diff --git a/providers/class-two-factor-backup-codes.php b/providers/class-two-factor-backup-codes.php
index ee6ec2e6..4666a9a2 100644
--- a/providers/class-two-factor-backup-codes.php
+++ b/providers/class-two-factor-backup-codes.php
@@ -244,7 +244,7 @@ private function get_backup_code_length( $user ) {
 	 * @param array   $args Optional arguments for assigning new codes.
 	 * @return array
 	 */
-	public function generate_codes( $user, $args = '' ) {
+	public function generate_codes( $user, $args = array() ) {
 		$codes        = array();
 		$codes_hashed = array();
 
diff --git a/providers/class-two-factor-totp.php b/providers/class-two-factor-totp.php
index d458d990..65fb26c5 100644
--- a/providers/class-two-factor-totp.php
+++ b/providers/class-two-factor-totp.php
@@ -169,7 +169,7 @@ public function enqueue_assets( $hook_suffix ) {
 	 * Rest API endpoint for handling deactivation of TOTP.
 	 *
 	 * @param WP_REST_Request $request The Rest Request object.
-	 * @return array Success array.
+	 * @return WP_Error|array Array of data on success, WP_Error on error.
 	 */
 	public function rest_delete_totp( $request ) {
 		$user_id = $request['user_id'];
@@ -623,15 +623,15 @@ public static function get_authcode_valid_ticktime( $key, $authcode, $hash = sel
 		$ticks = range( - $max_ticks, $max_ticks );
 		usort( $ticks, array( __CLASS__, 'abssort' ) );
 
-		$time = floor( self::time() / $time_step );
+		$time = (int) floor( self::time() / $time_step );
 
 		$digits = strlen( $authcode );
 
 		foreach ( $ticks as $offset ) {
-			$log_time = $time + $offset;
+			$log_time = (int) ( $time + $offset );
 			if ( hash_equals( self::calc_totp( $key, $log_time, $digits, $hash, $time_step ), $authcode ) ) {
 				// Return the tick timestamp.
-				return $log_time * self::DEFAULT_TIME_STEP_SEC;
+				return (int) ( $log_time * self::DEFAULT_TIME_STEP_SEC );
 			}
 		}