Next-day interim update: Now that our main developer with responsibility for this area of the code has been able to get out of bed (he is in a different time-zone) and conducted an initial analysis, things look quite different. The controversy is entirely mistaken, and would not have existed if we had been consulted in any of our available support channels (e.g. the open-to-everyone forum on wordpress.org) and allowed sufficient time to investigate before publication (we first became aware at the end of a Monday that was a UK public holiday). In fact, on the analysis that we have now had time to perform, the controversy originated with a direct competitor who, after misconfiguring the plugin (what he configured is not a default option, and could only be achieved by either overlooking or misunderstanding the described use-cases and entering contrary details into the settings field), subsequently used the resulting Twitter storm to promote his own competing products. Fuller details will be forthcoming once our investigations are complete.
* * *
In the last hour I have been made aware of some code in WP-Optimize’s “minify” module whose actual purpose (whether legitimate, or whether just to “cheat” page-speed-measurement tools) is questionable. We are investigating this, and a statement has been posted here whilst we carry that investigation out: https://wordpress.org/support/topic/code-under-investigate-in-wp-optimize/.
For clarity, we:
- definitely do not approve of such “cheats”
- will remove the code immediately after our investigation if it is found to be such
- and as explained at that link, inherited that particular section of code from another open-source minification project under an open-source licence, and did not at the time notice its suspect characteristics which we have now become aware of.
As stated at the above link, there is no question of the code being dangerous, vulnerable or useful for hackers – the question is whether it does anything useful to optimise your website for real-world visitors, or is just there to get better scores on speed measurement tools. Our products’ integrity and customers’ trust is essential for us, and we will take appropriate action as soon as our investigation is completed.
David Anderson (on behalf of WP-Optimize / Team Updraft)
The latest update for WP-Optimize 3.2.1 has now been released. As you can see from the list below we have been hard at work making changes, and as such – this latest update comes with a huge number of tweaks and fixes. As part of the new update, we have made changes so that WP-Optimize helps improve the performance and user experience in some very important areas of your WordPress site, including caching, image compression and minifying.
Try out he new and updated version of WP-Optimize today and see the difference.
- FIX: Apply different image compression levels
- FIX: Cache – Purge WooCommerce product page after stock update
- FIX: Database errors after adding a new site
- FIX: Flatsome theme compatibility with google fonts
- FIX: Image compression advanced settings, display default backup days instead of empty value.
- FIX: Image compression was not working when the image extension used capital letters
- FIX: Premium – Cache – Potential PHP error in User-specific cache
- FIX: Premium – resolve potential admin-area PHP error if the deprecated mailchimp sync plugin and MC4WP plugin are both active (and potentially other situations where a plugin deactivates another)
- FIX: Premium – Unused images – compatibility with PHP 8
- FIX: Premium – Unused images – issue with parenthesis in name
- FIX: Premium – Unused images – Pagination count doesn’t update
- FIX: Prevent a PHP notice when using with UpdraftCentral
- FIX: Save prioritize maximum compression setting correctly
- FIX: Wrong redirect when wiping settings on multisite
- TWEAK: Premium – add review link at bottom of settings
- TWEAK: Force monolog/monolog and psr/log versions to retain PHP 5.X compatibility/satisfy wordpress.org SVN hooks
- TWEAK: Add compatibility with Kinsta
- TWEAK: Added functionality for to convert MyISAM to InnoDB
- TWEAK: Add filters for minify input string
- TWEAK: Cache – Added filter to modify cache exception urls
- TWEAK: Cache – Optimize preload from sitemap
- TWEAK: Cache – Serve different versions based on cookie consent
- TWEAK: changed filter to prevent deprecation notice in php 8.1+
- TWEAK: Decide automatically whether to inline css or not based on file size
- TWEAK: Fix typo in text domain name
- TWEAK: get_hurl function minified.
- TWEAK: Improve clarity of debug message when DONOTCACHEPAGE constant is used
- TWEAK: Improve DB UI/UX on multisite
- TWEAK: Improve minify cache size messages
- TWEAK: Making Estatik plugin compatible
- TWEAK: Minify – Add JS translations support
- TWEAK: Minify HTML only on cache pre-loading
- TWEAK: Port from previous semaphore classes to Updraft_Semaphore_3_0
- TWEAK: Premium – Unused images – Show that there are images in the trash without having to re-scan everything
- TWEAK: Prevent a PHP notice when downloading image compression log file. Fix backup modal styling issue.
- TWEAK: Prevent fatal error in gzip settings when stylesheet could not be fetched
- TWEAK: Short-circuit trivial case of nothing in the buffer when page-caching, to involve any possible other issues
- TWEAK: Update comments count after trackbacks and pingbacks deletion
- TWEAK: Update minified asset when the enqueued scripts and styles version change
- TWEAK: Use proper constant of includes path in user cache extension