WP-Safety

Admin Optimizer Security & Risk Analysis

wordpress.org/plugins/admin-optimizer

SMTP Email, Two-factor Authentication, Custom Post Status, SVG File upload, Custom Login URL, Limit Login Attempts, Lock Modified Date, Database clean …

10 active installs v1.6.0 PHP 7.4.0+ WP 5.5+ Updated Mar 10, 2026
all-in-one-plugindisable-featuresenhancementsoptimizationssecurity
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Admin Optimizer Safe to Use in 2026?

Generally Safe

Score 100/100

Admin Optimizer has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The "admin-optimizer" plugin v1.6.0 exhibits a strong security posture based on the static analysis. The absence of known CVEs and a clean vulnerability history are positive indicators. Furthermore, the code demonstrates excellent practices in output escaping, with 100% of outputs properly escaped, and a high percentage of SQL queries utilizing prepared statements. The presence of nonces and capability checks on a significant number of entry points (31 nonces, 26 capability checks) across its 8 AJAX handlers also suggests a robust approach to access control.

However, a specific area of concern lies within the taint analysis. While no critical or high-severity issues were identified, the presence of 6 "flows with unsanitized paths" is noteworthy. Although the severity is not explicitly stated as high, unsanitized paths can potentially lead to various vulnerabilities if exploited. The plugin also bundles Select2, which, while a common library, could present a risk if it's an outdated version and has known vulnerabilities not reflected in the plugin's direct CVE history.

In conclusion, the plugin demonstrates good security hygiene, particularly in output handling and access control for its AJAX endpoints. The vulnerability history is excellent, suggesting a well-maintained codebase. The primary concern is the identified taint flows with unsanitized paths, which warrant further investigation by the developers to ensure these paths are adequately secured. The potential for a bundled library to introduce vulnerabilities, though not directly evidenced, is a standard consideration.

Key Concerns

  • Taint flows with unsanitized paths found
  • Bundled library (Select2) detected
Vulnerabilities
None known

Admin Optimizer Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 17, 2026

Admin Optimizer Code Analysis

Dangerous Functions
0
Raw SQL Queries
6
51 prepared
Unescaped Output
2
840 escaped
Nonce Checks
31
Capability Checks
26
File Operations
5
External Requests
0
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

89% prepared57 total queries

Output Escaping

100% escaped842 total outputs
Data Flows
6 unsanitized

Data Flow Analysis

8 flows6 with unsanitized paths
handle_post_data (modules\custom-post-status\settings\poststatus-settings.php:244)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Admin Optimizer Attack Surface

Entry Points8
Unprotected0

AJAX Handlers 8

authwp_ajax_adminoptim_2fa_user_settingsmodules\2fa\settings\two-factor-authentication-settings.php:32
authwp_ajax_adminoptim-setup-2famodules\2fa\settings\two-factor-authentication-user-settings.php:41
authwp_ajax_adminoptim-reset-2famodules\2fa\settings\two-factor-authentication-user-settings.php:42
authwp_ajax_adminoptim-generate-recovery-codemodules\2fa\settings\two-factor-authentication-user-settings.php:43
authwp_ajax_adminoptim_login_actionmodules\block-login\block-login.php:69
authwp_ajax_adminoptim_clean_db_nowmodules\db-cleaner\db-cleaner.php:53
authwp_ajax_adminoptim_import_settingsmodules\export-import\export-import.php:45
authwp_ajax_adminoptim_smtp_email_testmodules\smtp-email\settings\smtp-email-settings.php:23
WordPress Hooks 171
actionadmin_initadmin\admin-settings.php:35
actionadmin_enqueue_scriptsadmin\admin-settings.php:36
actionadminoptimizer_add_submenu_pageadmin\admin-settings.php:37
actionadmin_menuadmin\bootstrap.php:114
actionplugins_loadedadmin-optimizer.php:76
filterwp_robotsmodules\2fa\includes\wp-2fa-login.php:37
actionlogin_headmodules\2fa\includes\wp-2fa-login.php:38
actionlogin_headmodules\2fa\includes\wp-2fa-login.php:40
actionlogin_footermodules\2fa\includes\wp-2fa-login.php:58
actionadmin_initmodules\2fa\settings\two-factor-authentication-settings.php:30
actionadmin_enqueue_scriptsmodules\2fa\settings\two-factor-authentication-settings.php:31
actionshow_user_profilemodules\2fa\settings\two-factor-authentication-user-settings.php:38
actionedit_user_profilemodules\2fa\settings\two-factor-authentication-user-settings.php:39
actionadmin_enqueue_scriptsmodules\2fa\settings\two-factor-authentication-user-settings.php:40
actionadminoptimizer_add_submenu_pagemodules\2fa\two-factor-authentication.php:65
actionwp_loginmodules\2fa\two-factor-authentication.php:66
actionlogin_form_validate_2famodules\2fa\two-factor-authentication.php:67
filtershake_error_codesmodules\2fa\two-factor-authentication.php:68
filtermanage_users_columnsmodules\2fa\two-factor-authentication.php:70
actionmanage_users_custom_columnmodules\2fa\two-factor-authentication.php:71
filterlogin_errorsmodules\2fa\two-factor-authentication.php:224
actionadminoptimizer_add_submenu_pagemodules\ads-robots-txt\ads-robots-txt.php:46
actioninitmodules\ads-robots-txt\ads-robots-txt.php:47
filterrobots_txtmodules\ads-robots-txt\ads-robots-txt.php:48
actionadmin_initmodules\ads-robots-txt\settings\ads-robots-txt-settings.php:29
actionadmin_enqueue_scriptsmodules\auto-open-advanced\auto-open-advanced.php:22
actionadminoptimizer_add_submenu_pagemodules\block-login\block-login.php:64
actionwp_login_failedmodules\block-login\block-login.php:65
filterwp_authenticate_usermodules\block-login\block-login.php:66
filtershake_error_codesmodules\block-login\block-login.php:67
filterlogin_errorsmodules\block-login\block-login.php:68
filterlogin_messagemodules\block-login\block-login.php:70
actionadmin_initmodules\block-login\settings\block-login-settings.php:20
actionadmin_enqueue_scriptsmodules\block-login\settings\block-login-settings.php:21
filteradminoptimizer_settings_navtabmodules\content-management\content-management.php:46
filteradminoptimizer_settings_sectionsmodules\content-management\content-management.php:47
actioninitmodules\content-management\content-management.php:61
filterblock_editor_settings_allmodules\content-management\content-management.php:67
actionadminoptimizer_add_submenu_pagemodules\custom-login-url\custom-login-url.php:62
actionwp_loadedmodules\custom-login-url\custom-login-url.php:66
filtersite_urlmodules\custom-login-url\custom-login-url.php:67
filteradminoptim_is_login_pagemodules\custom-login-url\custom-login-url.php:111
filteradminoptim_is_login_pagemodules\custom-login-url\custom-login-url.php:123
filteradminoptim_is_login_pagemodules\custom-login-url\custom-login-url.php:129
actionadmin_initmodules\custom-login-url\settings\custom-login-url-settings.php:29
actioninitmodules\custom-post-status\post-status.php:42
actionadminoptimizer_add_submenu_pagemodules\custom-post-status\post-status.php:43
filterdisplay_post_statesmodules\custom-post-status\post-status.php:46
actionadmin_enqueue_scriptsmodules\custom-post-status\post-status.php:48
actionenqueue_block_editor_assetsmodules\custom-post-status\post-status.php:49
actionadmin_enqueue_scriptsmodules\custom-post-status\settings\poststatus-settings.php:31
actionadminoptimizer_add_submenu_pagemodules\custom-post-types\post-types.php:51
actioninitmodules\custom-post-types\post-types.php:53
actionadmin_enqueue_scriptsmodules\custom-post-types\settings\post-types-settings.php:35
actionadmin_enqueue_scriptsmodules\custom-taxonomies\settings\taxonomies-settings.php:34
actionadminoptimizer_add_submenu_pagemodules\custom-taxonomies\taxonomies.php:56
actioninitmodules\custom-taxonomies\taxonomies.php:58
actionadminoptimizer_add_submenu_pagemodules\db-cleaner\db-cleaner.php:51
actioninitmodules\db-cleaner\db-cleaner.php:55
actionadminoptim_database_cleanupmodules\db-cleaner\db-cleaner.php:56
actionadminoptim_database_remnant_cleanupmodules\db-cleaner\db-cleaner.php:57
actionadminoptim_deactivate_pluginmodules\db-cleaner\db-cleaner.php:59
actionadmin_initmodules\db-cleaner\settings\db-cleaner-settings.php:29
actionadmin_enqueue_scriptsmodules\db-cleaner\settings\db-cleaner-settings.php:30
filteradminoptimizer_settings_navtabmodules\disable-features\disable-features.php:39
filteradminoptimizer_settings_sectionsmodules\disable-features\disable-features.php:40
filterwp_resource_hintsmodules\disable-features\disable-features.php:64
actionwp_default_scriptsmodules\disable-features\disable-features.php:67
actionwpmodules\disable-features\disable-features.php:69
filterdo_redirect_guess_404_permalinkmodules\disable-features\disable-features.php:71
filtergutenberg_can_edit_postmodules\disable-features\disable-features.php:74
filteruse_block_editor_for_postmodules\disable-features\disable-features.php:75
actiontemplate_redirectmodules\disable-features\disable-features.php:77
filterbulk_actions-usersmodules\disable-user-account\disable-user-account.php:20
actionrestrict_manage_usersmodules\disable-user-account\disable-user-account.php:21
filterhandle_bulk_actions-usersmodules\disable-user-account\disable-user-account.php:22
filtermanage_users_columnsmodules\disable-user-account\disable-user-account.php:23
actionmanage_users_custom_columnmodules\disable-user-account\disable-user-account.php:24
filteruser_row_actionsmodules\disable-user-account\disable-user-account.php:25
actionadmin_post_adminoptim-disable-user-accountmodules\disable-user-account\disable-user-account.php:26
actionadmin_post_adminoptim-enable-user-accountmodules\disable-user-account\disable-user-account.php:27
filterwp_authenticate_usermodules\disable-user-account\disable-user-account.php:28
actionadminoptimizer_add_submenu_pagemodules\export-import\export-import.php:43
actionadmin_initmodules\export-import\export-import.php:44
actionadmin_initmodules\export-import\settings\export-import-settings.php:19
actionadmin_enqueue_scriptsmodules\export-import\settings\export-import-settings.php:20
actionadminoptimizer_add_submenu_pagemodules\heartbeat\heartbeat-control.php:52
actionwp_enqueue_scriptsmodules\heartbeat\heartbeat-control.php:54
actionadmin_enqueue_scriptsmodules\heartbeat\heartbeat-control.php:55
filterheartbeat_settingsmodules\heartbeat\heartbeat-control.php:56
actionadmin_initmodules\heartbeat\settings\heartbeat-settings.php:19
actionadmin_enqueue_scriptsmodules\heartbeat\settings\heartbeat-settings.php:20
actionadminoptimizer_add_submenu_pagemodules\limit-image-size\limit-image-size.php:47
filterwp_handle_upload_prefiltermodules\limit-image-size\limit-image-size.php:48
actionadmin_initmodules\limit-image-size\settings\limit-image-size-settings.php:30
filteradminoptimizer_settings_navtabmodules\media-management\media-management.php:46
filteradminoptimizer_settings_sectionsmodules\media-management\media-management.php:47
actionadd_attachmentmodules\media-management\media-management.php:49
filtersanitize_file_namemodules\media-management\media-management.php:52
actionadminoptimizer_add_submenu_pagemodules\modified-date\modified-date.php:54
actionpost_submitbox_misc_actionsmodules\modified-date\modified-date.php:55
actionadmin_enqueue_scriptsmodules\modified-date\modified-date.php:56
actionenqueue_block_editor_assetsmodules\modified-date\modified-date.php:57
filterwp_insert_post_datamodules\modified-date\modified-date.php:58
actioninitmodules\modified-date\modified-date.php:62
actioninitmodules\modified-date\modified-date.php:64
actionmanage_post_posts_custom_columnmodules\modified-date\modified-date.php:402
filtermanage_post_posts_columnsmodules\modified-date\modified-date.php:403
filtermanage_edit-post_sortable_columnsmodules\modified-date\modified-date.php:404
actionadmin_initmodules\modified-date\settings\modified-date-settings.php:30
actionadmin_enqueue_scriptsmodules\modified-date\settings\modified-date-settings.php:31
actionadminoptimizer_add_submenu_pagemodules\post-cloner\post-cloner.php:56
actioninitmodules\post-cloner\post-cloner.php:57
actionadmin_action_adminoptim-clone-postmodules\post-cloner\post-cloner.php:58
filterpost_row_actionsmodules\post-cloner\post-cloner.php:84
filterpage_row_actionsmodules\post-cloner\post-cloner.php:85
actionadmin_initmodules\post-cloner\settings\post-cloner-settings.php:29
actionadmin_enqueue_scriptsmodules\post-cloner\settings\post-cloner-settings.php:30
actioninitmodules\publish-missed-schedule\publish-missed-schedule.php:27
actionadminoptim_publish_missed_postmodules\publish-missed-schedule\publish-missed-schedule.php:29
actionadminoptim_deactivate_pluginmodules\publish-missed-schedule\publish-missed-schedule.php:30
filteraction_scheduler_queue_runner_concurrent_batchesmodules\publish-missed-schedule\publish-missed-schedule.php:32
filteradminoptimizer_settings_navtabmodules\security\security.php:46
filteradminoptimizer_settings_sectionsmodules\security\security.php:47
actionadmin_headmodules\security\security.php:53
filterxmlrpc_enabledmodules\security\security.php:56
filterwp_xmlrpc_server_classmodules\security\security.php:57
filteradminoptimizer_settings_navtabmodules\site-management\site-management.php:46
filteradminoptimizer_settings_sectionsmodules\site-management\site-management.php:47
actionadmin_initmodules\smtp-email\settings\smtp-email-settings.php:21
actionadmin_enqueue_scriptsmodules\smtp-email\settings\smtp-email-settings.php:22
actionadminoptimizer_add_submenu_pagemodules\smtp-email\smtp-email.php:53
actionphpmailer_initmodules\smtp-email\smtp-email.php:54
filterupload_mimesmodules\svg-upload\svg-upload.php:26
filterwp_handle_upload_prefiltermodules\svg-upload\svg-upload.php:27
filterwp_handle_sideload_prefiltermodules\svg-upload\svg-upload.php:28
filterwp_check_filetype_and_extmodules\svg-upload\svg-upload.php:29
actionrest_insert_attachmentmodules\svg-upload\svg-upload.php:30
filterwp_generate_attachment_metadatamodules\svg-upload\svg-upload.php:31
filterwp_calculate_image_srcsetmodules\svg-upload\svg-upload.php:32
filterwp_prepare_attachment_for_jsmodules\svg-upload\svg-upload.php:33
filterwp_get_attachment_metadatamodules\svg-upload\svg-upload.php:34
filteradminoptimizer_settings_navtabmodules\users-management\users-management.php:46
filteradminoptimizer_settings_sectionsmodules\users-management\users-management.php:47
filtermanage_users_columnsmodules\users-management\users-management.php:50
actionmanage_users_custom_columnmodules\users-management\users-management.php:51
filterrequestmodules\users-management\users-management.php:52
filtermanage_users_sortable_columnsmodules\users-management\users-management.php:58
actionwp_loginmodules\users-management\users-management.php:61
filtershow_admin_barmodules\users-management\users-management.php:64
actioninitmodules\users-management\users-management.php:67
filteradminoptimizer_settings_navtabmodules\utilities\utilities.php:46
filteradminoptimizer_settings_sectionsmodules\utilities\utilities.php:47
actionadd_meta_boxesmodules\xml-sitemap\includes\xml-sitemap-metaboxes.php:37
actionsave_postmodules\xml-sitemap\includes\xml-sitemap-metaboxes.php:40
actionadmin_initmodules\xml-sitemap\settings\xml-sitemap-settings.php:65
actionadmin_enqueue_scriptsmodules\xml-sitemap\settings\xml-sitemap-settings.php:66
actionadminoptimizer_add_submenu_pagemodules\xml-sitemap\xml-sitemap.php:62
filterwp_sitemaps_post_typesmodules\xml-sitemap\xml-sitemap.php:63
filterwp_sitemaps_taxonomiesmodules\xml-sitemap\xml-sitemap.php:64
filterwp_sitemaps_add_providermodules\xml-sitemap\xml-sitemap.php:65
filterwp_sitemaps_register_providersmodules\xml-sitemap\xml-sitemap.php:66
filterwp_sitemaps_posts_query_argsmodules\xml-sitemap\xml-sitemap.php:67
filterwp_sitemaps_taxonomies_query_argsmodules\xml-sitemap\xml-sitemap.php:68
filterwp_sitemaps_max_urlsmodules\xml-sitemap\xml-sitemap.php:69
filterwp_sitemaps_index_entrymodules\xml-sitemap\xml-sitemap.php:70
filterwp_sitemaps_taxonomies_entrymodules\xml-sitemap\xml-sitemap.php:71
filterwp_sitemaps_users_entrymodules\xml-sitemap\xml-sitemap.php:72
filterrobots_txtmodules\xml-sitemap\xml-sitemap.php:74
actioninitmodules\xml-sitemap\xml-sitemap.php:77
filterhome_urlmodules\xml-sitemap\xml-sitemap.php:78
Maintenance & Trust

Admin Optimizer Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.4.0
Downloads944

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Admin Optimizer Alternatives

WPMasterToolKit (WPMTK) – All in one plugin

WPMasterToolKit (WPMTK) – All in one plugin

wpmastertoolkit

A
90

Duplicate post, post order, email via SMTP, code snippets, disable gutenberg, child theme generator, svg support, disable XMLRPC, and more...

4K 5 CVEs
Admin and Site Enhancements (ASE)

Admin and Site Enhancements (ASE)

admin-site-enhancements

A
92

Duplicate post, post order, image resize, email via SMTP, admin menu editor, custom css / code, disable gutenberg and much more in a single plugin.

200K 7 CVEs
WP EXtra – One Click Optimize

WP EXtra – One Click Optimize

wp-extra

A
98

Optimize your site instantly with one-click activation. WP Extra offers easy fixes and features for WordPress.

7K 4 CVEs
JetHost Total Care – Security & Enhancements

JetHost Total Care – Security & Enhancements

jethost-total-care

A
100

JetHost Total Care simplifies WordPress management by consolidating features like security, site enhancements and performance into a single plugin.

500 No CVEs
Smart Admin Assistant – Dashboard and Site Enhancements

Smart Admin Assistant – Dashboard and Site Enhancements

smart-admin-assistant

A
100

All-in-one plugin for admin menu, dashboard customization, custom login URL, post duplication, custom code, SMTP, login protection and more.

200 No CVEs
Developer Profile

Admin Optimizer Developer Profile

yipresser

2 plugins · 10 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Admin Optimizer

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/admin-optimizer/admin/assets/css/modules-pro-settings.min.css/wp-content/plugins/admin-optimizer/admin/assets/js/modules-pro-settings.min.js/wp-content/plugins/admin-optimizer/admin/assets/js/modules-admin-optimizer.min.js
Script Paths
/wp-content/plugins/admin-optimizer/admin/assets/js/modules-pro-settings.min.js/wp-content/plugins/admin-optimizer/admin/assets/js/modules-admin-optimizer.min.js
Version Parameters
admin-optimizer/admin/assets/css/modules-pro-settings.min.css?ver=admin-optimizer/admin/assets/js/modules-pro-settings.min.js?ver=admin-optimizer/admin/assets/js/modules-admin-optimizer.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
adminoptim-header-wrapadminoptim-submit-btnadminoptim-pro-btnadminoptim-pro-stripadminoptim-contentadminoptim-nav-wrapperadminoptim-nav-tabadminoptim-tab-btn+3 more
Data Attributes
id="adminoptim-header-wrap"id="adminoptim-submit-btn"class="button button-primary adminoptim-submit-btn"id="adminoptim-nav-wrapper"id="tab-btn-aria-selected="+6 more
FAQ

Frequently Asked Questions about Admin Optimizer