Does WP HTTP Compression have any unpatched vulnerabilities?

No. All known vulnerabilities in WP HTTP Compression have been patched as of the latest data update. Always keep the plugin updated to the latest version.

Is WP HTTP Compression compatible with WordPress 2.9.2?

According to WordPress.org data, WP HTTP Compression 1.0 has been tested up to WordPress 2.9.2. Check the plugin's changelog for the latest compatibility information.

How often is WP HTTP Compression updated?

WP HTTP Compression was last updated on Jul 11, 2012. Frequent updates are generally a positive security signal.

What is WP HTTP Compression's security score?

WP HTTP Compression has a WP-Safety security score of 85/100. This score is computed from CVE history, patch response time, developer trust signals, and plugin maintenance activity.

WP HTTP Compression Security & Risk Analysis

wordpress.org/plugins/wp-http-compression

This plugin allows your WordPress blog to output pages compressed in gzip format if a browser supports compression. HTTP compression generally means …

500 active installs v1.0 PHP + WP 3.4.1+ Updated Jul 11, 2012

compressiongziphttpperformanceserver

A · Safe

CVEs total0

Unpatched0

Last CVENever

Plugin page Download

Safety Verdict

Is WP HTTP Compression Safe to Use in 2026?

Generally Safe

Score 85/100

WP HTTP Compression has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 13yr ago

Risk Assessment

Based on the provided static analysis and vulnerability history, the 'wp-http-compression' v1.0 plugin exhibits a strong security posture. The code analysis reveals no dangerous functions, SQL injection vulnerabilities, or unescaped output. The absence of file operations and external HTTP requests further reduces potential attack vectors. Crucially, the plugin demonstrates good practice by employing prepared statements for all SQL queries. The taint analysis also shows no critical or high-severity flows with unsanitized paths, indicating a lack of obvious input validation weaknesses.

The vulnerability history is equally positive, with zero recorded CVEs of any severity. This suggests a well-maintained codebase and a lack of previously identified security flaws. The lack of any historical vulnerabilities is a significant strength.

While the plugin appears robust, the complete absence of entry points (AJAX handlers, REST API routes, shortcodes, cron events) is unusual. This could mean the plugin is purely informational or designed to be triggered programmatically via other means not captured in this analysis. However, given the data, the plugin adheres to excellent security practices, and no immediate risks are apparent.

Vulnerabilities

None known

WP HTTP Compression Security Vulnerabilities

No known vulnerabilities — this is a good sign.

Code Analysis

Analyzed Mar 16, 2026

WP HTTP Compression Code Analysis

Dangerous Functions

Raw SQL Queries

0 prepared

Unescaped Output

0 escaped

Nonce Checks

Capability Checks

File Operations

External Requests

Bundled Libraries

Attack Surface

WP HTTP Compression Attack Surface

Entry Points0

Unprotected0

WordPress Hooks 1

actioninitwp-http-compression.php:32

Maintenance & Trust

WP HTTP Compression Maintenance & Trust

Maintenance Signals

WordPress version tested2.9.2

Last updatedJul 11, 2012

PHP min version

Downloads61K

Community Trust

Rating46/100

Number of ratings8

Active installs500

Alternatives

WP HTTP Compression Alternatives

Force gzip

force-gzip

Implements gzip output compression to speed up load times and does a check to see if browsers are incorrectly saying that they do not support GZIP whe …

200 No CVEs