Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
This plugin's installer ran successfully
Server metrics [RAM: ▲1.67MB] [CPU: ▲11.57ms] Passed 4 tests
Server-side resources used by WPScan - WordPress Security Scanner
This plugin has minimal impact on server resources
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 5.12 ▲1.65 | 59.33 ▲21.01 |
| Dashboard /wp-admin | 4.98 ▲1.67 | 62.35 ▲12.30 |
| Posts /wp-admin/edit.php | 5.03 ▲1.67 | 60.39 ▲12.12 |
| Add New Post /wp-admin/post-new.php | 7.58 ▲1.69 | 93.27 ▲0.85 |
| Media Library /wp-admin/upload.php | 4.90 ▲1.67 | 68.10 ▲35.43 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 5.05 | 66.53 |
| Report /wp-admin/admin.php?page=wpscan | 4.91 | 50.69 |
| Settings /wp-admin/admin.php?page=wpscan_settings | 4.83 | 49.85 |
Server storage [IO: ▲7.80MB] [DB: ▲0.08MB] Passed 3 tests
Filesystem and database footprint
There were no storage issued detected upon installing this plugin
Filesystem: 194 new files
Database: 4 new tables, 10 new options
| New tables |
|---|
| wp_actionscheduler_groups |
| wp_actionscheduler_actions |
| wp_actionscheduler_claims |
| wp_actionscheduler_logs |
| New WordPress options |
|---|
| widget_recent-comments |
| db_upgraded |
| schema-ActionScheduler_LoggerSchema |
| theysaidso_admin_options |
| widget_theysaidso_widget |
| action_scheduler_hybrid_store_demarkation |
| widget_recent-posts |
| can_compress_scripts |
| schema-ActionScheduler_StoreSchema |
| action_scheduler_lock_async-request-runner |
Browser metrics Passed 4 tests
This is an overview of browser requirements for WPScan - WordPress Security Scanner
Minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 2,908 ▲147 | 14.17 ▼0.25 | 2.23 ▲0.64 | 40.66 ▲4.95 |
| Dashboard /wp-admin | 2,277 ▲99 | 5.73 ▲0.09 | 82.59 ▼18.22 | 71.51 ▲31.87 |
| Posts /wp-admin/edit.php | 2,162 ▲65 | 2.15 ▲0.14 | 35.64 ▲1.66 | 35.02 ▼1.18 |
| Add New Post /wp-admin/post-new.php | 1,734 ▲206 | 22.32 ▼0.82 | 775.45 ▲108.05 | 44.17 ▼10.87 |
| Media Library /wp-admin/upload.php | 1,462 ▲59 | 4.13 ▼0.23 | 101.81 ▲7.31 | 65.10 ▲21.44 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 1,280 | 1.83 | 26.28 | 30.19 |
| Report /wp-admin/admin.php?page=wpscan | 1,577 | 3.69 | 59.39 | 28.12 |
| Settings /wp-admin/admin.php?page=wpscan_settings | 998 | 1.68 | 25.79 | 26.92 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.08MB] 50% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
Please fix the following items
- Zombie tables were found after uninstall: 4 tables
- wp_actionscheduler_actions
- wp_actionscheduler_groups
- wp_actionscheduler_logs
- wp_actionscheduler_claims
- This plugin does not fully uninstall, leaving 10 options in the database
- theysaidso_admin_options
- can_compress_scripts
- action_scheduler_hybrid_store_demarkation
- widget_recent-comments
- widget_theysaidso_widget
- schema-ActionScheduler_LoggerSchema
- schema-ActionScheduler_StoreSchema
- db_upgraded
- action_scheduler_lock_async-request-runner
- widget_recent-posts
Smoke tests 75% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | This is a shallow check for server-side errors
Good news, no errors were detected
SRP 50% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle applies for WordPress plugins as well - please make sure your PHP files perform no actions when accessed directly
Please take a closer look at the following
- 73× PHP files trigger server errors when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_SimpleSchedule' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/schedules/ActionScheduler_CanceledSchedule.php:6
- > PHP Fatal error
Uncaught Error: Class 'CronExpression_AbstractField' not found in wp-content/plugins/wpscan/libraries/action-scheduler/lib/cron-expression/CronExpression_HoursField.php:8
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/procedural_api/procedural_api_Test.php:6
- > PHP Fatal error
Uncaught Error: Class 'WP_CLI_Command' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/WP_CLI/Migration_Command.php:22
- > PHP Fatal error
Uncaught Error: Class 'Action_Scheduler\\Migration\\ActionMigrator' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/migration/DryRun_ActionMigrator.php:15
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/migration/Config_Test.php:9
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_SimpleSchedule' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/schedules/ActionScheduler_NullSchedule.php:6
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_Abstract_QueueRunner' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/ActionScheduler_QueueRunner.php:6
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/migration/LogMigrator_Test.php:9
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/logging/ActionScheduler_wpCommentLogger_Test.php:7
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues
There were no browser issues found
Optimizations
Plugin configuration 97% from 29 tests
readme.txt 94% from 16 tests
The readme.txt file is important because it is parsed by WordPress.org for the public listing of your plugin
Attributes that need to be fixed:
- Screenshots: Please add images for these screenshots: #1 (List of vulnerabilities and icon at Admin Bar.), #2 (Notification settings.), #3 (Site health page.)
wpscan/wpscan.php Passed 13 tests
The main file in "WPScan - WordPress Security Scanner" v. 1.15.7 serves as a complement to information provided in readme.txt and as the entry point to the plugin
126 characters long description:
WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | Executable files are considered dangerous and should not be included with any WordPress plugin
Everything looks great! No dangerous files found in this plugin14,474 lines of code in 173 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 142 | 2,948 | 6,214 | 10,873 |
| JSON | 6 | 0 | 0 | 2,247 |
| JavaScript | 8 | 80 | 68 | 664 |
| CSS | 3 | 53 | 7 | 274 |
| Bourne Shell | 2 | 30 | 22 | 137 |
| XML | 3 | 7 | 3 | 85 |
| HTML | 2 | 8 | 0 | 52 |
| SVG | 3 | 0 | 0 | 49 |
| Sass | 1 | 10 | 0 | 47 |
| YAML | 3 | 10 | 9 | 46 |
PHP code Passed 2 tests
Analyzing cyclomatic complexity and code structure
Great job! No cyclomatic complexity issues were detected in this plugin
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.24 |
| Average class complexity | 9.97 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 88.00 |
| Average method complexity | 2.31 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 26.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 5 | |
| Interfaces | 3 | |
| Traits | 0 | |
| Classes | 126 | |
| ▷ Abstract classes | 16 | 12.70% |
| ▷ Concrete classes | 110 | 87.30% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 911 | |
| ▷ Static methods | 67 | 7.35% |
| ▷ Public methods | 753 | 82.66% |
| ▷ Protected methods | 135 | 14.82% |
| ▷ Private methods | 23 | 2.52% |
| Functions | 35 | |
| ▷ Named functions | 18 | 51.43% |
| ▷ Anonymous functions | 17 | 48.57% |
| Constants | 53 | |
| ▷ Global constants | 21 | 39.62% |
| ▷ Class constants | 32 | 60.38% |
| ▷ Public constants | 32 | 100.00% |
Plugin size 50% from 2 tests
Image compression 50% from 2 tests
PNG files should be compressed to save space and minimize bandwidth usage
9 PNG files occupy 0.78MB with 0.36MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| screenshot-2.png | 112.38KB | 35.89KB | ▼ 68.07% |
| screenshot-3.png | 217.60KB | 58.64KB | ▼ 73.05% |
| screenshot-1.png | 448.65KB | 128.47KB | ▼ 71.37% |
| libraries/action-scheduler/docs/mstile-150x150.png | 4.15KB | 3.67KB | ▼ 11.47% |
| libraries/action-scheduler/docs/favicon-16x16.png | 0.39KB | 0.38KB | ▼ 3.02% |