WP-Safety

DiveWP – Boost Site Performance with Clear, Actionable Steps Security & Risk Analysis

wordpress.org/plugins/divewp-boost-site-performance

Learn WP Best Practices Through Your Own Site! Get clear insights about Performance, Security, and Best Practices – explained in plain English.

200 active installs v2.3.3 PHP 7.2+ WP 6.8+ Updated Feb 26, 2026
abilities-apicron-jobsperformance-optimizationsecuritysite-health
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is DiveWP – Boost Site Performance with Clear, Actionable Steps Safe to Use in 2026?

Generally Safe

Score 100/100

DiveWP – Boost Site Performance with Clear, Actionable Steps has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1mo ago
Risk Assessment

The divewp-boost-site-performance plugin v2.3.3 exhibits a mixed security posture. On the positive side, it shows a strong adherence to good security practices with a high percentage of SQL queries using prepared statements and properly escaped output. The plugin also has a clean vulnerability history, with no known CVEs, which suggests a potentially stable codebase. Furthermore, it demonstrates a robust use of nonce and capability checks throughout its code.

However, there are significant concerns that temper this positive outlook. The plugin presents a substantial attack surface with 49 AJAX handlers, and a notable portion of these (16) lack authentication checks. This represents a direct avenue for potential unauthorized actions if malicious inputs can be crafted. The taint analysis revealing 3 high-severity flows with unsanitized paths is particularly alarming, as these could lead to serious security breaches if exploited, despite the absence of reported critical issues.

In conclusion, while the plugin has good underlying practices and no recorded historical vulnerabilities, the high number of unprotected AJAX endpoints and the presence of high-severity unsanitized taint flows are critical weaknesses. These areas require immediate attention and remediation to mitigate potential risks to WordPress sites utilizing this plugin.

Key Concerns

  • Unprotected AJAX handlers
  • High severity unsanitized taint flows
  • Dangerous function: unserialize
Vulnerabilities
None known

DiveWP – Boost Site Performance with Clear, Actionable Steps Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

DiveWP – Boost Site Performance with Clear, Actionable Steps Code Analysis

Dangerous Functions
1
Raw SQL Queries
60
158 prepared
Unescaped Output
119
987 escaped
Nonce Checks
54
Capability Checks
143
File Operations
19
External Requests
8
Bundled Libraries
0

Dangerous Functions Found

unserialize$unserialized = unserialize($data);includes\features\choose-hosting\class-resource-tests.php:1349

SQL Query Safety

72% prepared218 total queries

Output Escaping

89% escaped1106 total outputs
Data Flows
3 unsanitized

Data Flow Analysis

15 flows3 with unsanitized paths
<class-divewp-feedback> (includes\class-divewp-feedback.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
16 unprotected

DiveWP – Boost Site Performance with Clear, Actionable Steps Attack Surface

Entry Points49
Unprotected16

AJAX Handlers 49

authwp_ajax_divewp_get_resource_resultsincludes\admin\ajax-get-resource-results.php:2
authwp_ajax_divewp_dismiss_feedbackincludes\class-divewp-feedback.php:161
authwp_ajax_divewp_update_settingsincludes\class-divewp-main.php:939
authwp_ajax_divewp_fetch_dataincludes\class-divewp-main.php:940
authwp_ajax_divewp_run_hosting_testincludes\features\choose-hosting\class-choose-hosting.php:45
authwp_ajax_divewp_get_hosting_evaluationincludes\features\choose-hosting\class-choose-hosting.php:46
authwp_ajax_divewp_get_hosting_evaluation_cardsincludes\features\choose-hosting\class-choose-hosting.php:47
authwp_ajax_divewp_run_concurrency_stepincludes\features\choose-hosting\class-choose-hosting.php:48
authwp_ajax_divewp_cron_get_eventsincludes\features\cron-jobs\ajax-handlers.php:33
authwp_ajax_divewp_cron_run_nowincludes\features\cron-jobs\ajax-handlers.php:34
authwp_ajax_divewp_cron_deleteincludes\features\cron-jobs\ajax-handlers.php:35
authwp_ajax_divewp_cron_bulk_actionincludes\features\cron-jobs\ajax-handlers.php:36
authwp_ajax_divewp_cron_add_eventincludes\features\cron-jobs\ajax-handlers.php:37
authwp_ajax_divewp_cron_get_event_detailsincludes\features\cron-jobs\ajax-handlers.php:38
authwp_ajax_divewp_cron_get_as_actionsincludes\features\cron-jobs\ajax-handlers.php:41
authwp_ajax_divewp_cron_run_as_actionincludes\features\cron-jobs\ajax-handlers.php:42
authwp_ajax_divewp_cron_cancel_as_actionincludes\features\cron-jobs\ajax-handlers.php:43
authwp_ajax_divewp_cron_get_logsincludes\features\cron-jobs\ajax-handlers.php:46
authwp_ajax_divewp_cron_get_hook_logsincludes\features\cron-jobs\ajax-handlers.php:47
authwp_ajax_divewp_cron_get_log_detailsincludes\features\cron-jobs\ajax-handlers.php:48
authwp_ajax_divewp_cron_clear_logsincludes\features\cron-jobs\ajax-handlers.php:49
authwp_ajax_divewp_cron_get_diagnosticsincludes\features\cron-jobs\ajax-handlers.php:52
authwp_ajax_divewp_cron_get_overdueincludes\features\cron-jobs\ajax-handlers.php:55
authwp_ajax_divewp_send_test_emailincludes\features\email-communications\class-email-insights.php:48
authwp_ajax_divewp_refresh_email_logincludes\features\email-communications\class-email-insights.php:49
authwp_ajax_divewp_delete_all_email_logsincludes\features\email-communications\class-email-insights.php:50
authwp_ajax_divewp_benchmark_initincludes\features\hosting\hosting-benchmark\ajax-handlers.php:28
authwp_ajax_divewp_benchmark_run_testincludes\features\hosting\hosting-benchmark\ajax-handlers.php:31
authwp_ajax_divewp_benchmark_finalizeincludes\features\hosting\hosting-benchmark\ajax-handlers.php:34
authwp_ajax_divewp_benchmark_get_statusincludes\features\hosting\hosting-benchmark\ajax-handlers.php:37
authwp_ajax_divewp_get_saved_benchmarksincludes\features\hosting\hosting-benchmark\ajax-handlers.php:40
authwp_ajax_divewp_load_saved_benchmarkincludes\features\hosting\hosting-benchmark\ajax-handlers.php:41
authwp_ajax_divewp_delete_saved_benchmarkincludes\features\hosting\hosting-benchmark\ajax-handlers.php:42
authwp_ajax_divewp_delete_all_benchmarksincludes\features\hosting\hosting-benchmark\ajax-handlers.php:43
authwp_ajax_divewp_toggle_plugin_statusincludes\features\plugins-management\class-plugins-management.php:28
authwp_ajax_divewp_get_plugin_detailsincludes\features\plugins-management\class-plugins-management.php:29
authwp_ajax_divewp_get_plugin_versionsincludes\features\plugins-management\class-plugins-management.php:30
authwp_ajax_divewp_rollback_plugin_versionincludes\features\plugins-management\class-plugins-management.php:31
authwp_ajax_divewp_update_pluginincludes\features\plugins-management\class-plugins-management.php:32
authwp_ajax_divewp_get_plugin_ratings_batchincludes\features\plugins-management\class-plugins-management.php:33
authwp_ajax_divewp_get_plugin_icons_batchincludes\features\plugins-management\class-plugins-management.php:34
authwp_ajax_divewp_theme_checkincludes\features\theme-builder\class-theme-builder.php:83
authwp_ajax_divewp_theme_refreshincludes\features\theme-builder\class-theme-builder.php:84
authwp_ajax_edit-theme-plugin-fileincludes\features\user-events\class-event-logger.php:173
authwp_ajax_divewp_delete_all_logsincludes\features\user-events\class-user-events.php:58
authwp_ajax_divewp_refresh_logsincludes\features\user-events\class-user-events.php:59
authwp_ajax_divewp_load_more_eventsincludes\features\user-events\class-user-events.php:60
authwp_ajax_divewp_load_recent_timelineincludes\features\user-events\class-user-events.php:61
authwp_ajax_divewp_get_event_detailsincludes\features\user-events\class-user-events.php:62
WordPress Hooks 109
actionadmin_noticesdivewp.php:91
actionadmin_initdivewp.php:155
actionadmin_initdivewp.php:187
actionadmin_noticesdivewp.php:245
actionplugins_loadeddivewp.php:254
actionadmin_footerdivewp.php:285
actionadmin_enqueue_scriptsdivewp.php:289
actionadmin_enqueue_scriptsincludes\class-dashboard-overview.php:26
actionwp_abilities_api_categories_initincludes\class-divewp-abilities.php:62
actionabilities_api_categories_initincludes\class-divewp-abilities.php:63
actionwp_abilities_api_initincludes\class-divewp-abilities.php:66
actionabilities_api_initincludes\class-divewp-abilities.php:67
actionadmin_enqueue_scriptsincludes\class-divewp-feedback.php:159
actionadmin_noticesincludes\class-divewp-feedback.php:160
actionadmin_initincludes\class-divewp-feedback.php:162
actionadmin_bar_menuincludes\class-divewp-main.php:66
actionadmin_enqueue_scriptsincludes\class-divewp-main.php:67
actionwp_enqueue_scriptsincludes\class-divewp-main.php:68
actionadmin_noticesincludes\class-divewp-main.php:116
actionadmin_menuincludes\class-divewp-main.php:280
actionadmin_enqueue_scriptsincludes\class-divewp-main.php:283
actionadmin_noticesincludes\class-divewp-main.php:318
actionadmin_noticesincludes\class-divewp-main.php:524
actionall_admin_noticesincludes\class-divewp-main.php:525
actionadmin_headincludes\class-divewp-main.php:529
actionadmin_footerincludes\class-divewp-main.php:552
actionadmin_menuincludes\class-divewp-main.php:1070
actionadmin_enqueue_scriptsincludes\class-divewp-main.php:1071
actionadmin_bar_menuincludes\class-divewp-main.php:1072
actionadmin_enqueue_scriptsincludes\class-divewp-main.php:1073
actionwp_enqueue_scriptsincludes\class-divewp-main.php:1074
actionadmin_enqueue_scriptsincludes\features\choose-hosting\class-choose-hosting.php:51
actionwp_logoutincludes\features\choose-hosting\class-choose-hosting.php:54
actionshutdownincludes\features\choose-hosting\class-database-tests.php:62
actionshutdownincludes\features\choose-hosting\class-database-tests.php:201
actionshutdownincludes\features\choose-hosting\class-database-tests.php:347
actionshutdownincludes\features\choose-hosting\class-database-tests.php:487
actionadmin_enqueue_scriptsincludes\features\class-ai-capabilities.php:27
actionadmin_initincludes\features\cron-jobs\class-cron-data.php:44
actionadmin_enqueue_scriptsincludes\features\cron-jobs\class-cron-jobs.php:97
filtercron_schedulesincludes\features\cron-jobs\class-cron-logger.php:103
actionplugins_loadedincludes\features\cron-jobs\class-cron-logger.php:117
actionmuplugins_loadedincludes\features\cron-jobs\class-cron-logger.php:120
actionplugins_loadedincludes\features\cron-jobs\class-cron-logger.php:123
actionallincludes\features\cron-jobs\class-cron-logger.php:126
filtercron_requestincludes\features\cron-jobs\class-cron-logger.php:129
actionplugins_loadedincludes\features\cron-jobs\class-cron-logger.php:132
actioninitincludes\features\cron-jobs\class-cron-logger.php:135
actiondivewp_cleanup_cron_logsincludes\features\cron-jobs\class-cron-logger.php:136
filterpre_schedule_eventincludes\features\cron-jobs\class-cron-logger.php:139
filterpre_schedule_single_eventincludes\features\cron-jobs\class-cron-logger.php:140
actioninitincludes\features\cron-jobs\class-cron-logger.php:143
actionaction_scheduler_before_executeincludes\features\cron-jobs\class-cron-logger.php:199
actionaction_scheduler_after_executeincludes\features\cron-jobs\class-cron-logger.php:200
actionaction_scheduler_failed_executionincludes\features\cron-jobs\class-cron-logger.php:201
actionadmin_enqueue_scriptsincludes\features\db-insights\class-db-insights.php:74
actionadmin_enqueue_scriptsincludes\features\email-communications\class-email-insights.php:47
filterwp_mailincludes\features\email-communications\class-email-logger.php:65
actionwp_mail_failedincludes\features\email-communications\class-email-logger.php:66
actiondivewp_daily_cleanupincludes\features\email-communications\class-email-logger.php:68
actioninitincludes\features\email-communications\class-email-logger.php:69
actionadmin_enqueue_scriptsincludes\features\performance-optimizations\class-performance-checks.php:71
actionadmin_footerincludes\features\performance-optimizations\class-performance-checks.php:72
actionadmin_enqueue_scriptsincludes\features\plugins-management\class-plugins-management.php:27
actionadmin_enqueue_scriptsincludes\features\security-insights\class-security.php:83
actionadmin_footerincludes\features\security-insights\class-security.php:84
actionadmin_enqueue_scriptsincludes\features\seo-optimization\class-seo-optimization.php:33
actionadmin_enqueue_scriptsincludes\features\server-insights\class-server-insights-new.php:38
actionadmin_footerincludes\features\theme-builder\class-theme-builder.php:87
actiontransition_post_statusincludes\features\user-events\class-event-logger.php:109
actionpost_updatedincludes\features\user-events\class-event-logger.php:110
actionadd_attachmentincludes\features\user-events\class-event-logger.php:113
actiondelete_attachmentincludes\features\user-events\class-event-logger.php:114
actioncreated_termincludes\features\user-events\class-event-logger.php:117
actionedited_termincludes\features\user-events\class-event-logger.php:118
actiondelete_termincludes\features\user-events\class-event-logger.php:119
actiontransition_comment_statusincludes\features\user-events\class-event-logger.php:122
actiondelete_commentincludes\features\user-events\class-event-logger.php:123
actionedit_commentincludes\features\user-events\class-event-logger.php:124
actionadmin_initincludes\features\user-events\class-event-logger.php:127
actionwp_logoutincludes\features\user-events\class-event-logger.php:128
actionclear_auth_cookieincludes\features\user-events\class-event-logger.php:129
actionuser_registerincludes\features\user-events\class-event-logger.php:132
actiondelete_userincludes\features\user-events\class-event-logger.php:133
actionedit_user_profile_updateincludes\features\user-events\class-event-logger.php:134
actionafter_password_resetincludes\features\user-events\class-event-logger.php:135
actionactivated_pluginincludes\features\user-events\class-event-logger.php:138
actiondeactivated_pluginincludes\features\user-events\class-event-logger.php:139
actiondeleted_pluginincludes\features\user-events\class-event-logger.php:140
actionupgrader_process_completeincludes\features\user-events\class-event-logger.php:141
actionupgrader_process_completeincludes\features\user-events\class-event-logger.php:142
actionswitch_themeincludes\features\user-events\class-event-logger.php:145
actiondeleted_themeincludes\features\user-events\class-event-logger.php:146
actionupgrader_process_completeincludes\features\user-events\class-event-logger.php:147
actionupgrader_process_completeincludes\features\user-events\class-event-logger.php:148
actioncustomize_saveincludes\features\user-events\class-event-logger.php:149
actionupdated_optionincludes\features\user-events\class-event-logger.php:152
actioninitincludes\features\user-events\class-event-logger.php:156
actiondivewp_user_events_cleanupincludes\features\user-events\class-event-logger.php:157
actionretrieve_passwordincludes\features\user-events\class-event-logger.php:160
actionapplication_password_did_authenticateincludes\features\user-events\class-event-logger.php:163
filterrest_request_before_callbacksincludes\features\user-events\class-event-logger.php:166
actionset_user_roleincludes\features\user-events\class-event-logger.php:169
actionwp_login_failedincludes\features\user-events\class-event-logger.php:170
actionbefore_delete_postincludes\features\user-events\class-event-logger.php:171
actionupgrader_process_completeincludes\features\user-events\class-event-logger.php:172
actionadmin_enqueue_scriptsincludes\features\user-events\class-user-events.php:65
actionadmin_noticesincludes\features\user-events\class-user-events.php:771
actionadmin_enqueue_scriptsincludes\features\woocommerce-best-practices\class-woocommerce-best-practices.php:49

Scheduled Events 3

divewp_cleanup_cron_logs
divewp_daily_cleanup
divewp_user_events_cleanup
Maintenance & Trust

DiveWP – Boost Site Performance with Clear, Actionable Steps Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedFeb 26, 2026
PHP min version7.2
Downloads2K

Community Trust

Rating100/100
Number of ratings6
Active installs200
Alternatives

DiveWP – Boost Site Performance with Clear, Actionable Steps Alternatives

WPVulnerability

WPVulnerability

wpvulnerability

A
100

Get WordPress vulnerability alerts from the WPVulnerability Database API.

10K No CVEs
SiteLock Security – WP Hardening, Login Security & Malware Scans

SiteLock Security – WP Hardening, Login Security & Malware Scans

sitelock

A
98

Free, lightweight WordPress security. Harden your site with login protection & 2FA, see Site Health clearly and run on-demand checks—setup in minutes.

1K 2 CVEs
WP Disable Site Health

WP Disable Site Health

wp-disable-site-health

A
85

License: GPLv2 or later Disables new Site Health screen from WP Dashboard

1K No CVEs
WP safely disable directory browsing

WP safely disable directory browsing

wp-safely-disable-directory-browsing

A
85

This essential .htaccess rules plugin allow you to improve security of your wordpress blog.

300 No CVEs
Site Health Manager

Site Health Manager

site-health-manager

A
85

Control which status tests and what debug information appear in your Site Health screen.

100 No CVEs
Developer Profile

DiveWP – Boost Site Performance with Clear, Actionable Steps Developer Profile

Oleg Petrov

1 plugin · 200 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect DiveWP – Boost Site Performance with Clear, Actionable Steps

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/divewp-boost-site-performance/assets/css/divewp-styles.css/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-scripts.js/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-script-dashboard.js/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-script-admin.js
Script Paths
/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-scripts.js/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-script-dashboard.js/wp-content/plugins/divewp-boost-site-performance/assets/js/divewp-script-admin.js
Version Parameters
divewp-boost-site-performance/assets/css/divewp-styles.css?ver=divewp-boost-site-performance/assets/js/divewp-scripts.js?ver=divewp-boost-site-performance/assets/js/divewp-script-dashboard.js?ver=divewp-boost-site-performance/assets/js/divewp-script-admin.js?ver=

HTML / DOM Fingerprints

CSS Classes
divewp-dashboard-wrapdivewp-overview-sectiondivewp-performance-insightsdivewp-security-insightsdivewp-best-practices-insightsdivewp-email-logging-table
HTML Comments
<!-- DiveWP Debug Log --><!-- DiveWP Performance Insights Section --><!-- DiveWP Security Insights Section --><!-- DiveWP Best Practices Insights Section -->
Data Attributes
data-divewp-chart-typedata-divewp-chart-datadata-divewp-insight-slugdata-divewp-user-id
JS Globals
divewp_paramsdivewp_dashboard_datadivewp_email_logsdivewp_debug_settings
REST Endpoints
/wp-json/divewp/v1/insights/wp-json/divewp/v1/email-logs/wp-json/divewp/v1/debug-settings
Shortcode Output
[divewp_performance_insight][divewp_security_insight][divewp_best_practice_insight][divewp_email_log_viewer]
FAQ

Frequently Asked Questions about DiveWP – Boost Site Performance with Clear, Actionable Steps