Does Better By Default have any unpatched vulnerabilities?

No. All known vulnerabilities in Better By Default have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Better By Default compatible with WordPress 6.8.5?

According to WordPress.org data, Better By Default 1.3 has been tested up to WordPress 6.8.5. Check the plugin's changelog for the latest compatibility information.

Is Better By Default compatible with PHP 7.2.5+?

Better By Default requires PHP 7.2.5 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Better By Default updated?

Better By Default was last updated on May 27, 2025. Frequent updates are generally a positive security signal.

What is Better By Default's security score?

Better By Default has a WP-Safety security score of 100/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Better By Default Security & Risk Analysis

wordpress.org/plugins/better-by-default

Boost your WordPress site with the Better By Default Plugin for simplicity, security, and performance, ensuring a clean and efficient experience.

200 active installs v1.3 PHP 7.2.5+ WP + Updated May 27, 2025

admin-enhancementadmin-simplifyperformancepersonalizationsecurity

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Better By Default Safe to Use in 2026?

Generally Safe

Score 100/100

Better By Default has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10mo ago

Risk Assessment

The 'better-by-default' plugin v1.3 exhibits a generally strong security posture based on the provided static analysis. The vast majority of its outputs are properly escaped, it uses prepared statements for a significant portion of its SQL queries, and there are no recorded vulnerabilities in its history. This suggests a proactive approach to security by the developers, focusing on fundamental secure coding practices. The plugin also correctly implements nonce and capability checks for most of its entry points.

However, a notable concern is the presence of one AJAX handler that lacks authentication checks. This creates a potential attack vector where unauthenticated users could trigger this specific AJAX action, potentially leading to unintended consequences depending on the handler's functionality. While the taint analysis shows no unsanitized paths, the lack of an authentication check on an AJAX endpoint is a critical oversight that warrants attention.

Overall, the plugin is well-developed from a security perspective, but this single unprotected AJAX handler represents a clear weakness. Addressing this specific issue would significantly improve the plugin's security, bringing its posture closer to excellent. The absence of historical vulnerabilities and the robust implementation of other security measures are positive indicators.

Key Concerns

Unprotected AJAX handler

Vulnerabilities

None known

Better By Default Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Better By Default Code Analysis

Dangerous Functions

Raw SQL Queries

14 prepared

Unescaped Output

466 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

DataTables

SQL Query Safety

74% prepared19 total queries

Output Escaping

99% escaped469 total outputs

Attack Surface

1 unprotected

Better By Default Attack Surface

Entry Points6

Unprotected1

AJAX Handlers 6

authwp_ajax_flush_cache_object_cacheincludes\classes\class-admin.php:69

authwp_ajax_flush_cache_page_cacheincludes\classes\class-admin.php:72

authwp_ajax_better_by_default_optionsincludes\classes\class-admin.php:75

authwp_ajax_activity_logs_dataincludes\classes\miscellaneous\class-activity-log.php:85

authwp_ajax_activity_logs_data_flushincludes\classes\miscellaneous\class-activity-log.php:87

authwp_ajax_public-page-previewincludes\classes\miscellaneous\class-public-page-preview.php:63

WordPress Hooks 155

actionadmin_enqueue_scriptsincludes\classes\class-admin.php:60

actionadmin_enqueue_scriptsincludes\classes\class-admin.php:61

actionadmin_noticesincludes\classes\class-admin.php:62

actionall_admin_noticesincludes\classes\class-admin.php:63

actionupdate_option_blog_publicincludes\classes\class-admin.php:66

actioninitincludes\classes\class-blocks.php:38

filterblock_categories_allincludes\classes\class-blocks.php:39

actionwp_dashboard_setupincludes\classes\class-custom-dashboard-widgets.php:58

actionadmin_enqueue_scriptsincludes\classes\class-custom-dashboard-widgets.php:59

actionwp_enqueue_scriptsincludes\classes\class-front.php:57

actionwp_enqueue_scriptsincludes\classes\class-front.php:58

actionenqueue_block_assetsincludes\classes\class-front.php:60

filtershould_load_separate_core_block_assetsincludes\classes\class-front.php:61

actionplugins_loadedincludes\classes\class-i18.php:51

actionadmin_initincludes\classes\class-settings-sections-fields.php:63

actionadmin_menuincludes\classes\class-settings-sections-fields.php:64

actionprofile_updateincludes\classes\miscellaneous\class-activity-log.php:68

actionset_user_roleincludes\classes\miscellaneous\class-activity-log.php:69

actionupdated_user_metaincludes\classes\miscellaneous\class-activity-log.php:70

actionuser_registerincludes\classes\miscellaneous\class-activity-log.php:71

actiondeleted_userincludes\classes\miscellaneous\class-activity-log.php:72

actionwp_loginincludes\classes\miscellaneous\class-activity-log.php:73

actionactivated_pluginincludes\classes\miscellaneous\class-activity-log.php:75

actiondeactivated_pluginincludes\classes\miscellaneous\class-activity-log.php:76

actiondelete_pluginincludes\classes\miscellaneous\class-activity-log.php:77

actionswitch_themeincludes\classes\miscellaneous\class-activity-log.php:79

actiondeleted_themeincludes\classes\miscellaneous\class-activity-log.php:80

actionupdated_optionincludes\classes\miscellaneous\class-activity-log.php:81

actionadded_optionincludes\classes\miscellaneous\class-activity-log.php:82

actionadmin_menuincludes\classes\miscellaneous\class-activity-log.php:84

actionadmin_enqueue_scriptsincludes\classes\miscellaneous\class-activity-log.php:86

actionadmin_initincludes\classes\miscellaneous\class-default-template-network-site.php:67

filtertheme_page_templatesincludes\classes\miscellaneous\class-default-template-network-site.php:68

filtertemplate_includeincludes\classes\miscellaneous\class-default-template-network-site.php:69

filterbody_classincludes\classes\miscellaneous\class-default-template-network-site.php:70

actionwp_enqueue_scriptsincludes\classes\miscellaneous\class-default-template-network-site.php:71

filterwp_headersincludes\classes\miscellaneous\class-disable-crawling.php:47

actioninitincludes\classes\miscellaneous\class-disable-crawling.php:49

actioninitincludes\classes\miscellaneous\class-enable-crawling.php:65

actionsend_headersincludes\classes\miscellaneous\class-maintenance-mode.php:66

actionplugins_loadedincludes\classes\miscellaneous\class-maintenance-mode.php:67

actionadmin_enqueue_scriptsincludes\classes\miscellaneous\class-maintenance-mode.php:68

actionwp_enqueue_scriptsincludes\classes\miscellaneous\class-maintenance-mode.php:69

actionwp_before_admin_bar_renderincludes\classes\miscellaneous\class-maintenance-mode.php:125

actionadmin_enqueue_scriptsincludes\classes\miscellaneous\class-public-page-preview.php:62

actionpre_get_postsincludes\classes\miscellaneous\class-public-page-preview.php:65

filterwp_robotsincludes\classes\miscellaneous\class-public-page-preview.php:81

filterposts_resultsincludes\classes\miscellaneous\class-public-page-preview.php:82

actionwp_enqueue_scriptsincludes\classes\performance\class-critical-css.php:52

actionadd_meta_boxesincludes\classes\performance\class-critical-css.php:53

actionsave_postincludes\classes\performance\class-critical-css.php:54

actionwp_enqueue_scriptsincludes\classes\performance\class-lazy-load-embeds.php:55

filterthe_contentincludes\classes\performance\class-lazy-load-embeds.php:56

filterthe_generatorincludes\classes\performance\class-obscure-wp-head.php:66

filterfeed_links_show_comments_feedincludes\classes\performance\class-obscure-wp-head.php:81

filteremoji_svg_urlincludes\classes\performance\class-obscure-wp-head.php:96

filterpings_openincludes\classes\performance\class-obscure-wp-head.php:101

filterpre_option_default_ping_statusincludes\classes\performance\class-obscure-wp-head.php:102

filterxmlrpc_methodsincludes\classes\performance\class-obscure-wp-head.php:105

actionxmlrpc_callincludes\classes\performance\class-obscure-wp-head.php:106

actioninitincludes\classes\performance\class-obscure-wp-head.php:109

filterrewrite_rules_arrayincludes\classes\performance\class-obscure-wp-head.php:112

actionadmin_enqueue_scriptsincludes\classes\performance\class-obscure-wp-head.php:114

actionwp_loadedincludes\classes\performance\class-obscure-wp-head.php:117

actionadmin_enqueue_scriptsincludes\classes\personalize\class-account-menu-style.php:53

actionwp_enqueue_scriptsincludes\classes\personalize\class-account-menu-style.php:54

actionadmin_initincludes\classes\personalize\class-admin-color-branding.php:65

filterget_user_option_admin_colorincludes\classes\personalize\class-admin-color-branding.php:168

actionlogin_headincludes\classes\personalize\class-admin-login-branding.php:72

filterlogin_headerurlincludes\classes\personalize\class-admin-login-branding.php:230

filterlogin_headertextincludes\classes\personalize\class-admin-login-branding.php:236

filtercustom_menu_orderincludes\classes\personalize\class-admin-menu-organization.php:73

filtermenu_orderincludes\classes\personalize\class-admin-menu-organization.php:74

actionadmin_menuincludes\classes\personalize\class-admin-menu-organization.php:77

filterpost_type_labels_postincludes\classes\personalize\class-admin-menu-organization.php:87

actioninitincludes\classes\personalize\class-admin-menu-organization.php:88

actionadmin_menuincludes\classes\personalize\class-admin-menu-organization.php:89

actionadmin_bar_menuincludes\classes\personalize\class-admin-menu-organization.php:90

actionadmin_menuincludes\classes\personalize\class-admin-menu-organization.php:99

actionadmin_menuincludes\classes\personalize\class-admin-menu-organization.php:100

actionadmin_headincludes\classes\personalize\class-admin-menu-organization.php:101

actionadmin_action_duplicate_contentincludes\classes\personalize\class-content-duplication.php:63

filterpage_row_actionsincludes\classes\personalize\class-content-duplication.php:64

filterpost_row_actionsincludes\classes\personalize\class-content-duplication.php:65

actionadmin_bar_menuincludes\classes\personalize\class-content-duplication.php:66

actionadmin_initincludes\classes\personalize\class-disable-block-editor.php:62

actionwp_enqueue_scriptsincludes\classes\personalize\class-disable-block-editor.php:63

filteruse_block_editor_for_post_typeincludes\classes\personalize\class-disable-block-editor.php:112

filtergutenberg_can_edit_post_typeincludes\classes\personalize\class-disable-block-editor.php:115

actioninitincludes\classes\protect\class-change-login-url.php:61

filterlogin_urlincludes\classes\protect\class-change-login-url.php:62

filterlostpassword_urlincludes\classes\protect\class-change-login-url.php:63

filterregister_urlincludes\classes\protect\class-change-login-url.php:64

actionwp_loadedincludes\classes\protect\class-change-login-url.php:65

actionwp_login_failedincludes\classes\protect\class-change-login-url.php:66

filterlogin_messageincludes\classes\protect\class-change-login-url.php:67

filterauthenticateincludes\classes\protect\class-limit-login-attemps.php:71

actionlogin_enqueue_scriptsincludes\classes\protect\class-limit-login-attemps.php:73

filterlogin_messageincludes\classes\protect\class-limit-login-attemps.php:74

actionwp_login_failedincludes\classes\protect\class-limit-login-attemps.php:80

actionwp_loginincludes\classes\protect\class-limit-login-attemps.php:83

filterauthenticateincludes\classes\protect\class-reserved-username.php:60

actionuser_registerincludes\classes\protect\class-reserved-username.php:61

filterrest_authentication_errorsincludes\classes\protect\class-rest-api-access-control.php:65

actionwp_headersincludes\classes\protect\class-security-headers.php:56

actionadmin_enqueue_scriptsincludes\classes\protect\class-strong-password.php:65

actionlogin_enqueue_scriptsincludes\classes\protect\class-strong-password.php:66

actionuser_profile_update_errorsincludes\classes\protect\class-strong-password.php:67

actionvalidate_password_resetincludes\classes\protect\class-strong-password.php:68

actionresetpass_formincludes\classes\protect\class-strong-password.php:69

filterauthenticateincludes\classes\protect\class-strong-password.php:70

filterxmlrpc_enabledincludes\classes\protect\class-xmlrpc.php:56

actionadmin_initincludes\classes\setting-fields\class-personalize-settings.php:55

filteradmin_footer_textincludes\classes\simplify\class-admin-footer-text.php:52

filterupdate_footerincludes\classes\simplify\class-admin-footer-text.php:53

filterallow_major_auto_core_updatesincludes\classes\simplify\class-auto-update.php:53

filterallow_minor_auto_core_updatesincludes\classes\simplify\class-auto-update.php:54

filterallow_dev_auto_core_updatesincludes\classes\simplify\class-auto-update.php:55

actionadmin_initincludes\classes\simplify\class-comments.php:61

filtercomments_arrayincludes\classes\simplify\class-comments.php:64

actionadmin_menuincludes\classes\simplify\class-comments.php:67

actionadmin_initincludes\classes\simplify\class-comments.php:70

actionwp_dashboard_setupincludes\classes\simplify\class-comments.php:73

actioninitincludes\classes\simplify\class-comments.php:76

actionenqueue_block_editor_assetsincludes\classes\simplify\class-comments.php:79

actionrender_blockincludes\classes\simplify\class-comments.php:81

actiontemplate_redirectincludes\classes\simplify\class-comments.php:84

filterpre_option_default_comment_statusincludes\classes\simplify\class-comments.php:87

actionadmin_headincludes\classes\simplify\class-comments.php:89

actionadmin_menuincludes\classes\simplify\class-comments.php:92

actionadmin_enqueue_scriptsincludes\classes\simplify\class-comments.php:94

filtercomments_templateincludes\classes\simplify\class-comments.php:260

filtercomments_openincludes\classes\simplify\class-comments.php:269

filterpings_openincludes\classes\simplify\class-comments.php:270

filterget_comments_numberincludes\classes\simplify\class-comments.php:273

actionadmin_initincludes\classes\simplify\class-customize-list-tables.php:65

actionadmin_initincludes\classes\simplify\class-customize-list-tables.php:69

actionadmin_initincludes\classes\simplify\class-customize-list-tables.php:73

filtermanage_upload_columnsincludes\classes\simplify\class-customize-list-tables.php:77

actionmanage_media_custom_columnincludes\classes\simplify\class-customize-list-tables.php:78

actionadmin_enqueue_scriptsincludes\classes\simplify\class-customize-list-tables.php:79

filtermanage_media_columnsincludes\classes\simplify\class-customize-list-tables.php:209

actionmanage_media_custom_columnincludes\classes\simplify\class-customize-list-tables.php:210

actionwp_dashboard_setupincludes\classes\simplify\class-disable-dashboard-widgets.php:55

actionadmin_initincludes\classes\simplify\class-disable-dashboard-widgets.php:56

actionwp_dashboard_setupincludes\classes\simplify\class-disable-dashboard-widgets.php:131

filtershow_admin_barincludes\classes\simplify\class-hide-admin-bar.php:53

actionwp_loginincludes\classes\simplify\class-last-login-column.php:71

filtermanage_users_columnsincludes\classes\simplify\class-last-login-column.php:72

filtermanage_users_custom_columnincludes\classes\simplify\class-last-login-column.php:73

actionadmin_print_styles-users.phpincludes\classes\simplify\class-last-login-column.php:74

actioninitincludes\classes\simplify\class-post-tags.php:53

actionrestrict_manage_postsincludes\classes\simplify\class-search-by-title.php:55

filterparse_queryincludes\classes\simplify\class-search-by-title.php:56

filterposts_whereincludes\classes\simplify\class-search-by-title.php:57

Maintenance & Trust

Better By Default Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5

Last updatedMay 27, 2025

PHP min version7.2.5

Downloads1K

Community Trust

Rating0/100

Number of ratings0

Active installs200

Alternatives

Better By Default Alternatives

Jetpack – WP Security, Backup, Speed, & Growth

jetpack

Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.

3.0M 24 CVEs

ManageWP Worker

worker

A better way to manage dozens of WordPress websites.

1.0M 1 CVE

Simply Static – The Static Site Generator

simply-static

Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.

30K 2 CVEs

Plugin Check (PCP)

plugin-check

100

Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.

7K No CVEs

DefendWP Firewall

defend-wp-firewall

Get instant protection against vulnerabilities disclosed by security companies.

3K 1 CVE

Developer Profile

Better By Default Developer Profile

MULTIDOTS Inc

7 plugins · 210 total installs

trust score

Avg Security Score

99/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Better By Default

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/better-by-default/assets/build/admin.css/wp-content/plugins/better-by-default/assets/library/datatables/datatables.min.css/wp-content/plugins/better-by-default/assets/library/datatables/datatables.min.js/wp-content/plugins/better-by-default/assets/build/admin.js

Script Paths

/wp-content/plugins/better-by-default/assets/build/admin.js

Version Parameters

better-by-default/assets/build/admin.css?ver=better-by-default/assets/library/datatables/datatables.min.css?ver=better-by-default/assets/library/datatables/datatables.min.js?ver=better-by-default/assets/build/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

better-by-default-changes-saved

JS Globals

betterByDefaultConfig

FAQ