3 | |
| ▷ Named functions | 3 | 100.00% |
| ▷ Anonymous functions | 0 | 0.00% |
| Constants | 5 | |
| ▷ Global constants | 3 | 60.00% |
| ▷ Class constants | 2 | 40.00% |
| ▷ Public constants | 2 | 100.00% |
Plugin size Passed 2 tests
Image compression Passed 2 tests
All PNG images should be compressed to minimize bandwidth usage for end users
There are no PNG files in this plugin