WP-Safety

Epoch – A native Disqus alternative with a focus on speed and privacy Security & Risk Analysis

wordpress.org/plugins/epoch

Epoch - 100% realtime chat and commenting in a tiny little package that is fully CDN and cache compatible.

70 active installs v1.0.14 PHP + WP 3.9+ Updated Dec 17, 2015
ajax-commentscachecdncommentslightweight-commenting
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Epoch – A native Disqus alternative with a focus on speed and privacy Safe to Use in 2026?

Generally Safe

Score 85/100

Epoch – A native Disqus alternative with a focus on speed and privacy has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 10yr ago
Risk Assessment

The "epoch" plugin v1.0.14 exhibits a generally strong security posture based on this static analysis. The absence of known CVEs and a history of unpatched vulnerabilities are positive indicators. The plugin also demonstrates good practices by exclusively using prepared statements for SQL queries and implementing a substantial number of capability checks. Its attack surface is commendably small, with only one AJAX handler, and importantly, no unprotected entry points were identified, suggesting that access controls are generally in place.

However, there are areas for improvement and potential concern. The taint analysis revealed one flow with unsanitized paths, which is flagged as high severity. This indicates a potential for attackers to exploit this path if it leads to sensitive operations or data manipulation. While the overall output escaping rate is high (86%), the remaining 14% unescaped outputs could still pose a Cross-Site Scripting (XSS) risk depending on the nature of the data being displayed. The presence of file operations without further context also warrants careful review to ensure they are not being used in an insecure manner.

In conclusion, the plugin is well-maintained and follows many security best practices. The primary concern is the identified high-severity taint flow, which requires immediate investigation and remediation. Addressing this, along with reviewing the unescaped output and file operations, would further solidify its security. The lack of historical vulnerabilities is a testament to diligent development, but constant vigilance is necessary.

Key Concerns

  • High severity taint flow with unsanitized path
  • Unsanitized output identified (14% of outputs)
Vulnerabilities
None known

Epoch – A native Disqus alternative with a focus on speed and privacy Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Epoch – A native Disqus alternative with a focus on speed and privacy Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
0 prepared
Unescaped Output
4
24 escaped
Nonce Checks
3
Capability Checks
15
File Operations
7
External Requests
0
Bundled Libraries
0

Output Escaping

86% escaped28 total outputs
Data Flows
1 unsanitized

Data Flow Analysis

2 flows1 with unsanitized paths
<api_route> (classes\front\api_route.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface

Epoch – A native Disqus alternative with a focus on speed and privacy Attack Surface

Entry Points1
Unprotected0

AJAX Handlers 1

authwp_ajax_epoch_save_configclasses\settings.php:31
WordPress Hooks 28
actioninitclasses\core.php:65
actionwpmu_new_blogclasses\core.php:68
actionadmin_enqueue_scriptsclasses\core.php:71
actionwp_enqueue_scriptsclasses\core.php:74
actionadmin_enqueue_scriptsclasses\core.php:75
actiontemplate_redirectclasses\core.php:88
actiontemplate_redirectclasses\core.php:89
actioninitclasses\core.php:95
filtercomments_templateclasses\core.php:128
actionepoch_iframe_footerclasses\core.php:129
actionwp_footerclasses\core.php:130
filterthe_contentclasses\core.php:131
actionwp_enqueue_scriptsclasses\core.php:176
filtercomments_templateclasses\core.php:177
actionepoch_iframe_footerclasses\core.php:178
actionwp_footerclasses\core.php:179
filterthe_contentclasses\core.php:180
filtershow_admin_barclasses\core.php:200
actioninitclasses\front\api_route.php:32
filterwp_die_handlerclasses\front\api_route.php:112
actioninitclasses\front\end_points.php:23
actiontransition_comment_statusclasses\front\prewrite_comment_count.php:46
actionsave_postclasses\front\prewrite_comment_count.php:47
filterepoch_api_urlclasses\front\vars.php:177
actionadmin_menuclasses\settings.php:29
actionepoch_iframe_footerincludes\functions.php:13
filterepoch_iframe_scriptsincludes\functions.php:70
actionplugins_loadedplugincore.php:49
Maintenance & Trust

Epoch – A native Disqus alternative with a focus on speed and privacy Maintenance & Trust

Maintenance Signals

WordPress version tested4.4.34
Last updatedDec 17, 2015
PHP min version
Downloads32K

Community Trust

Rating90/100
Number of ratings21
Active installs70
Alternatives

Epoch – A native Disqus alternative with a focus on speed and privacy Alternatives

SpeedyCache – Cache, Optimization, Performance

SpeedyCache – Cache, Optimization, Performance

speedycache

A
97

SpeedyCache is a WordPress cache plugin that helps you improve performance of your WordPress site by caching, minifying, and compressing your website.

600K 4 CVEs
Breeze Cache

Breeze Cache

breeze

A
95

Breeze is a caching plugin developed by Cloudways. Breeze uses advance caching systems to improve site loading times exponentially.

400K 8 CVEs
Comments – wpDiscuz

Comments – wpDiscuz

wpdiscuz

B
75

AJAX powered realtime comments. Designed to extend WordPress native comments. Custom comment forms/fields. Making comments has never been so awesome!

80K 24 CVEs
Pantheon Advanced Page Cache

Pantheon Advanced Page Cache

pantheon-advanced-page-cache

A
100

Automatically clear related pages from Pantheon's Edge when you update content. High TTL. Fresh content. Visitors never wait.

10K No CVEs
Swift Performance Lite

Swift Performance Lite

swift-performance-lite

A
96

Swift Performance is a cache and performance booster plugin. It can speed up your site, improve SEO scores and user experience.

7K 4 CVEs
Developer Profile

Epoch – A native Disqus alternative with a focus on speed and privacy Developer Profile

Josh Pollock

6 plugins · 540 total installs

84
trust score
Avg Security Score
85/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Epoch – A native Disqus alternative with a focus on speed and privacy

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/epoch/assets/css/epoch-base.css/wp-content/plugins/epoch/assets/css/epoch-comments.css/wp-content/plugins/epoch/assets/css/epoch-admin.css/wp-content/plugins/epoch/assets/js/epoch-admin.js/wp-content/plugins/epoch/assets/js/epoch-frontend.js/wp-content/plugins/epoch/assets/js/epoch-comments.js
Script Paths
/wp-content/plugins/epoch/assets/js/epoch-admin.js/wp-content/plugins/epoch/assets/js/epoch-frontend.js/wp-content/plugins/epoch/assets/js/epoch-comments.js
Version Parameters
epoch/assets/css/epoch-base.css?ver=epoch/assets/css/epoch-comments.css?ver=epoch/assets/css/epoch-admin.css?ver=epoch/assets/js/epoch-admin.js?ver=epoch/assets/js/epoch-frontend.js?ver=epoch/assets/js/epoch-comments.js?ver=

HTML / DOM Fingerprints

CSS Classes
epoch-comment-formepoch-comment-listepoch-commentepoch-reply-buttonepoch-avatarepoch-comment-authorepoch-comment-dateepoch-comment-content+3 more
HTML Comments
<!-- Epoch Comment Form --><!-- Epoch Comment List --><!-- Epoch Comment -->
Data Attributes
data-epoch-comment-iddata-epoch-post-iddata-epoch-comment-parent-id
JS Globals
epochSettings
REST Endpoints
/wp-json/epoch/v1/comments/wp-json/epoch/v1/comment/wp-json/epoch/v1/posts
Shortcode Output
[epoch_comments][epoch_form]
FAQ

Frequently Asked Questions about Epoch – A native Disqus alternative with a focus on speed and privacy