In the last hour, I have been alerted to the presence of some code in WP-Optimize’s “minify” module whose alleged purpose is to “game” speed-measuring tools (e.g. Google PageSpeed).
On the initial investigation of that last hour, we have ascertained that the code in question was innocently adapted from another popular/respected WordPress plugin at the time that we created the “minify” module, in January 2020, under “open source” principles. (WP Optimize itself is open source and all developers are encouraged, as per the purpose of the GPL licence, to freely use and adapt its code and use it in their own creations as they see best). As part of a series of code merges to adapt that plugin’s minify code to WP Optimize styling and conventions, the particular lines that have been identified as questionable did not get specifically noticed as unusual when they were added, and have remained in WP Optimize since that time.
To be clear and set users’ minds at rest: the code in question is not dangerous, a virus, an infection, useful to hackers, or anything of that kind. The allegation is that its only purpose in existing is effectively to cheat on speed tests. Such code, if so, does not belong in WP Optimize and we will remove it with a new release. Our products’ integrity, and our customers’ trust, are essential for us (and deliberately putting things in open source code that compromises that is, frankly, a stupid thing to do). Thank you for bearing with us whilst we work this out over, hopefully, the next few days.
Finally: we have contacted the wordpress.org plugins team to keep them informed (and let them know of the other plugin in case they feel that further notifications or investigations on their end are needed).
Now that our main developer is awake (he was in a different timezone) and in his working day, things look quite different. The controversy was entirely mistaken, and we’ve been unreasonably treated by WP Tavern who rushed to print after hours at the end of the day during a UK public holiday before allowing time for a proper investigation, and by the original Tweeter (who is also a direct competitor who used the resulting storm to promote his products).
Details will be forthcoming when we’ve completed our work on it – thank you for your patience!
- This reply was modified 1 year ago by Steven Stern (sterndata). Reason: removed ping to archived message, closed topic as "news"
- The topic ‘Identified minify code issue in WP-Optimize – in progress’ is closed to new replies.