Website Carbon Security & Risk Analysis
wordpress.org/plugins/website-carbonEvery web page view generates carbon emissions. The website carbon plugin monitors your site and lets you know what the emissions are.
Is Website Carbon Safe to Use in 2026?
Generally Safe
Score 85/100Website Carbon has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The website-carbon plugin v1.1.3 exhibits a generally strong security posture based on the provided static analysis. The absence of dangerous functions, the consistent use of prepared statements for all SQL queries, and the high percentage of properly escaped output are significant strengths. The plugin also demonstrates good practice by implementing nonce checks for its AJAX handlers, which helps protect against CSRF attacks.
However, a notable concern is the complete lack of capability checks for its AJAX handlers. While nonce checks are present, they do not prevent authenticated users from accessing or manipulating these endpoints. This could be a significant risk if these AJAX actions perform sensitive operations. The plugin also performs one file operation and one external HTTP request, which, while not inherently insecure, represent potential points of vulnerability if not handled with extreme care and proper sanitization. The vulnerability history being clear of any past CVEs is a positive indicator of its current maintenance and security focus.
In conclusion, the plugin has implemented several key security best practices effectively. The absence of known vulnerabilities and robust SQL handling are commendable. The primary area for improvement and concern lies in the lack of capability checks on AJAX handlers, which significantly expands the potential attack surface for authenticated users. Addressing this would further strengthen the plugin's overall security.
Key Concerns
- AJAX handlers without capability checks
Website Carbon Security Vulnerabilities
Website Carbon Code Analysis
Output Escaping
Data Flow Analysis
Website Carbon Attack Surface
AJAX Handlers 3
WordPress Hooks 8
Maintenance & Trust
Website Carbon Maintenance & Trust
Maintenance Signals
Community Trust
Website Carbon Alternatives
Website Carbon Calculator
website-carbon-calculator
Effortlessly calculate any page’s impact and performance, with real-time results and no reliance on the Website Carbon API, ensuring instant updates.
Performance Lab
performance-lab
Performance plugin from the WordPress Performance Team, which is a collection of standalone performance features.
Plugin Check (PCP)
plugin-check
Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.
WP Speed of Light
wp-speed-of-light
WP Speed of Light is a WordPress speedup plugin and load time testing. Cache, Gzip, minify, group, Lazy Loading, CDN
AZKA Uncache My Cache
azka-uncache-my-cache
Purge automatiquement certains caches après les mises à jour WordPress (plugins, thèmes, cœur).
Website Carbon Developer Profile
2 plugins · 200 total installs
How We Detect Website Carbon
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/website-carbon/assets/styles/admin.css/wp-content/plugins/website-carbon/assets/scripts/admin.js/wp-content/plugins/website-carbon/assets/scripts/admin.jswebsite-carbon/assets/styles/admin.css?ver=website-carbon/assets/scripts/admin.js?ver=HTML / DOM Fingerprints
websitecarbon-gaugewebsitecarbon-gauge__arrowwebsitecarbon-gauge__valuewebsitecarbon-dashboard-widget-worstwebsitecarbon-dashboard-widget-best<!-- Website Carbon Dashboard Widget --><!-- Website Carbon - Worst Emissions --><!-- Website Carbon - Best Emissions --><!-- Website Carbon Tool -->data-iddata-co2websitecarbonvars