Does WP Faster have any unpatched vulnerabilities?

No. All known vulnerabilities in WP Faster have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP Faster compatible with WordPress 5.4.19?

According to WordPress.org data, WP Faster 1.2 has been tested up to WordPress 5.4.19. Check the plugin's changelog for the latest compatibility information.

Is WP Faster compatible with PHP 5.3.2+?

WP Faster requires PHP 5.3.2 or higher. Most modern WordPress hosts run PHP 8.1 or 8.2. If you are on an older PHP version, consider upgrading before installing this plugin.

How often is WP Faster updated?

WP Faster was last updated on Apr 9, 2020. Frequent updates are generally a positive security signal.

What is WP Faster's security score?

WP Faster has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP Faster Security & Risk Analysis

wordpress.org/plugins/wp-hash-filename

WordPress性能优化插件，主要提升运行效率。更多信息请访问：更好的WordPress主题。

2K active installs v1.2 PHP 5.3.2+ WP 5.0+ Updated Apr 9, 2020

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP Faster Safe to Use in 2026?

Generally Safe

Score 85/100

WP Faster has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 5yr ago

Risk Assessment

The "wp-hash-filename" v1.2 plugin exhibits a strong security posture with no recorded vulnerabilities, CVEs, or identified taint flows. The static analysis reveals no exposed attack surface through AJAX, REST API, shortcodes, or cron events, and all SQL queries utilize prepared statements, demonstrating good development practices. The absence of external HTTP requests and file operations further minimizes potential exposure points.

However, the presence of two "dangerous functions" (create_function) is a notable concern. While no direct exploitation is evident in the static or taint analysis, the use of `create_function` is discouraged in modern PHP as it can lead to security vulnerabilities if not handled with extreme care, particularly regarding input sanitization, which is not explicitly detailed here beyond the zero taint flows. The lack of nonce and capability checks on the (currently non-existent) entry points is also a weakness, although moot in this specific version's configuration.

In conclusion, while the plugin is currently secure based on the provided data and has a clean vulnerability history, the use of `create_function` presents a potential, albeit theoretical, risk that should be addressed. The absence of any external dependencies or complex interactions is a significant strength, contributing to its current low-risk profile.

Key Concerns

Dangerous functions (create_function) found
No nonce checks implemented
No capability checks implemented

Vulnerabilities

None known

WP Faster Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP Faster Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Dangerous Functions Found

create_functionadd_filter('login_headerurl', create_function(false,"return get_bloginfo('url');"));wp-faster.php:1112

create_functionadd_filter('login_headertitle', create_function(false,"return get_bloginfo('name');"));wp-faster.php:1113

Attack Surface

WP Faster Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 31

actionadmin_menuwp-faster.php:26

actionadmin_initwp-faster.php:27

filtershow_admin_barwp-faster.php:822

actionadmin_menuwp-faster.php:827

filteradmin_footer_textwp-faster.php:865

filterupdate_footerwp-faster.php:869

actionwp_before_admin_bar_renderwp-faster.php:878

filterwp_revisions_to_keepwp-faster.php:899

filterxmlrpc_enabledwp-faster.php:907

filterrest_enabledwp-faster.php:917

filterrest_jsonp_enabledwp-faster.php:918

filterrest_authentication_errorswp-faster.php:921

filteremoji_svg_urlwp-faster.php:947

filterwp_calculate_image_srcsetwp-faster.php:955

actionadmin_initwp-faster.php:960

filtertiny_mce_before_initwp-faster.php:964

filteruse_block_editor_for_post_typewp-faster.php:972

filterget_avatarwp-faster.php:986

filterpre_option_link_manager_enabledwp-faster.php:991

filterrun_wptexturizewp-faster.php:996

filtersanitize_file_namewp-faster.php:1006

filtercomments_popup_link_attributeswp-faster.php:1037

filterthe_content_more_linkwp-faster.php:1045

filterthe_contentwp-faster.php:1050

actionin_admin_headerwp-faster.php:1064

filteradmin_email_check_intervalwp-faster.php:1072

filterimage_size_names_choosewp-faster.php:1077

filterthe_contentwp-faster.php:1088

actionrestrict_manage_postswp-faster.php:1097

filterlogin_headerurlwp-faster.php:1112

filterlogin_headertitlewp-faster.php:1113

Maintenance & Trust

WP Faster Maintenance & Trust

Maintenance Signals

WordPress version tested5.4.19

Last updatedApr 9, 2020

PHP min version5.3.2

Downloads3K

Community Trust

Rating100/100

Number of ratings4

Active installs2K

Alternatives

WP Faster Alternatives

No alternatives data available yet.

Developer Profile

WP Faster Developer Profile

610216

3 plugins · 2K total installs

trust score

Avg Security Score

85/100

Avg Patch Time

30 days

View full developer profile

Detection Fingerprints

How We Detect WP Faster

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

HTML / DOM Fingerprints

CSS Classes

wp-faster-setting-section

FAQ