Checked on July 31, 2024

Grade:

Issues the Plugin's Developer Should Address:

• The plugin doesn't contain a security.txt file (or alternatively a SECURITY.md or SECURITY-INSIGHTS.yml), which would provide information on how to report security issues to the developer.


• It is being claimed by a security provider that the plugin's developer is redirecting attempts to report security issues to a third-party. That third-party is known to not properly handle vulnerabilities and mislead others, including developers, into believeing they have been fixed when they haven't. And that third-party also doesn't accept reporting all security issues, leading to nowhere to report many security issues. It is important for developers to have their own mechanism for reporting security issues to them. The European Union's Cyber Resilience Act will require developers to provide a direct contact.

Resolving those issues would bring the plugin's grade up to an A+. You can notify the developer of the issues here. If the developer is interested in resolving those issues, we would be happy to help them to get started doing that.

You can also can consider using a similar plugin that is already more secure or one where the developer is interested in making their plugin more secure.

Plugin Information

• Slug: ewww-image-optimizer
• Version: 7.8.0
• WordPress Plugin Directory listing

Grades for Other Image Optimization Plugins

1. Resize Image After Upload     B
2. TinyPNG     B
3. Converter for Media     B
4. reSmush.it Image Optimizer     C+
5. ShortPixel Image Optimizer     C+
6. Image Optimization by Optimole     C
7. Imagify     D+
8. Smush Image Optimization     F

Highest Graded Speed Optimization Plugins

1. a3 Lazy Load     A
2. Speed Optimizer     B+
3. NitroPack     B
4. Autoptimize     C+
5. Better WordPress Minify     C+
6. Cloudflare     C+
7. reSmush.it Image Optimizer     C+
8. LazyLoad Plugin     C+
9. Asset CleanUp     C+
10. Jetpack Boost     C

View More Speed Optimization Plugin Grades

Grades for Other WebP Conversion Plugins

1.     B
2. Converter for Media     B
3. ShortPixel Image Optimizer     C+
4. Webp Transformer     C+
5. Image Optimization by Optimole     C
6. Imagify     D+
7. Smush Image Optimization     F

Highest Graded Million+ Install Plugins

1. Classic Editor     A
2. MonsterInsights     A
3. Hostinger Tools     A
4. MC4WP: Mailchimp for WordPress     A
5. WP Fastest Cache     A
6. Site Kit by Google     B+
7. LiteSpeed Cache     B+
8. Loco Translate     B+
9. Redirection     B+
10. Speed Optimizer     B+

View More Million+ Install Plugin Grades

Share Scored Results for EWWW Image Optimizer

• Share on Bluesky
• ✉Email Results

Check Another Plugin

Choose WordPress plugin available in the Plugin Directory to check by searching on its name or slug:

Choose a category to see a comparison of all the WordPress plugins already graded from that category:

Choose ClassicPress plugin to check by searching on its name or slug:

Check Plugin Not in WordPress Plugin Directory

Subscribers of our service can submit ZIP files of plugins that are not in the WordPress Plugin Directory to have them checked. (Not all issues can be checked for with uploaded plugins, as they require data not available with just the plugin's files.) You can sign up for the service for free here. For existing subscribers, once you are logged in to your account, return to this page to access that functionality.

The results of these gradings will not be stored.

About the Scorecard

The Plugin Security Scorecard grades plugins' handling of security based on data coming from the Plugin Vulnerabilities service, checking over the contents of the plugin, the WordPress.org API, and data generated specifically for the tool. It provides a useful, but incomplete, understanding of the security posture of the plugin and its developer. All the issues identified are ones that the developer of the plugin has the ability to address to get the grade of the plugin up to an A+.

Grades are calculated based on issues with any of the following:

• Plugins known to be vulnerable
• Plugin developers with track records of improperly handling security problems
• Security issues in the plugin that can be detected in an automated fashion
• Issues with the developer's developerment processes that suggest that their could be problems with security
• Plugins making unsupported, misleading, and false claims about their handling of security and the handling of security with WordPress

We are working to expand and refine the tools' ability to provide a good measure of plugins' security status. If you are aware of an additional security concern with this plugin that isn't represented here, please contact us. Other feedback on the tool is also welcome.

If you want a comprehensive understanding of the security of the plugin, a well-done security review is really needed to provide that.