72% really-simple-ssl

Code Review | Really Simple SSL

WordPress plugin Really Simple SSL scored72%from 54 tests.

About plugin

  • Plugin page: really-simple-ssl
  • Plugin version: 7.2.0
  • PHP compatiblity: 7.2+
  • PHP version: 7.4.16
  • WordPress compatibility: 5.8-6.4
  • WordPress version: 6.3.1
  • First release: Mar 15, 2015
  • Latest release: Nov 15, 2023
  • Number of updates: 351
  • Update frequency: every 9.0 days
  • Top authors: RogierLankhorst (99.15%)

Code review

54 tests

User reviews

8408 reviews

Install metrics

5,000,000+ active /137,224,137 total downloads

Benchmarks

Plugin footprint 82% from 16 tests

Installer Passed 1 test

🔺 Critical test (weight: 50) | All plugins must install correctly, without throwing any errors, warnings, or notices
This plugin's installer ran successfully

Server metrics [RAM: ▲0.11MB] [CPU: ▼0.42ms] Passed 4 tests

Analyzing server-side resources used by Really Simple SSL
Normal server usage
Page Memory (MB) CPU Time (ms)
Home / 3.52 ▲0.06 36.06 ▼6.55
Dashboard /wp-admin 3.48 ▲0.13 58.06 ▼1.31
Posts /wp-admin/edit.php 3.53 ▲0.17 56.21 ▲7.56
Add New Post /wp-admin/post-new.php 6.01 ▲0.12 95.98 ▼1.40
Media Library /wp-admin/upload.php 3.34 ▲0.11 44.47 ▲9.97
SSL & Security3 /wp-admin/options-general.php?page=really-simple-security 3.34 60.03

Server storage [IO: ▲6.47MB] [DB: ▲0.01MB] 67% from 3 tests

Analyzing filesystem and database footprints of this plugin
It is recommended to fix the following issues
  • You have illegally modified 3 files (4.40KB) outside of "wp-content/plugins/really-simple-ssl/" and "wp-content/uploads/"
    • (new file) "wp-content/plugins/really-simple-ssl/settings/src/utils/Flag/Flags/CwCurac\314\247ao.js"
    • (new file) "wp-content/plugins/really-simple-ssl/settings/src/utils/Flag/Flags/CwCura\303\247ao.js"
    • (modified) wp-config.php
Filesystem: 749 new files
Database: no new tables, 10 new options
New WordPress options
theysaidso_admin_options
rsssl_plusone_count
widget_recent-comments
rsssl_show_onboarding
rsssl_admin_notices
widget_theysaidso_widget
rsssl_options
db_upgraded
can_compress_scripts
widget_recent-posts

Browser metrics Passed 4 tests

Checking browser requirements for Really Simple SSL
This plugin has a minimal impact on browser resources
Page Nodes Memory (MB) Script (ms) Layout (ms)
Home / 2,824 ▲62 14.05 ▼0.66 1.53 ▼0.13 40.90 ▼4.94
Dashboard /wp-admin 2,232 ▲58 5.59 ▼0.06 92.76 ▼8.67 42.73 ▼1.66
Posts /wp-admin/edit.php 2,135 ▲35 2.01 ▲0.06 39.92 ▼0.83 39.59 ▲5.93
Add New Post /wp-admin/post-new.php 1,538 ▲12 23.29 ▼0.42 619.25 ▼16.85 52.07 ▲0.32
Media Library /wp-admin/upload.php 1,431 ▲37 4.26 ▲0.04 99.44 ▼2.32 43.06 ▲1.94
SSL & Security3 /wp-admin/options-general.php?page=really-simple-security 1,947 8.31 261.70 90.84

Uninstaller [IO: ▲0.00MB] [DB: ▲0.01MB] 75% from 4 tests

🔸 Tests weight: 35 | The uninstall procedure must remove all plugin files and extra database tables
You still need to fix the following
  • The uninstall procedure has failed, leaving 8 options in the database
    • db_upgraded
    • rsssl_show_onboarding
    • widget_recent-posts
    • theysaidso_admin_options
    • widget_theysaidso_widget
    • rsssl_options
    • can_compress_scripts
    • widget_recent-comments

Smoke tests 25% from 4 tests

Server-side errors 0% from 1 test

🔹 Test weight: 20 | This is a short smoke test looking for server-side errors
Please fix the following server-side errors
    • > GET request to /wp-admin/options-general.php?page=really-simple-security
    • > Warning in wp-content/plugins/really-simple-ssl/lets-encrypt/functions.php+222
    fsockopen(): unable to connect to 127.0.0.1:8443 (Connection refused)
    • > GET request to /wp-admin/options-general.php?page=really-simple-security
    • > Warning in wp-content/plugins/really-simple-ssl/lets-encrypt/functions.php+222
    fsockopen(): unable to connect to 127.0.0.1:2222 (Connection refused)

SRP 0% from 2 tests

🔹 Tests weight: 20 | A shallow check of the single-responsibility principle; PHP files should perform no action - including output of placeholder text - and trigger no errors when accessed directly
Please take a closer look at the following
  • 9× PHP files perform the task of outputting text when accessed with GET requests:
    • > /wp-content/plugins/really-simple-ssl/class-server.php
    • > /wp-content/plugins/really-simple-ssl/class-mixed-content-fixer.php
    • > /wp-content/plugins/really-simple-ssl/rlrsssl-really-simple-ssl.php
    • > /wp-content/plugins/really-simple-ssl/security/tests/code-execution.php
    • > /wp-content/plugins/really-simple-ssl/security/wordpress/disable-xmlrpc.php
    • > /wp-content/plugins/really-simple-ssl/ssl-test-page.php
    • > /wp-content/plugins/really-simple-ssl/class-front-end.php
    • > /wp-content/plugins/really-simple-ssl/lets-encrypt/class-letsencrypt-handler.php
    • > /wp-content/plugins/really-simple-ssl/class-cache.php
  • 6× PHP files trigger errors when accessed directly with GET requests:
    • > PHP Fatal error
      Uncaught Error: Call to undefined function add_filter() in wp-content/plugins/really-simple-ssl/lets-encrypt/config/notices.php:154
    • > PHP Fatal error
      require_once(): Failed opening required 'rsssl_le_pathvendor/autoload.php' (include_path='.:/usr/share/php') in wp-content/plugins/really-simple-ssl/lets-encrypt/integrations/plesk/plesk.php on line 28
    • > PHP Warning
      require_once(rsssl_le_pathvendor/autoload.php): failed to open stream: No such file or directory in wp-content/plugins/really-simple-ssl/lets-encrypt/integrations/plesk/plesk.php on line 28
    • > PHP Fatal error
      Uncaught Error: Class 'PleskX\\Api\\Struct' not found in wp-content/plugins/really-simple-ssl/lets-encrypt/vendor/plesk/api-php-lib/src/Api/Struct/SecretKey/Info.php:6
    • > PHP Fatal error
      Uncaught Error: Call to undefined function add_filter() in wp-content/plugins/really-simple-ssl/lets-encrypt/config/fields.php:39
    • > PHP Warning
      Use of undefined constant rsssl_le_path - assumed 'rsssl_le_path' (this will throw an Error in a future version of PHP) in wp-content/plugins/really-simple-ssl/lets-encrypt/integrations/plesk/plesk.php on line 28

User-side errors Passed 1 test

🔹 Test weight: 20 | This is a smoke test targeting browser errors/issues
No browser errors were detected

Optimizations

Plugin configuration 96% from 29 tests

readme.txt Passed 16 tests

Don't ignore readme.txt as it is the file that instructs WordPress.org on how to present your plugin to the world
10 plugin tags: hsts, website security, secure socket layers, secure website, force ssl...

really-simple-ssl/rlrsssl-really-simple-ssl.php 92% from 13 tests

The main PHP file in "Really Simple SSL" ver. 7.2.0 adds more information about the plugin and also serves as the entry point for this plugin
Please make the necessary changes and fix the following:
  • Main file name: It is recommended to name the main PHP file as the plugin slug ("really-simple-ssl.php" instead of "rlrsssl-really-simple-ssl.php")

Code Analysis Passed 3 tests

File types Passed 1 test

🔸 Test weight: 35 | This is an overview of file extensions present in this plugin and a short test that no dangerous files are bundled with this plugin
Everything looks great! No dangerous files found in this plugin58,632 lines of code in 690 files:
Language Files Blank lines Comment lines Lines of code
JavaScript 401 1,173 705 29,591
PHP 197 3,751 4,809 20,733
CSS 11 708 72 3,682
Sass 56 446 310 3,645
HTML 4 107 59 384
JSON 5 0 0 211
LESS 1 30 0 152
Markdown 4 70 0 142
XML 2 2 1 47
YAML 4 3 0 31
Bourne Shell 1 1 1 6
Dockerfile 1 1 0 5
SVG 3 0 0 3

PHP code Passed 2 tests

A short review of cyclomatic complexity and code structure
Everything seems fine, there were no complexity issues found
Cyclomatic complexity
Average complexity per logical line of code 0.46
Average class complexity 13.76
▷ Minimum class complexity 1.00
▷ Maximum class complexity 432.00
Average method complexity 3.27
▷ Minimum method complexity 1.00
▷ Maximum method complexity 46.00
Code structure
Namespaces 34
Interfaces 0
Traits 1
Classes 146
▷ Abstract classes 13 8.90%
▷ Concrete classes 133 91.10%
▷ Final classes 0 0.00%
Methods 818
▷ Static methods 68 8.31%
▷ Public methods 702 85.82%
▷ Protected methods 45 5.50%
▷ Private methods 71 8.68%
Functions 215
▷ Named functions 189 87.91%
▷ Anonymous functions 26 12.09%
Constants 51
▷ Global constants 21 41.18%
▷ Class constants 30 58.82%
▷ Public constants 25 83.33%

Plugin size Passed 2 tests

Image compression Passed 2 tests

Often times overlooked, PNG files can occupy unnecessary space in your plugin
4 PNG files occupy 0.04MB with 0.02MB in potential savings
Potential savings
Compression of 4 random PNG files using pngquant
File Size - original Size - compressed Savings
assets/img/icon.png 19.04KB 9.61KB ▼ 49.54%
upgrade/img/really-simple-ssl.png 11.96KB 6.41KB ▼ 46.40%
upgrade/img/complianz-gdpr.png 4.47KB 1.85KB ▼ 58.71%
upgrade/img/burst.png 5.13KB 2.20KB ▼ 57.17%