WP-Safety

CSS Minify Security & Risk Analysis

wordpress.org/plugins/css-optimizer

Minify and Optimize your CSS by clicking one button.

200 active installs v3.0 PHP + WP 4.1+ Updated Jan 2, 2018
compresscssminificationminifyminify-css
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is CSS Minify Safe to Use in 2026?

Generally Safe

Score 85/100

CSS Minify has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "css-optimizer" v3.0 plugin exhibits a mixed security posture. On the positive side, its vulnerability history is clean, with no recorded CVEs, suggesting a generally well-maintained codebase or a low profile for exploitation. Furthermore, the plugin has a very small attack surface, with no unprotected entry points, and no identified critical or high severity taint flows. The limited number of AJAX handlers and the absence of REST API routes without permission callbacks are good indicators of security awareness.

However, significant concerns arise from the static analysis. The use of the deprecated `create_function` nine times is a major red flag, as this function is notorious for its potential to introduce security vulnerabilities, particularly if user input is involved. Additionally, all SQL queries are executed without prepared statements, making the plugin highly susceptible to SQL injection attacks. The low percentage of properly escaped output (29%) further compounds this risk, indicating a high likelihood of cross-site scripting (XSS) vulnerabilities. While the attack surface is small and the vulnerability history is clean, these code-level weaknesses present substantial potential risks.

Key Concerns

  • Dangerous functions (create_function)
  • SQL queries not prepared
  • Low output escaping percentage
  • Limited nonce checks on AJAX
Vulnerabilities
None known

CSS Minify Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

CSS Minify Code Analysis

Dangerous Functions
9
Raw SQL Queries
3
0 prepared
Unescaped Output
34
14 escaped
Nonce Checks
1
Capability Checks
2
File Operations
25
External Requests
0
Bundled Libraries
0

Dangerous Functions Found

create_functioncreate_function(classes\bpminifycssBase.php:130
create_functioncreate_function(classes\bpminifycssBase.php:147
create_functioncreate_function(classes\bpminifycssBase.php:163
create_functioncreate_function(classes\bpminifycssBase.php:179
create_functioncreate_function(classes\bpminifycssBase.php:195
create_functioncreate_function(classes\bpminifycssBase.php:211
create_functioncreate_function(classes\bpminifycssBase.php:287
create_functioncreate_function(classes\bpminifycssStyles.php:96
create_functioncreate_function(classes\bpminifycssStyles.php:494

SQL Query Safety

0% prepared3 total queries

Output Escaping

29% escaped48 total outputs
Attack Surface

CSS Minify Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_bpminifycss_delete_cacheclasses\bpminifycssToolbar.php:30
WordPress Hooks 21
actionadmin_noticesbpminifycss.php:60
actioninitbpminifycss.php:74
actioninitbpminifycss.php:280
actiontemplate_redirectbpminifycss.php:282
actionadmin_noticesbpminifycss.php:286
actionshutdownclasses\bpminifycssCache.php:101
actionbpminifycss_action_cachepurgedclasses\bpminifycssCache.php:105
actionadmin_menuclasses\bpminifycssConfig.php:12
actionadmin_initclasses\bpminifycssConfig.php:13
filterplugin_row_metaclasses\bpminifycssConfig.php:18
actionwp_loadedclasses\bpminifycssToolbar.php:12
actionadmin_enqueue_scriptsclasses\bpminifycssToolbar.php:23
actionwp_enqueue_scriptsclasses\bpminifycssToolbar.php:26
actionadmin_bar_menuclasses\bpminifycssToolbar.php:33
actionplugins_loadedclasslesses\bpminifycssCacheChecker.php:15
actionao_cachecheckerclasslesses\bpminifycssCacheChecker.php:32
actionadmin_noticesclasslesses\bpminifycssCacheChecker.php:55
actionadmin_initclasslesses\bpminifycssPartners.php:6
filterbpminifycss_filter_settingsscreen_tabsclasslesses\bpminifycssPartners.php:9
actionadmin_menuclasslesses\bpminifycssPartners.php:18
actionadmin_noticesclasslesses\bpminifycssUpdateCode.php:73

Scheduled Events 1

ao_cachechecker
Maintenance & Trust

CSS Minify Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedJan 2, 2018
PHP min version
Downloads18K

Community Trust

Rating46/100
Number of ratings3
Active installs200
Alternatives

CSS Minify Alternatives

CSS Above The Fold

CSS Above The Fold

css-above-the-fold

A
85

Faster CSS browser rendering displaying selected fragments of your theme stylesheet file directly into the head section.

200 No CVEs
Asset CleanUp: Page Speed Booster

Asset CleanUp: Page Speed Booster

wp-asset-clean-up

A
89

Make your website load FASTER by stopping specific styles (.CSS) & scripts (.JS) from loading. It works best with a page caching plugin / service.

100K 6 CVEs
Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN

Hummingbird Performance – Cache & Page Speed Optimization for Core Web Vitals | Critical CSS | Minify CSS | Defer CSS Javascript | CDN

hummingbird-performance

A
92

Optimize PageSpeed Performance & Core Web Vitals, Advanced Cache, Minify CSS & JavaScript, Inline Critical CSS, Defer CSS & JS, Smush & Lazy Load, CDN

80K 6 CVEs
WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

WP Super Minify • Minify, Compress and Cache HTML, CSS & JavaScript

wp-super-minify

A
100

A lightweight plugin that automatically minifies, compresses, and caches HTML, CSS, and JavaScript on demand to improve your website’s load speed.

9K 1 CVE
Better WordPress Minify

Better WordPress Minify

bwp-minify

A
85

Allows you to combine and minify your CSS and JS files to improve page load time.

8K No CVEs
Developer Profile

CSS Minify Developer Profile

peterpfeiffer

2 plugins · 240 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect CSS Minify

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/bpminifycss/classes/bpminifycssConfig.php/wp-content/plugins/bpminifycss/classes/bpminifycssToolbar.php/wp-content/plugins/bpminifycss/classlesses/bpminifycssPartners.php/wp-content/plugins/bpminifycss/classes/bpminifycssCache.php/wp-content/plugins/bpminifycss/classlesses/bpminifycssUpdateCode.php/wp-content/plugins/bpminifycss/classes/bpminifycssBase.php/wp-content/plugins/bpminifycss/classes/bpminifycssHTML.php/wp-content/plugins/bpminifycss/classes/external/php/minify-html.php+6 more
Version Parameters
/bpminifycss/bpminifycss.php?ver=/bpminifycss/classes/bpminifycssConfig.php?ver=/bpminifycss/classes/bpminifycssToolbar.php?ver=/bpminifycss/classlesses/bpminifycssPartners.php?ver=/bpminifycss/classes/bpminifycssCache.php?ver=/bpminifycss/classlesses/bpminifycssUpdateCode.php?ver=/bpminifycss/classes/bpminifycssBase.php?ver=/bpminifycss/classes/bpminifycssHTML.php?ver=/bpminifycss/classes/external/php/minify-html.php?ver=/bpminifycss/classes/bpminifycssScripts.php?ver=/bpminifycss/classes/external/php/jsmin-1.1.1.php?ver=/bpminifycss/classes/external/php/minify-2.3.1-jsmin.php?ver=/bpminifycss/classes/bpminifycssStyles.php?ver=/bpminifycss/classes/external/php/minify-css-compressor.php?ver=/bpminifycss/classes/external/php/yui-php-cssmin-2.4.8-4_fgo.php?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- BUG: new minify-html does not support keeping HTML comments, skipping for now -->
JS Globals
window.bpminifycssConfigwindow.bpminifycssToolbarwindow.bpminifycssPartnerswindow.bpminifycssCachewindow.bpminifycssUpdateCodewindow.bpminifycssBase+3 more
FAQ

Frequently Asked Questions about CSS Minify