WP-Safety

WP SpeedUp Security & Risk Analysis

wordpress.org/plugins/wp-speedup

A great plugin which helps you to speed up your WordPress website from all aspects — CSS, JS, images, caching, database, cron jobs, and more.

300 active installs v1.5.0 PHP 7.0+ WP 3.0.1+ Updated Apr 15, 2025
cachingcss-js-minifyplugin-profilerspeed-optimizationwebsite-speedup
92
A · Safe
CVEs total0
Unpatched0
Last CVENever
Plugin page Download
Safety Verdict

Is WP SpeedUp Safe to Use in 2026?

Generally Safe

Score 92/100

WP SpeedUp has no known CVEs and is actively maintained. It's a solid choice for most WordPress installations.

No known CVEs Updated 1yr ago
Risk Assessment

The wp-speedup plugin v1.5.0 presents a mixed security posture. On the positive side, it has a clean vulnerability history with no recorded CVEs, indicating a potentially stable codebase. The presence of 9 nonce checks and 5 capability checks suggests some effort towards securing entry points. However, the static analysis reveals significant concerns. A notable area of weakness is the presence of 3 unprotected AJAX handlers, creating a substantial attack surface that could be exploited without proper authentication or authorization. Furthermore, the use of the `unserialize` function twice is a critical risk, as deserialization vulnerabilities can lead to remote code execution if attacker-controlled data is processed. The taint analysis corroborates this by identifying one flow with unsanitized paths, flagged as high severity, which often correlates with deserialization or injection vulnerabilities.

Key Concerns

  • Unprotected AJAX handlers
  • Use of unserialize function
  • High severity unsanitized path flow
  • Low output escaping percentage
Vulnerabilities
None known

WP SpeedUp Security Vulnerabilities

No known vulnerabilities — this is a good sign.
Version History

WP SpeedUp Release Timeline

v1.5.0Current
v1.4.9
v1.4.8
v1.4.7
v1.4.6
v1.4.5
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.0
Code Analysis
Analyzed Mar 16, 2026

WP SpeedUp Code Analysis

Dangerous Functions
2
Raw SQL Queries
4
8 prepared
Unescaped Output
82
35 escaped
Nonce Checks
9
Capability Checks
5
File Operations
14
External Requests
3
Bundled Libraries
0

Dangerous Functions Found

unserialize$this->settings_data = unserialize( get_option( self::nspace . '-settings' ) );inc\wpsu-css-class.php:121
unserialize$settings = unserialize( $settings );speedup_css.php:10

SQL Query Safety

67% prepared12 total queries

Output Escaping

30% escaped117 total outputs
Data Flows · Security
1 unsanitized

Data Flow Analysis

5 flows1 with unsanitized paths
<functions> (inc\functions.php:0)
Source (user input) Sink (dangerous op) Sanitizer Transform Unsanitized Sanitized
Attack Surface
3 unprotected

WP SpeedUp Attack Surface

Entry Points5
Unprotected3

AJAX Handlers 5

authwp_ajax_wpsu_dashboard_statsinc\functions.php:69
authwp_ajax_wpsu_run_plugin_profilerinc\functions.php:646
authwp_ajax_wpsu_get_plugins_to_profileinc\functions.php:701
authwp_ajax_wpsu_profile_single_plugininc\functions.php:714
authwp_ajax_wpsu_test_ajaxinc\functions.php:1366
WordPress Hooks 16
filtermod_rewrite_rulesinc\functions.php:1355
actioninitinc\functions.php:1364
actionadmin_initinc\wpsu-css-class.php:55
actionadmin_menuinc\wpsu-css-class.php:146
filterprint_styles_arrayinc\wpsu-css-class.php:169
filterwp_headinc\wpsu-css-class.php:170
actionadmin_enqueue_scriptsindex.php:63
actionwp_enqueue_scriptsindex.php:64
actionadmin_footerindex.php:65
actionadmin_initindex.php:66
actionadmin_menuindex.php:123
actionadmin_initindex.php:128
filterprint_scripts_arrayindex.php:136
filterscript_loader_srcindex.php:137
actionwp_footerindex.php:138
actionwp_footerindex.php:142
Maintenance & Trust

WP SpeedUp Maintenance & Trust

Maintenance Signals

WordPress version tested6.8.5
Last updatedApr 15, 2025
PHP min version7.0
Downloads34K

Community Trust

Rating82/100
Number of ratings9
Active installs300
Alternatives

WP SpeedUp Alternatives

Snappy

Snappy

snappy

A
100

Caching for a snappier website.

0 No CVEs
LiteSpeed Cache

LiteSpeed Cache

litespeed-cache

A
86

All-in-one unbeatable acceleration & PageSpeed improvement: caching, image/CSS/JS optimization...

7.0M 18 CVEs
Speed Optimizer – The All-In-One Performance-Boosting Plugin

Speed Optimizer – The All-In-One Performance-Boosting Plugin

sg-cachepress

A
98

Boost your website performance and page speed, and increase conversions with powerful caching, frontend, media, and environment optimizations.

1.0M 2 CVEs
WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

WP-Optimize – Cache, Compress images, Minify & Clean database to boost page speed & performance

wp-optimize

A
92

Get caching and more with this powerful cache plugin. Cache, optimize images, clean your database and minify for maximum performance.

1.0M 5 CVEs
WP Super Cache

WP Super Cache

wp-super-cache

A
95

A very fast caching engine for WordPress that produces static html files.

1.0M 12 CVEs
Developer Profile

WP SpeedUp Developer Profile

Fahad Mahmood

44 plugins · 33K total installs

76
trust score
Avg Security Score
95/100
Avg Patch Time
228 days
View full developer profile
Detection Fingerprints

How We Detect WP SpeedUp

Patterns used to identify this plugin on WordPress sites during automated security audits and web crawling.

Asset Fingerprints

Asset Paths
/wp-content/plugins/wp-speedup/styles/admin-styles.css/wp-content/plugins/wp-speedup/styles/front-styles.css/wp-content/plugins/wp-speedup/js/admin-scripts.js/wp-content/plugins/wp-speedup/js/chart.js
Script Paths
/wp-content/plugins/wp-speedup/js/admin-scripts.js/wp-content/plugins/wp-speedup/js/chart.js

HTML / DOM Fingerprints

JS Globals
wpsu_obj
FAQ

Frequently Asked Questions about WP SpeedUp