A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.
Category Scores
Issues to Review
Prioritized issue groups from the latest Plugin Check scan
Security
203
10 issue groups
Maintainability
179
14 issue groups
I18n
4
1 issue group
WARNINGMaintainabilityNon-prefixed constantGlobal constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DECLARED_FORM".69
- Category
- Maintainability
- Occurrences
- 69
- Severity
- warning
Sample message
Global constants defined by a theme/plugin should start with the theme/plugin prefix. Found: "DECLARED_FORM".
ERRORSecurityException output is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" Given $type"'.44
- Category
- Security
- Occurrences
- 44
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '" Given $type"'.
ERRORSecurityOutput is not escapedAll output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<h1>$h1</h1>"'.43
- Category
- Security
- Occurrences
- 43
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '"<h1>$h1</h1>"'.
WARNINGMaintainabilityNon-prefixed global variableGlobal variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_oc".38
- Category
- Maintainability
- Occurrences
- 38
- Severity
- warning
Sample message
Global variables defined by a theme/plugin should start with the theme/plugin prefix. Found: "$_oc".
WARNINGSecurityRequest data is not unslashed$_GET['files'] not unslashed before sanitization. Use wp_unslash() or similar35
- Category
- Security
- Occurrences
- 35
- Severity
- warning
Sample message
$_GET['files'] not unslashed before sanitization. Use wp_unslash() or similar
WARNINGSecurityInput is not sanitizedDetected usage of a non-sanitized input variable: $_GET['files']33
- Category
- Security
- Occurrences
- 33
- Severity
- warning
Sample message
Detected usage of a non-sanitized input variable: $_GET['files']
WARNINGSecurityInput is not validatedDetected usage of a possibly undefined superglobal array index: $_SERVER['DOCUMENT_ROOT']. Check that the array index exists before using it.17
- Category
- Security
- Occurrences
- 17
- Severity
- warning
Sample message
Detected usage of a possibly undefined superglobal array index: $_SERVER['DOCUMENT_ROOT']. Check that the array index exists before using it.
WARNINGMaintainabilityNon-prefixed classClasses declared by a theme/plugin should start with the theme/plugin prefix. Found: "CSSmin".15
- Category
- Maintainability
- Occurrences
- 15
- Severity
- warning
Sample message
Classes declared by a theme/plugin should start with the theme/plugin prefix. Found: "CSSmin".
ERRORMaintainabilityMissing direct file access protectionPHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;13
- Category
- Maintainability
- Occurrences
- 13
- Severity
- error
Sample message
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
WARNINGSecurityInput is not validated or sanitizedDetected usage of a non-sanitized, non-validated input variable _SERVER: "{$_SERVER['REQUEST_TIME']}|{$data}"10
- Category
- Security
- Occurrences
- 10
- Severity
- warning
Sample message
Detected usage of a non-sanitized, non-validated input variable _SERVER: "{$_SERVER['REQUEST_TIME']}|{$data}"
Show 15 moreShow less
WARNINGSecurityNonce verification recommended9
- Category
- Security
- Occurrences
- 9
- Severity
- warning
Sample message
Processing form data without nonce verification.
WARNINGMaintainabilityerror log trigger error6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- warning
Sample message
trigger_error() found. Debug code should not normally be used in production.
ERRORSecurityHeredoc Output Not Escaped6
- Category
- Security
- Occurrences
- 6
- Severity
- error
Sample message
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found interpolation in unescaped heredoc.
ERRORMaintainabilitycurl curl setopt6
- Category
- Maintainability
- Occurrences
- 6
- Severity
- error
Sample message
Using cURL functions is highly discouraged. Use wp_remote_get() instead.
ERRORMaintainabilityfile system operations fclose5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fclose().
ERRORMaintainabilityfile system operations fopen5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: fopen().
ERRORMaintainabilityfile system operations is writable5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
ERRORMaintainabilityunlink unlink5
- Category
- Maintainability
- Occurrences
- 5
- Severity
- error
Sample message
unlink() is discouraged. Use wp_delete_file() to delete a file.
ERRORI18nMissing Arg Domain4
- Category
- I18n
- Occurrences
- 4
- Severity
- error
Sample message
Missing $domain parameter in function call to __().
WARNINGMaintainabilityDiscouraged PHP function3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
The use of function ini_set() is discouraged
WARNINGMaintainabilityerror log debug backtrace3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
debug_backtrace() found. Debug code should not normally be used in production.
WARNINGMaintainabilityerror log var export3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- warning
Sample message
var_export() found. Debug code should not normally be used in production.
ERRORSecurityUnsafe printing function3
- Category
- Security
- Occurrences
- 3
- Severity
- error
Sample message
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
WARNINGSecurityMissing nonce verification3
- Category
- Security
- Occurrences
- 3
- Severity
- warning
Sample message
Processing form data without nonce verification.
ERRORMaintainabilityfile system operations mkdir3
- Category
- Maintainability
- Occurrences
- 3
- Severity
- error
Sample message
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
External Connections
Not analyzed yet.
Score History
First score snapshot
v2.0.1
22
Latest
- Findings
- 421
- Errors
- 164
- Warnings
- 257
- Check
- 2.0.0
| Scan | Score | Findings | Errors | Warnings | Plugin | Check |
|---|---|---|---|---|---|---|
| Latest | 22 | 421 | 164 | 257 | v2.0.1 | 2.0.0 |
Relationship Map
Author, categories, issues, domains, and nearby plugins.
Relationship links
Author
Issue
Related
Author
Issue
Related
Related Plugins
10k+ active installs
8k+ active installs
4k+ active installs
10k+ active installs
1k+ active installs
70k+ active installs