Benchmarks
Plugin footprint 65% from 16 tests
Installer Passed 1 test
🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
This plugin's installer ran successfully
Server metrics [RAM: ▲1.65MB] [CPU: ▼128.17ms] Passed 4 tests
Server-side resources used by WPScan - WordPress Security Scanner
This plugin has minimal impact on server resources
| Page | Memory (MB) | CPU Time (ms) |
|---|---|---|
| Home / | 4.45 ▲1.73 | 56.01 ▲27.45 |
| Dashboard /wp-admin | 4.72 ▲1.66 | 66.18 ▲21.56 |
| Posts /wp-admin/edit.php | 4.77 ▲1.66 | 64.00 ▲17.10 |
| Add New Post /wp-admin/post-new.php | 7.07 ▲1.63 | 102.57 ▼567.14 |
| Media Library /wp-admin/upload.php | 4.66 ▲1.66 | 49.40 ▲15.82 |
| Settings /wp-admin/admin.php?page=wpscan_settings | 4.65 | 48.61 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 4.81 | 59.54 |
| Report /wp-admin/admin.php?page=wpscan | 4.69 | 56.89 |
Server storage [IO: ▲7.79MB] [DB: ▲0.01MB] Passed 3 tests
Filesystem and database footprint
There were no storage issued detected upon installing this plugin
Filesystem: 193 new files
Database: 4 new tables, 4 new options
| New tables |
|---|
| wp_actionscheduler_actions |
| wp_actionscheduler_logs |
| wp_actionscheduler_groups |
| wp_actionscheduler_claims |
| New WordPress options |
|---|
| schema-ActionScheduler_StoreSchema |
| action_scheduler_lock_async-request-runner |
| schema-ActionScheduler_LoggerSchema |
| action_scheduler_hybrid_store_demarkation |
Browser metrics Passed 4 tests
This is an overview of browser requirements for WPScan - WordPress Security Scanner
Minimal impact on browser resources
| Page | Nodes | Memory (MB) | Script (ms) | Layout (ms) |
|---|---|---|---|---|
| Home / | 3,811 ▲215 | 15.92 ▲0.16 | 11.58 ▲1.68 | 45.84 ▼4.12 |
| Dashboard /wp-admin | 3,065 ▲134 | 5.93 ▼0.01 | 155.92 ▲5.68 | 128.43 ▲22.66 |
| Posts /wp-admin/edit.php | 2,818 ▲79 | 2.71 ▼0.01 | 64.73 ▼10.71 | 89.20 ▼3.04 |
| Add New Post /wp-admin/post-new.php | 1,751 ▲251 | 24.08 ▲5.43 | 387.54 ▼9.70 | 110.12 ▲3.53 |
| Media Library /wp-admin/upload.php | 1,812 ▲64 | 4.99 ▲0.00 | 143.08 ▼12.85 | 153.50 ▲35.06 |
| Settings /wp-admin/admin.php?page=wpscan_settings | 1,256 | 2.09 | 53.81 | 75.49 |
| Scheduled Actions /wp-admin/tools.php?page=action-scheduler | 1,628 | 2.24 | 55.64 | 72.07 |
| Report /wp-admin/admin.php?page=wpscan | 2,103 | 4.28 | 90.62 | 92.20 |
Uninstaller [IO: ▲0.00MB] [DB: ▲0.01MB] 50% from 4 tests
🔸 Tests weight: 35 | Verifying that this plugin uninstalls completely without leaving any traces
Please fix the following items
- Zombie tables were found after uninstall: 4 tables
- wp_actionscheduler_actions
- wp_actionscheduler_groups
- wp_actionscheduler_claims
- wp_actionscheduler_logs
- This plugin does not fully uninstall, leaving 4 options in the database
- schema-ActionScheduler_StoreSchema
- schema-ActionScheduler_LoggerSchema
- action_scheduler_hybrid_store_demarkation
- action_scheduler_lock_async-request-runner
Smoke tests 75% from 4 tests
Server-side errors Passed 1 test
🔹 Test weight: 20 | This is a shallow check for server-side errors
Good news, no errors were detected
SRP 50% from 2 tests
🔹 Tests weight: 20 | The single-responsibility principle applies for WordPress plugins as well - please make sure your PHP files perform no actions when accessed directly
Please take a closer look at the following
- 73× PHP files trigger server errors when accessed directly (only 10 are shown):
- > PHP Fatal error
Uncaught Error: Call to undefined function add_action() in wp-content/plugins/wpscan/libraries/action-scheduler/action-scheduler.php:32
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_Logger' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/data-stores/ActionScheduler_wpCommentLogger.php:6
- > PHP Fatal error
Uncaught Error: Class 'CronExpression_AbstractField' not found in wp-content/plugins/wpscan/libraries/action-scheduler/lib/cron-expression/CronExpression_DayOfWeekField.php:18
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_AdminView_Deprecated' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/ActionScheduler_AdminView.php:7
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/jobstore/ActionScheduler_HybridStore_Test.php:14
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_DBStore' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/migration/ActionScheduler_DBStoreMigrator.php:10
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/schedules/ActionScheduler_SimpleSchedule_Test.php:7
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_Abstract_Schema' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/schema/ActionScheduler_LoggerSchema.php:10
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_Abstract_QueueRunner' not found in wp-content/plugins/wpscan/libraries/action-scheduler/classes/WP_CLI/ActionScheduler_WPCLI_QueueRunner.php:10
- > PHP Fatal error
Uncaught Error: Class 'ActionScheduler_UnitTestCase' not found in wp-content/plugins/wpscan/libraries/action-scheduler/tests/phpunit/runner/ActionScheduler_QueueRunner_Test.php:7
- > PHP Fatal error
User-side errors Passed 1 test
🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues
There were no browser issues found
Optimizations
Plugin configuration 97% from 29 tests
readme.txt 94% from 16 tests
The readme.txt file is important because it is parsed by WordPress.org for the public listing of your plugin
Attributes that need to be fixed:
- Screenshots: Please add images for these screenshots: #1 (List of vulnerabilities and icon at Admin Bar.), #2 (Notification settings.), #3 (Site health page.)
wpscan/wpscan.php Passed 13 tests
The main file in "WPScan - WordPress Security Scanner" v. 1.15.5 serves as a complement to information provided in readme.txt and as the entry point to the plugin
126 characters long description:
WPScan WordPress Security Scanner. Scans your system for security vulnerabilities listed in the WPScan Vulnerability Database.
Code Analysis Passed 3 tests
File types Passed 1 test
🔸 Test weight: 35 | Executable files are considered dangerous and should not be included with any WordPress plugin
Everything looks great! No dangerous files found in this plugin14,387 lines of code in 172 files:
| Language | Files | Blank lines | Comment lines | Lines of code |
|---|---|---|---|---|
| PHP | 142 | 2,934 | 6,191 | 10,810 |
| JSON | 6 | 0 | 0 | 2,247 |
| JavaScript | 7 | 75 | 66 | 638 |
| CSS | 3 | 53 | 7 | 274 |
| Bourne Shell | 2 | 30 | 22 | 137 |
| XML | 3 | 7 | 3 | 85 |
| HTML | 2 | 8 | 0 | 52 |
| SVG | 3 | 0 | 0 | 51 |
| Sass | 1 | 10 | 0 | 47 |
| YAML | 3 | 10 | 9 | 46 |
PHP code Passed 2 tests
Analyzing cyclomatic complexity and code structure
Great job! No cyclomatic complexity issues were detected in this plugin
| Cyclomatic complexity | |
|---|---|
| Average complexity per logical line of code | 0.24 |
| Average class complexity | 9.91 |
| ▷ Minimum class complexity | 1.00 |
| ▷ Maximum class complexity | 88.00 |
| Average method complexity | 2.31 |
| ▷ Minimum method complexity | 1.00 |
| ▷ Maximum method complexity | 26.00 |
| Code structure | ||
|---|---|---|
| Namespaces | 5 | |
| Interfaces | 3 | |
| Traits | 0 | |
| Classes | 126 | |
| ▷ Abstract classes | 16 | 12.70% |
| ▷ Concrete classes | 110 | 87.30% |
| ▷ Final classes | 0 | 0.00% |
| Methods | 908 | |
| ▷ Static methods | 67 | 7.38% |
| ▷ Public methods | 750 | 82.60% |
| ▷ Protected methods | 135 | 14.87% |
| ▷ Private methods | 23 | 2.53% |
| Functions | 35 | |
| ▷ Named functions | 18 | 51.43% |
| ▷ Anonymous functions | 17 | 48.57% |
| Constants | 53 | |
| ▷ Global constants | 21 | 39.62% |
| ▷ Class constants | 32 | 60.38% |
| ▷ Public constants | 32 | 100.00% |
Plugin size 50% from 2 tests
Image compression 50% from 2 tests
PNG files should be compressed to save space and minimize bandwidth usage
9 PNG files occupy 0.78MB with 0.42MB in potential savings
Potential savings
| Compression of 5 random PNG files using pngquant | |||
|---|---|---|---|
| File | Size - original | Size - compressed | Savings |
| libraries/action-scheduler/docs/apple-touch-icon.png | 6.77KB | 2.46KB | ▼ 63.68% |
| libraries/action-scheduler/docs/android-chrome-192x192.png | 6.77KB | 2.46KB | ▼ 63.68% |
| screenshot-2.png | 112.38KB | 35.89KB | ▼ 68.07% |
| screenshot-1.png | 448.65KB | 128.47KB | ▼ 71.37% |
| libraries/action-scheduler/docs/android-chrome-256x256.png | 2.93KB | 3.03KB | 0.00% |