Does Heartbeat Control have any unpatched vulnerabilities?

No. All known vulnerabilities in Heartbeat Control have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is Heartbeat Control compatible with WordPress 6.3.8?

According to WordPress.org data, Heartbeat Control 2.0.1 has been tested up to WordPress 6.3.8. Check the plugin's changelog for the latest compatibility information.

Is Heartbeat Control compatible with PHP 5.3+?

Heartbeat Control requires PHP 5.3 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is Heartbeat Control updated?

Heartbeat Control was last updated on Aug 31, 2023. Frequent updates are generally a positive security signal.

What is Heartbeat Control's security score?

Heartbeat Control has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

Heartbeat Control Security & Risk Analysis

wordpress.org/plugins/heartbeat-control

Allows you to easily manage the frequency of the WordPress heartbeat API.

80K active installs v2.0.1 PHP 5.3+ WP 3.6+ Updated Aug 31, 2023

admin-ajaxheartbeatheartbeat-apiheartbeat-controlserver-resources

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is Heartbeat Control Safe to Use in 2026?

Generally Safe

Score 85/100

Heartbeat Control has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 2yr ago

Risk Assessment

The Heartbeat Control plugin v2.0.1 exhibits a strong security posture based on the provided static analysis and vulnerability history. The complete absence of identified dangerous functions, raw SQL queries, file operations, and external HTTP requests is a significant positive. Furthermore, the plugin demonstrates good practice by implementing nonce and capability checks, and its SQL queries are 100% prepared. The high percentage of properly escaped output (86%) also suggests careful handling of user-supplied data. The lack of any historical vulnerabilities or recorded CVEs further reinforces its secure reputation.

From a code analysis perspective, there are no apparent immediate risks. The attack surface is zero, meaning there are no directly exposed entry points like AJAX handlers, REST API routes, or shortcodes that could be exploited. The taint analysis also shows no flows with unsanitized paths, indicating that data does not appear to be flowing unsafely through the application.

Overall, the Heartbeat Control plugin v2.0.1 appears to be a very secure option. Its design prioritizes security by minimizing attack vectors and employing robust checks. The comprehensive absence of known vulnerabilities and the positive static analysis findings lead to a conclusion of low risk.

Key Concerns

14% of output not properly escaped
3 nonce checks present, 0 unregistered
3 capability checks present, 0 unregistered

Vulnerabilities

None known

Heartbeat Control Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

Heartbeat Control Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

42 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Output Escaping

86% escaped49 total outputs

Attack Surface

Heartbeat Control Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 9

actioncmb2_admin_initheartbeat-control.php:51

actionadmin_enqueue_scriptsHeartbeat.php:62

actionwp_enqueue_scriptsHeartbeat.php:63

filterheartbeat_settingsHeartbeat.php:64

actionall_admin_noticesImagify_Partner.php:116

filterremovable_query_argsImagify_Partner.php:117

actioncmb2_render_sliderSettings.php:29

actionadmin_enqueue_scriptsSettings.php:161

actioncmb2_save_options-page_fieldsSettings.php:162

Maintenance & Trust

Heartbeat Control Maintenance & Trust

Maintenance Signals

WordPress version tested6.3.8

Last updatedAug 31, 2023

PHP min version5.3

Downloads1.2M

Community Trust

Rating84/100

Number of ratings68

Active installs80K

Alternatives

Heartbeat Control Alternatives

Dynamic Front-End Heartbeat Control

dynamic-front-end-heartbeat-control

100

An enhanced solution to optimize the performance of your WordPress website and automatically achieve the best Heartbeat API values.

900 No CVEs

Heartbeat Controller

heartbeat-controller

100

Control WordPress Heartbeat API to reduce load. Allow, disable, or set custom frequency for Dashboard, Post Editor, and Frontend.

600 No CVEs

Native Performance

native-performance

100

Improve the performance of your WordPress: Reduce load times, solve common errors and more using the Native Performance plugin.

10 No CVEs

AJAX Heartbeat Tool

ajax-heartbeat-tool

Provides a method of turning the WordPress heartbeat off as well as change some settings.

400 No CVEs

TrimPress

trimpress

100

TrimPress optimizes and trims some of the cruft from WordPress for a lighter, more secure theme!

100 No CVEs

Developer Profile

Heartbeat Control Developer Profile

WP Media

8 plugins · 2.0M total installs

trust score

Avg Security Score

91/100

Avg Patch Time

1621 days

View full developer profile

Detection Fingerprints

How We Detect Heartbeat Control

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths

/wp-content/plugins/heartbeat-control/admin/css/admin.css/wp-content/plugins/heartbeat-control/admin/js/admin.js

Script Paths

/wp-content/plugins/heartbeat-control/admin/js/admin.js

Version Parameters

heartbeat-control/admin/css/admin.css?ver=heartbeat-control/admin/js/admin.js?ver=

HTML / DOM Fingerprints

CSS Classes

heartbeat-control-settings

Data Attributes

data-heartbeat-control-frequencydata-heartbeat-control-behaviordata-heartbeat-control-location

JS Globals

heartbeat_control_params

FAQ