logo WP Optimize

Minify code investigation in WP-Optimize

by | Aug 29, 2022 | WP Optimize

Next-day interim update: Now that our main developer with responsibility for this area of the code has been able to get out of bed (he is in a different time-zone) and conducted an initial analysis, things look quite different. The controversy is entirely mistaken, and would not have existed if we had been consulted in any of our available support channels (e.g. the open-to-everyone forum on wordpress.org) and allowed sufficient time to investigate before publication (we first became aware at the end of a Monday that was a UK public holiday). In fact, on the analysis that we have now had time to perform, the controversy originated with a direct competitor who, after misconfiguring the plugin (what he configured is not a default option, and could only be achieved by either overlooking or misunderstanding the described use-cases and entering contrary details into the settings field), subsequently used the resulting Twitter storm to promote his own competing products. Fuller details will be forthcoming once our investigations are complete.

* * *

In the last hour I have been made aware of some code in WP-Optimize’s “minify” module whose actual purpose (whether legitimate, or whether just to “cheat” page-speed-measurement tools) is questionable. We are investigating this, and a statement has been posted here whilst we carry that investigation out: https://wordpress.org/support/topic/code-under-investigate-in-wp-optimize/.

For clarity, we:

  • definitely do not approve of such “cheats”
  • will remove the code immediately after our investigation if it is found to be such
  • and as explained at that link, inherited that particular section of code from another open-source minification project under an open-source licence, and did not at the time notice its suspect characteristics which we have now become aware of.

As stated at the above link, there is no question of the code being dangerous, vulnerable or useful for hackers – the question is whether it does anything useful to optimise your website for real-world visitors, or is just there to get better scores on speed measurement tools. Our products’ integrity and customers’ trust is essential for us, and we will take appropriate action as soon as our investigation is completed.

David Anderson (on behalf of WP-Optimize / Team Updraft)