Only WebP Uploads Security & Risk Analysis
wordpress.org/plugins/only-webp-uploadsAutomatically converts uploaded images (JPG/JPEG/PNG/GIF) to WebP, including all WordPress sizes.
Is Only WebP Uploads Safe to Use in 2026?
Generally Safe
Score 100/100Only WebP Uploads has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The "only-webp-uploads" plugin v1.0.1 demonstrates a generally strong security posture based on the provided static analysis. It effectively utilizes prepared statements for all SQL queries, implements nonce and capability checks for its entry points, and properly escapes the vast majority of its output. The absence of critical or high severity taint flows, along with zero known vulnerabilities in its history, further reinforces this positive assessment. The plugin also has a very small attack surface with no unprotected entry points detected.
However, there are a few minor areas for consideration. While the number of file operations (3) is small, it's always good practice to ensure these operations are handled with utmost care, especially when dealing with user-uploaded content. The presence of 2 AJAX handlers, though protected, does represent potential interaction points that require ongoing vigilance. The plugin's vulnerability history is clean, which is an excellent sign, but this indicates it has likely not been subjected to extensive, long-term scrutiny. Overall, this plugin appears to be well-developed with good security practices in place, but minor areas of vigilance remain.
Only WebP Uploads Security Vulnerabilities
Only WebP Uploads Code Analysis
SQL Query Safety
Output Escaping
Data Flow Analysis
Only WebP Uploads Attack Surface
AJAX Handlers 2
WordPress Hooks 8
Maintenance & Trust
Only WebP Uploads Maintenance & Trust
Maintenance Signals
Community Trust
Only WebP Uploads Alternatives
Force WebP
force-webp
Say goodbye to JPG and PNG – make your site run on fast, modern WebP images.
RS Auto WebP Convert
rs-auto-webp-convert
Automatically converts JPEG/JPG/PNG to WebP on upload, with an option to delete the original. Imagick preferred, GD fallback. No tracking.
Imagify Image Optimization – Optimize Images | Compress Images | Convert WebP | Convert AVIF
imagify
Optimize images in 1-click: compress images, convert to WebP & AVIF, resize, and boost your site with the easiest WordPress image optimization plugin!
Smush Image Optimization – Optimize Images | Compress & Lazy Load Images | Convert WebP & AVIF | Image CDN
wp-smushit
Optimize and compress images with lossless and lossy compression, lazy load, WebP & AVIF conversion, and global image CDN.
Converter for Media – Optimize images | Convert WebP & AVIF
webp-converter-for-media
Speed up your website by using our WebP & AVIF Converter. Optimize images and serve WebP and AVIF images instead of standard formats!
Only WebP Uploads Developer Profile
1 plugin · 10 total installs
How We Detect Only WebP Uploads
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/only-webp-uploads/assets/css/admin.css/wp-content/plugins/only-webp-uploads/assets/js/admin.js/wp-content/plugins/only-webp-uploads/assets/js/admin.jsonlywebp-admin-css?ver=onlywebp-admin-js?ver=HTML / DOM Fingerprints
data-nonce="onlywebp_ajax_nonce"onlywebpL10n