Make website faster, speed up page load time and improve performance scores in tools like Google PageSpeed Insights, GTmetrix, Pingdom, and more.
Category Scores
Top Issues by Category
security59
maintainability20
i18n6
Issues Details
86 issues found in latest scan
All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'.
All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$expire_caching'.
Processing form data without nonce verification.
$_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar
Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead
PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit;
The plugin name includes a restricted term. Your chosen plugin name - "WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload" - contains the restricted term "wp" which cannot be used at all in your plugin name.
Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "dcg_settings_link".
Processing form data without nonce verification.
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable().
Translatable string should not be wrapped in HTML. Found: '<strong>Settings Saved.</strong>'
The $text parameter must be a single text string literal. Found: $notice_contents
Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "plugin_locale".
wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed.
Detected usage of a non-sanitized input variable: $_REQUEST['_wpnonce']
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir().
File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir().
unlink() is discouraged. Use wp_delete_file() to delete a file.
The parameter "FALSE" at position #2 of load_plugin_textdomain() has been deprecated since WordPress version 2.7.0. Use "" instead.
Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching.
Plugin name "WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload" is different from the name declared in plugin header "WP Performance Score Booster".
One or more tags were ignored. Please limit your plugin to 5 tags.
| Code | Type | Message | Count |
|---|---|---|---|
| WordPress.Security.EscapeOutput.UnsafePrintingFunction | ERROR | All output should be run through an escaping function (like esc_html_e() or esc_attr_e()), found '_e'. | 23 |
| WordPress.Security.EscapeOutput.OutputNotEscaped | ERROR | All output should be run through an escaping function (see the Security sections in the WordPress Developer Handbooks), found '$expire_caching'. | 20 |
| WordPress.Security.NonceVerification.Recommended | WARNING | Processing form data without nonce verification. | 6 |
| WordPress.Security.ValidatedSanitizedInput.MissingUnslash | WARNING | $_GET['tab'] not unslashed before sanitization. Use wp_unslash() or similar | 6 |
| PluginCheck.CodeAnalysis.Heredoc.NotAllowed | ERROR | Use of heredoc syntax (<<<) is not allowed; use standard strings or inline HTML instead | 4 |
| missing_direct_file_access_protection | ERROR | PHP file should prevent direct access. Add a check like: if ( ! defined( 'ABSPATH' ) ) exit; | 3 |
| trademarked_term | WARNING | The plugin name includes a restricted term. Your chosen plugin name - "WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload" - contains the restricted term "wp" which cannot be used at all in your plugin name. | 3 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedFunctionFound | WARNING | Functions declared in the global namespace by a theme/plugin should start with the theme/plugin prefix. Found: "dcg_settings_link". | 2 |
| WordPress.Security.NonceVerification.Missing | WARNING | Processing form data without nonce verification. | 2 |
| WordPress.WP.AlternativeFunctions.file_system_operations_is_writable | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: is_writable(). | 2 |
| WordPress.WP.I18n.NoHtmlWrappedStrings | WARNING | Translatable string should not be wrapped in HTML. Found: '<strong>Settings Saved.</strong>' | 2 |
| WordPress.WP.I18n.NonSingularStringLiteralText | ERROR | The $text parameter must be a single text string literal. Found: $notice_contents | 2 |
| WordPress.NamingConventions.PrefixAllGlobals.NonPrefixedHooknameFound | WARNING | Hook names invoked by a theme/plugin should start with the theme/plugin prefix. Found: "plugin_locale". | 1 |
| WordPress.Security.SafeRedirect.wp_redirect_wp_redirect | WARNING | wp_redirect() found. Using wp_safe_redirect(), along with the "allowed_redirect_hosts" filter if needed, can help avoid any chances of malicious redirects within code. It is also important to remember to call exit() after a redirect so that no other unwanted code is executed. | 1 |
| WordPress.Security.ValidatedSanitizedInput.InputNotSanitized | WARNING | Detected usage of a non-sanitized input variable: $_REQUEST['_wpnonce'] | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_mkdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: mkdir(). | 1 |
| WordPress.WP.AlternativeFunctions.file_system_operations_rmdir | ERROR | File operations should use WP_Filesystem methods instead of direct PHP filesystem calls. Found: rmdir(). | 1 |
| WordPress.WP.AlternativeFunctions.unlink_unlink | ERROR | unlink() is discouraged. Use wp_delete_file() to delete a file. | 1 |
| WordPress.WP.DeprecatedParameters.Load_plugin_textdomainParam2Found | ERROR | The parameter "FALSE" at position #2 of load_plugin_textdomain() has been deprecated since WordPress version 2.7.0. Use "" instead. | 1 |
| WordPress.WP.EnqueuedResourceParameters.MissingVersion | WARNING | Resource version not set in call to wp_enqueue_style(). This means new versions of the style may not always be loaded due to browser caching. | 1 |
| WordPress.WP.I18n.MissingArgDomain | ERROR | Missing $domain parameter in function call to __(). | 1 |
| mismatched_plugin_name | WARNING | Plugin name "WP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload" is different from the name declared in plugin header "WP Performance Score Booster". | 1 |
| readme_parser_warnings_too_many_tags | WARNING | One or more tags were ignored. Please limit your plugin to 5 tags. | 1 |
Latest Snapshot
Findings
86
Errors
59
Warnings
27
Score History
First score snapshot
First scan completed Jun 20, 2026
v2.2.3 · Plugin Check 2.0.0 · Model 2026.06-mvp-static-v2
Jun 20, 2026
v2.2.3
39
Latest
- Findings
- 86
- Errors
- 59
- Warnings
- 27
- Plugin Check
- 2.0.0
- Model
- 2026.06-mvp-static-v2
| Scan | Score | Findings | Errors | Warnings | Plugin | Plugin Check | Model |
|---|---|---|---|---|---|---|---|
| Jun 20, 2026Latest | 39 | 86 | 59 | 27 | v2.2.3 | 2.0.0 | 2026.06-mvp-static-v2 |
