
Performance & Security Security & Risk Analysis
wordpress.org/plugins/wp-performance-securityThis plugin provides settings to modify WordPress and improve performance and security.
Is Performance & Security Safe to Use in 2026?
Generally Safe
Score 85/100Performance & Security has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.
The plugin 'wp-performance-security' v0.9.2 exhibits a generally strong security posture based on the provided static analysis. The absence of any AJAX handlers, REST API routes, shortcodes, or cron events significantly limits its attack surface, and there are no identified entry points that lack authentication or permission checks. The code adheres to secure practices regarding SQL queries, exclusively using prepared statements, and there are no file operations or external HTTP requests, further reducing potential vulnerabilities. However, the presence of two instances of the `create_function` function is a concern, as this is a deprecated and potentially insecure PHP function that can lead to code injection if not handled with extreme care. Furthermore, only 10% of output escaping is properly implemented, indicating a high risk of Cross-Site Scripting (XSS) vulnerabilities in the remaining 90% of outputs. The lack of any recorded vulnerability history, CVEs, or taint flows with unsanitized paths is a positive indicator, suggesting a history of secure development. Despite these strengths, the identified issues with `create_function` and widespread unescaped output warrant attention.
Key Concerns
- Use of dangerous function create_function
- Low percentage of properly escaped output
Performance & Security Security Vulnerabilities
Performance & Security Release Timeline
Performance & Security Code Analysis
Dangerous Functions Found
Output Escaping
Data Flow Analysis
Performance & Security Attack Surface
WordPress Hooks 58
Maintenance & Trust
Performance & Security Maintenance & Trust
Maintenance Signals
Community Trust
Performance & Security Alternatives
Jetpack – WP Security, Backup, Speed, & Growth
jetpack
Improve your WP security with powerful one-click tools like backup, WAF, and malware scan. Includes free tools like stats, CDN and social sharing.
ManageWP Worker
worker
A better way to manage dozens of WordPress websites.
Simply Static – The Static Site Generator
simply-static
Convert WordPress to static HTML. Boost performance 3-5x. Eliminate security vulnerabilities. Deploy anywhere.
Plugin Check (PCP)
plugin-check
Plugin Check is a WordPress.org tool which provides checks to help plugins meet the directory requirements and follow various best practices.
DefendWP Firewall
defend-wp-firewall
Get instant protection against vulnerabilities disclosed by security companies.
Performance & Security Developer Profile
3 plugins · 50 total installs
How We Detect Performance & Security
Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.
Asset Fingerprints
/wp-content/plugins/wp-performance-security/assets/js/wpps-main.js/wp-content/plugins/wp-performance-security/assets/css/wpps-admin.css/wp-content/plugins/wp-performance-security/assets/js/wpps-admin.js/wp-content/plugins/wp-performance-security/assets/js/wpps-main.js/wp-content/plugins/wp-performance-security/assets/js/wpps-admin.jswp-performance-security/assets/js/wpps-main.js?ver=wp-performance-security/assets/css/wpps-admin.css?ver=wp-performance-security/assets/js/wpps-admin.js?ver=HTML / DOM Fingerprints
wpps-admin-notice<!-- Performance & Security Plugin Settings --><!-- Performance & Security Plugin Admin Settings -->data-wpps-settingdata-wpps-valuewpps_vars/wp-json/wp-performance-security/v1/settings