Autoptimize speeds up your website by optimizing JS, CSS, images (incl. lazy-load), HTML and Google Fonts, asyncing JS, removing emoji cruft and more.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
288
9 issue groups
Maintainability
140
14 issue groups
I18n
17
2 issue groups
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_ao_ccss_review_notice_copy'.115
- Category
- Security
- Occurrences
- 115
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$_ao_ccss_review_notice_copy'.
ERRORSecuritySetting is missing a sanitization callbackSanitization missing for register_setting().49
- Category
- Security
- Occurrences
- 49
- Severity
- error
Sample message
Sanitization missing for register_setting().
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ao_ccss_review_notice_copy".36
- Category
- Maintainability
- Occurrences
- 36
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_ao_ccss_review_notice_copy".
ERRORSecurityUnsafe printing functionAll output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.29
- Category
- Security
- Occurrences
- 29
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_FILES['file']['error']29
- Category
- Security
- Occurrences
- 29
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_FILES['file']['error']
WARNINGSecurityRequest data is not unslashed$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar29
- Category
- Security
- Occurrences
- 29
- Severity
- warning
Sample message
$_GET['page'] not unslashed before sanitization. Use wp_unslash() or similar
ERRORMaintainabilityparse url parse urlparse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.19
- Category
- Maintainability
- Occurrences
- 19
- Severity
- error
Sample message
parse_url() is discouraged because of inconsistency in the output across PHP versions; use wp_parse_url() instead.
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_FILES['file']['error']. Check that the array index exists before using it.15
- Category
- Security
- Occurrences
- 15
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_FILES['file']['error']. Check that the array index exists before using it.
WARNINGSecurityNonce verification recommendedProcessing form data without nonce verification.14
- Category
- Security
- Occurrences
- 14
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "AO_CCSS_API".13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "AO_CCSS_API".
Show 15 moreShow less
ERRORMaintainabilityunlink unlink11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORMaintainabilityMissing direct file access protection11
- Category
- Maintainability
- Occurrences
- 11
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
ERRORI18nMissing Translators Comment9
- Category
- I18n
- Occurrences
- 9
- Severity
- error
Sample message
A function call to esc_html__() with texts containing placeholders was found, but was not accompanied by a "translators:" comment on the line above to clarify the meaning of the placeholders.
WARNINGMaintainabilityerror log print r8
- Category
- Maintainability
- Occurrences
- 8
- Severity
- warning
Sample message
print_r() found. Debug code should not normally be used in production.
ERRORI18nMissing Arg Domain8
- Category
- I18n
- Occurrences
- 8
- Severity
- error
Sample message
Missing $domain parameter in function call to esc_html__().
WARNINGMaintainabilityDirect Query7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Use of a direct database call is discouraged.
WARNINGMaintainabilityNo Caching7
- Category
- Maintainability
- Occurrences
- 7
- Severity
- warning
Sample message
Direct database call without caching detected. Consider using wp_cache_get() / wp_cache_set() or wp_cache_delete().
WARNINGMaintainabilityNon-prefixed class6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "AO_Minify_HTML".
WARNINGMaintainabilityNon-prefixed function6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "ao_ccss_render_adv".
WARNINGMaintainabilityerror log error log5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- warning
Sample message
error_log() found. Debug code should not normally be used in production.
ERRORSecurityException output is not escaped5
- Category
- Security
- Occurrences
- 5
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '": {$pattern}"'.
ERRORMaintainabilityForbidden PHP function found4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- error
Sample message
The use of function move_uploaded_file() is forbidden
WARNINGMaintainabilityNon-prefixed hook name4
- Category
- Maintainability
- Occurrences
- 4
- Severity
- warning
Sample message
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "ao_ccss_queue_schedule".
ERRORMaintainabilityPlugin Directory Write3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
Plugin folders are deleted when upgraded. Do not save data to the plugin folder using file_put_contents(). Detected usage of __FILE__ or __DIR__ magic constant. Use wp_upload_dir() to get the uploads directory path or save to the database instead.
WARNINGSecurityMissing nonce verification3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
Score History
First score snapshot
v3.1.15.1
23
Latest
- Findings
- 479
- Errors
- 288
- Warnings
- 191
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 23 | 479 | 288 | 191 | v3.1.15.1 | 2.0.0 |
Related Plugins
10k+ active installs
2k+ active installs
60k+ active installs
100k+ active installs
20k+ active installs
50k+ active installs