Does Why So Slow? have any unpatched vulnerabilities?

No published vulnerabilities and no findings under coordinated disclosure as of the latest data update. Always keep the plugin updated to the latest version.

Is Why So Slow? compatible with WordPress 6.6.5?

According to WordPress.org data, Why So Slow? 2.1 has been tested up to WordPress 6.6.5. Check the plugin's changelog for the latest compatibility information.

Is Why So Slow? compatible with PHP 7.0+?

Why So Slow? requires PHP 7.0 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Why So Slow? updated?

Why So Slow? was last updated on Sep 28, 2024. Frequent updates are generally a positive security signal.

What is Why So Slow?'s security score?

Why So Slow? has a WP-Safety security score of 92/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Why So Slow? Security & Risk Analysis

wordpress.org/plugins/better-speed

Improve the loading speed of your website by removing bloat and unused features (formerly named Better Speed)

100 active installs v2.1 PHP 7.0+ WP 5.0+ Updated Sep 28, 2024

betterbloatperformancesecurityspeed

A · Safe

CVEs total0

Unpatched0

Last CVENever

Download

Safety Verdict

Is Why So Slow? Safe to Use in 2026?

Generally Safe

Score 92/100

Why So Slow? has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago

Risk Assessment

The 'better-speed' v2.1 plugin exhibits a seemingly strong security posture based on the provided static analysis. The absence of AJAX handlers, REST API routes, shortcodes, and cron events significantly limits the potential attack surface. Furthermore, the analysis indicates no dangerous functions, file operations, or external HTTP requests, all positive signs. The use of prepared statements for all SQL queries is also a commendable practice. However, a major concern arises from the extremely low percentage of properly escaped output (1%). This suggests that user-supplied data or dynamic content is likely being rendered without adequate sanitization, posing a significant risk of Cross-Site Scripting (XSS) vulnerabilities. The lack of nonce and capability checks across all entry points, combined with the minimal output escaping, creates a substantial blind spot. The absence of known CVEs and historical vulnerabilities is positive, but it does not negate the risks identified in the code analysis. The plugin's strengths lie in its limited attack surface and secure database interactions. Its primary weakness is the pervasive lack of output escaping, which, if not addressed, can lead to serious security flaws.

Key Concerns

Extremely low output escaping percentage
No nonce checks on entry points
No capability checks on entry points

Vulnerabilities

None known

Why So Slow? Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Version History

Why So Slow? Release Timeline

v2.1Current

v2.0

v1.2

v1.1

v1.0

Code Analysis

Analyzed Mar 16, 2026

Why So Slow? Code Analysis

Dangerous Functions

Raw SQL Queries

2 prepared

Unescaped Output

1 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

SQL Query Safety

100% prepared2 total queries

Output Escaping

1% escaped75 total outputs

Attack Surface

Why So Slow? Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 46

actionafter_setup_themebetter-speed.php:46

actionshutdownbetter-speed.php:47

actionsetup_themebetter-speed.php:50

actionafter_setup_themebetter-speed.php:55

actionshutdownbetter-speed.php:56

actionsetup_themebetter-speed.php:59

actionpre_pingbetter-speed.php:78

filteremoji_svg_urlbetter-speed.php:96

filtertiny_mce_pluginsbetter-speed.php:97

filterembed_oembed_discoverbetter-speed.php:111

filtertiny_mce_pluginsbetter-speed.php:112

filterrewrite_rules_arraybetter-speed.php:115

filterxmlrpc_enabledbetter-speed.php:127

filterpings_openbetter-speed.php:128

filterwp_headersbetter-speed.php:129

filterthe_generatorbetter-speed.php:138

actiontemplate_redirectbetter-speed.php:163

filterrest_authentication_errorsbetter-speed.php:184

actionwp_print_stylesbetter-speed.php:194

actionwp_loadedbetter-speed.php:201

actionwidgets_initbetter-speed.php:215

filtershow_recent_comments_widget_stylebetter-speed.php:217

actiontemplate_redirectbetter-speed.php:219

actiontemplate_redirectbetter-speed.php:224

actionadmin_initbetter-speed.php:229

actionwp_loadedbetter-speed.php:234

filtercomments_arraybetter-speed.php:244

filtercomments_openbetter-speed.php:247

filterpings_openbetter-speed.php:250

actionadmin_menubetter-speed.php:254

actionadmin_print_styles-index.phpbetter-speed.php:265

actionadmin_print_styles-profile.phpbetter-speed.php:268

actionwp_dashboard_setupbetter-speed.php:271

filterpre_option_default_pingback_flagbetter-speed.php:274

filtercomments_templatebetter-speed.php:278

filterfeed_links_show_comments_feedbetter-speed.php:281

actioninitbetter-speed.php:286

filterwp_default_scriptsbetter-speed.php:297

actionwp_enqueue_scriptsbetter-speed.php:319

actionwp_enqueue_scriptsbetter-speed.php:330

filterscript_loader_tagbetter-speed.php:339

filterbody_classbetter-speed.php:353

filterwhitelist_optionsbetter-speed.php:414

actionadmin_menubetter-speed.php:961

actionadmin_initbetter-speed.php:962

actionadmin_enqueue_scriptsbetter-speed.php:973

Maintenance & Trust

Why So Slow? Maintenance & Trust

Maintenance Signals

WordPress version tested6.6.5

Last updatedSep 28, 2024

PHP min version7.0

Downloads4K

Community Trust

Rating100/100

Number of ratings4

Active installs100

Alternatives

Why So Slow? Alternatives

Staatic – Static Site Generator

staatic

100

Staatic lets you create and deploy a streamlined static version of your WordPress site.

2K No CVEs

Specify a Vary: Accept-Encoding Header

specify-a-vary-accept-encoding-header

This plugin fixes a "Vary: Accept-Encoding Header" message and boosts website performance.

200 No CVEs

The Off Switch (formerly WP Avoid Slow)

wp-avoid-slow

100

Disable unused WordPress features and remove bloat. 85 toggles for performance, security hardening, and WooCommerce — pure PHP, no .

100 No CVEs

ZenPress

zenpress

100

Speed up and harden your site with a single click: cleans up unused features, protects security gaps, and configures cache integrations automatically.

50 No CVEs

Optimator – Simplify and streamline WordPress by removing unnecessary data and functionalities

optimator

100

Simplify and streamline WordPress by removing unnecessary data and functionalities.

10 No CVEs

Developer Profile

Why So Slow? Developer Profile

bettersecurity

5 plugins · 440 total installs

trust score

Avg Security Score

92/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect Why So Slow?

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

REST Endpoints

/wp-json/whysoslow/v1/settings

FAQ