WP-Safety

Speedy Go Security & Risk Analysis

wordpress.org/plugins/speedy-go

Optimize your WordPress site with advanced caching, minification, and performance tools for faster loading.

50 active installs v2.0.2 PHP 7.2+ WP 5.0+ Updated Mar 10, 2026
cachingcompressionminificationoptimizationperformance
100
A · Safe
CVEs total0
Unpatched0
Last CVENever
Download
Safety Verdict

Is Speedy Go Safe to Use in 2026?

Generally Safe

Score 100/100

Speedy Go has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 24d ago
Risk Assessment

The "speedy-go" v2.0.3 plugin exhibits a generally good security posture, with a strong emphasis on secure coding practices such as the high percentage of prepared SQL statements and properly escaped output. The lack of known CVEs and recorded vulnerabilities, along with no critical or high-severity taint flows, further reinforces this positive outlook. The plugin also demonstrates good use of nonce and capability checks on its entry points.

However, a notable concern arises from the presence of an unprotected AJAX handler, representing a potential attack vector that could be exploited if not carefully handled. While the overall attack surface is small, this single unprotected entry point warrants attention. The plugin also utilizes a bundled library (Select2), which, while common, could be a point of weakness if it's outdated or contains its own vulnerabilities not yet discovered or patched within the plugin itself.

In conclusion, "speedy-go" v2.0.3 is a relatively secure plugin with a solid foundation in secure coding. The primary weakness lies in the unprotected AJAX handler, which introduces a moderate risk. The absence of a vulnerability history is a significant strength, suggesting diligent development. Addressing the unprotected AJAX handler should be the priority to further strengthen its security.

Key Concerns

  • AJAX handler without auth checks
Vulnerabilities
None known

Speedy Go Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Code Analysis
Analyzed Mar 16, 2026

Speedy Go Code Analysis

Dangerous Functions
0
Raw SQL Queries
1
11 prepared
Unescaped Output
16
101 escaped
Nonce Checks
9
Capability Checks
14
File Operations
16
External Requests
6
Bundled Libraries
1

Bundled Libraries

Select2

SQL Query Safety

92% prepared12 total queries

Output Escaping

86% escaped117 total outputs
Data Flows
All sanitized

Data Flow Analysis

7 flows
speedygo_import_settings (includes\admin-functions.php:496)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
1 unprotected

Speedy Go Attack Surface

Entry Points4
Unprotected1

AJAX Handlers 3

authwp_ajax_mpd_process_loginincludes\api-key-api.php:341
authwp_ajax_speedygo_submit_deactivation_reasonincludes\deactivation-feedback.php:115
authwp_ajax_speedygo_tracking_optinincludes\telemetry.php:32

REST API Routes 1

GET/wp-json/speedy-go/v1/get-api-keyincludes\api-key-api.php:26
WordPress Hooks 44
actionadmin_enqueue_scriptsincludes\admin-functions.php:84
actionplugins_loadedincludes\admin-functions.php:102
actionadmin_initincludes\admin-functions.php:180
actionadmin_noticesincludes\admin-functions.php:214
actionadmin_bar_menuincludes\admin-functions.php:272
actionadmin_noticesincludes\admin-functions.php:276
actionadmin_initincludes\admin-functions.php:491
actionadmin_initincludes\admin-functions.php:530
actionrest_api_initincludes\api-key-api.php:25
actionsend_headersincludes\browser-caching.php:34
actionadmin_initincludes\browser-caching.php:38
actionadmin_noticesincludes\browser-caching.php:76
actionadmin_noticesincludes\browser-caching.php:80
filtercron_schedulesincludes\cache-preloading.php:34
actionspeedygo_preload_cache_eventincludes\cache-preloading.php:36
actionadmin_initincludes\compression.php:41
actionadmin_noticesincludes\compression.php:162
actionadmin_enqueue_scriptsincludes\deactivation-feedback.php:54
actiontemplate_redirectincludes\mobile-caching.php:32
actionshutdownincludes\mobile-caching.php:33
filterpre_set_transientincludes\object-caching.php:39
filterpre_get_transientincludes\object-caching.php:40
actioninitincludes\object-caching.php:44
actionsave_postincludes\output-handler.php:26
actiontemplate_redirectincludes\output-handler.php:27
actiontemplate_redirectincludes\output-handler.php:28
actionshutdownincludes\output-handler.php:29
filtercron_schedulessincludes\scheduled-expiration.php:48
actionupdated_optionincludes\telemetry.php:81
actionadded_optionincludes\telemetry.php:102
actionadmin_initincludes\telemetry.php:152
actionupgrader_process_completeincludes\telemetry.php:240
actionadmin_footerincludes\telemetry.php:373
actionadmin_enqueue_scriptsincludes\telemetry.php:376
actionadmin_initspeedy-go.php:19
actionadmin_noticesspeedy-go.php:31
actionplugins_loadedspeedy-go.php:107
actionadmin_menuspeedy-go.php:206
actionadmin_noticesspeedy-go.php:241
actionadmin_noticesspeedy-go.php:247
actionadmin_noticesspeedy-go.php:254
actionadmin_initspeedy-go.php:264
actioncurrent_screenspeedy-go.php:278
actionadmin_enqueue_scriptsspeedy-go.php:301

Scheduled Events 1

speedygo_preload_cache_event
Maintenance & Trust

Speedy Go Maintenance & Trust

Maintenance Signals

WordPress version tested6.9.4
Last updatedMar 10, 2026
PHP min version7.2
Downloads497

Community Trust

Rating0/100
Number of ratings0
Active installs50
Alternatives

Speedy Go Alternatives

Image Optimizer – Optimize Images and Convert to WebP or AVIF

Image Optimizer – Optimize Images and Convert to WebP or AVIF

image-optimization

A
99

Automatically resize, optimize, and convert images to WebP and AVIF. Compress images in bulk or on upload to boost your WordPress site performance.

1.0M 1 CVE
WP Meteor Website Speed Optimization Addon

WP Meteor Website Speed Optimization Addon

wp-meteor

A
98

2x-5x improvement in your Page Speed score. A completely new way of optimizing your page speed.

20K 3 CVEs
QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

QuickWebP – Compress / Optimize Images & Convert WebP | SEO Friendly

quickwebp

A
100

QuickWebP is a free WordPress plugin that converts images to WebP, optimizes performance, improves SEO, auto-fills metadata, and resizes images—no API …

7K No CVEs
Speed Kit

Speed Kit

baqend

B
70

Speed Kit makes your WordPress website load instantly with one simple click.

2K 1 unpatched
Image to WebP Converter

Image to WebP Converter

image-to-webp-converter

A
100

Automatically convert uploaded images (PNG, JPG, JPEG) to WebP format to enhance website performance and reduce load times.

900 No CVEs
Developer Profile

Speedy Go Developer Profile

Code and Core

8 plugins · 340 total installs

94
trust score
Avg Security Score
100/100
Avg Patch Time
30 days
View full developer profile
Detection Fingerprints

How We Detect Speedy Go

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/speedy-go/assets/css/main.css/wp-content/plugins/speedy-go/assets/js/main.js
Script Paths
/wp-content/plugins/speedy-go/assets/js/main.js
Version Parameters
speedy-go/assets/css/main.css?ver=speedy-go/assets/js/main.js?ver=

HTML / DOM Fingerprints

HTML Comments
<!-- Speedy Go: Cache start --><!-- Speedy Go: Cache end --><!-- Speedy Go: Optimizer start --><!-- Speedy Go: Optimizer end -->+1 more
Data Attributes
data-speedy-go-optimizer
JS Globals
window.SpeedyGo
FAQ

Frequently Asked Questions about Speedy Go