WP-Safety

Site Speed Monitor Security & Risk Analysis

wordpress.org/plugins/site-speed-monitor

Site Speed Monitor allows you to monitor your website load times automatically while tracking it's performance.

10 active installs v1.0.0 PHP 5.6+ WP 4.0+ Updated Feb 11, 2018
reportspeedtestwebpagetestwebsite
85
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is Site Speed Monitor Safe to Use in 2026?

Generally Safe

Score 85/100

Site Speed Monitor has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 8yr ago
Risk Assessment

The "site-speed-monitor" v1.0.0 plugin presents a mixed security posture. On the positive side, it demonstrates good practices with 100% of its SQL queries using prepared statements and a very high percentage (95%) of properly escaped output, indicating attention to common web vulnerabilities. The absence of any recorded vulnerabilities in its history is also a strong positive signal, suggesting it has been developed with security in mind or has not yet been targeted.

However, significant concerns arise from the static analysis. The plugin has a notable attack surface of 4 entry points, with a worrying 3 of these being AJAX handlers that lack authentication checks. This is a direct pathway for potential unauthorized actions or data manipulation if an attacker can trigger these handlers. While taint analysis found no critical or high severity issues, the lack of capability checks further exacerbates the risk associated with these unprotected AJAX endpoints. The presence of external HTTP requests, while not inherently a vulnerability, could be a vector for various attacks if not handled securely.

In conclusion, while the plugin's foundation in SQL and output handling is robust, the unprotected AJAX endpoints represent a critical weakness. The vulnerability history is currently clean, but this does not negate the immediate risks identified in the code. Addressing the authentication and authorization for the AJAX handlers should be the highest priority to mitigate the identified risks.

Key Concerns

  • AJAX handlers without auth checks
  • No capability checks
  • External HTTP requests without context
Vulnerabilities
None known

Site Speed Monitor Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Site Speed Monitor Code Analysis

Dangerous Functions
0
Raw SQL Queries
0
2 prepared
Unescaped Output
8
163 escaped
Nonce Checks
8
Capability Checks
0
File Operations
0
External Requests
5
Bundled Libraries
0

SQL Query Safety

100% prepared2 total queries

Output Escaping

95% escaped171 total outputs
Attack Surface
3 unprotected

Site Speed Monitor Attack Surface

Entry Points4
Unprotected3

AJAX Handlers 4

authwp_ajax_get_test_scoresincludes\class-ajax.php:17
authwp_ajax_get_test_site_detailsincludes\class-ajax.php:19
authwp_ajax_clear_site_speed_monitor_logsincludes\class-ajax.php:21
authwp_ajax_update_chart_optionincludes\class-ajax.php:23
WordPress Hooks 34
actionplugins_loadedincludes\autoload.php:39
filtersite_speed_monitor_test_parametersincludes\class-actions.php:50
filterremovable_query_argsincludes\class-actions.php:52
actionsite_speed_monitor_widget_topincludes\class-actions.php:54
actioncurrent_screenincludes\class-actions.php:55
actionsite_speed_monitor_tools_history_bottomincludes\class-actions.php:57
actionsite_speed_monitor_tools_history_bottomincludes\class-actions.php:58
actionactivated_pluginincludes\class-actions.php:61
actionswitch_themeincludes\class-actions.php:62
actionsite_speed_monitor_site_details_startincludes\class-actions.php:64
filteradmin_footer_textincludes\class-actions.php:66
filterupdate_footerincludes\class-actions.php:67
actionadmin_bar_menuincludes\class-admin-bar.php:15
actionadmin_noticesincludes\class-admin-notices.php:17
filtercron_schedulesincludes\class-cron.php:15
actionspeed_test_runincludes\class-cron.php:22
actiondelayed_speed_test_runincludes\class-cron.php:29
actionwp_dashboard_setupincludes\class-dashboard-widget.php:17
actionsite_speed_monitor_widget_topincludes\class-dashboard-widget.php:19
filterquery_varsincludes\class-listener.php:35
actionparse_requestincludes\class-listener.php:37
actioninitincludes\class-listener.php:39
actioninitincludes\class-listener.php:40
actioninitincludes\class-listener.php:41
actioninitincludes\class-listener.php:42
actioninitincludes\class-log.php:31
actionadmin_menuincludes\class-settings.php:24
actionadmin_initincludes\class-settings.php:26
actionadmin_enqueue_scriptsincludes\class-settings.php:28
actionadmin_menuincludes\class-tools.php:23
actionadmin_enqueue_scriptsincludes\class-tools.php:25
actionadmin_noticesincludes\class-wpt-api.php:58
actionplugins_loadedsite-speed-monitor.php:86
actionshutdownsite-speed-monitor.php:90

Scheduled Events 3

delayed_speed_test_run
delayed_speed_test_run
speed_test_run
Maintenance & Trust

Site Speed Monitor Maintenance & Trust

Maintenance Signals

WordPress version tested4.9.29
Last updatedFeb 11, 2018
PHP min version5.6
Downloads2K

Community Trust

Rating100/100
Number of ratings1
Active installs10
Alternatives

Site Speed Monitor Alternatives

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

NitroPack – Performance, Page Speed & Cache Plugin for Core Web Vitals, CDN & Image Optimization

nitropack

A
91

Boost site speed and performance with an all-in-one cache and speed optimization plugin. Pass Core Web Vitals with CDN, image optimization, lazy loadi …

100K 6 CVEs
Solid Central – Site Management, Backups, Security, and Reporting

Solid Central – Site Management, Backups, Security, and Reporting

ithemes-sync

A
97

Manage multiple WordPress sites from one dashboard.

30K 3 CVEs
WP Speed of Light

WP Speed of Light

wp-speed-of-light

A
100

WP Speed of Light is a WordPress speedup plugin and load time testing. Cache, Gzip, minify, group, Lazy Loading, CDN

7K No CVEs
Internet Speed Test

Internet Speed Test

internet-speed-test

A
92

The plugin allows you to embed speed test for your website via a shortcode. See live demo here.

500 No CVEs
Usersnap

Usersnap

usersnap

A
92

Usersnap: The feedback platform designed to capture, organize, and respond to user feedback seamlessly.

500 1 CVE
Developer Profile

Site Speed Monitor Developer Profile

Evan Herman

15 plugins · 136K total installs

68
trust score
Avg Security Score
84/100
Avg Patch Time
375 days
View full developer profile
Detection Fingerprints

How We Detect Site Speed Monitor

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/site-speed-monitor/assets/css/admin-bar.css/wp-content/plugins/site-speed-monitor/assets/css/admin-bar-rtl.css/wp-content/plugins/site-speed-monitor/assets/js/admin-bar.js/wp-content/plugins/site-speed-monitor/assets/js/admin-bar.min.js
Script Paths
/wp-content/plugins/site-speed-monitor/assets/js/admin-bar.js/wp-content/plugins/site-speed-monitor/assets/js/admin-bar.min.js
Version Parameters
site-speed-monitor/assets/css/admin-bar.css?ver=site-speed-monitor/assets/css/admin-bar-rtl.css?ver=site-speed-monitor/assets/js/admin-bar.js?ver=site-speed-monitor/assets/js/admin-bar.min.js?ver=

HTML / DOM Fingerprints

CSS Classes
site-speed-monitor
Data Attributes
title="Site Speed Monitor - Website Load Time"
FAQ

Frequently Asked Questions about Site Speed Monitor