Hi Alex,
Our WordPress plugin page includes a section titled “Advanced Site Health” which explains this functionality and provides a link to our Terms of Service for full transparency.
It seems there was a misunderstanding before leaving this review, so here is why our plugin operates this way:
Cyberattacks are 450% more effective The security landscape has reached a turning point driven by AI. According to the Microsoft Digital Defense Report 2025, AI makes sophisticated attacks 450% more effective than traditional methods. We are currently seeing state-sponsored cyberwarfare targeting not just governments, but all websites.
2 million attacks every second Roughly 30% of internet traffic consists of bots, and 2.5% is purely malicious. According to Cloudflare, that translates to nearly 2 million attacks every second.
Our plugin extends WordPress’s native Site Health feature—a practice encouraged by the WordPress Core handbook—to ensure total site integrity. A plugin is like a gear in a machine; if the machine is failing, our plugin cannot function correctly, which leads to unnecessary support requests and overhead.
Finally, if you simply click the “Ignore” button, the plugin will silence the warnings and the button will disappear instantly.
We hope this clarifies our approach and that you might consider updating your review based on these facts.
Happy new Year!
Bill, Plugin developer.
Thanks for the reply Bill, I understand the intent, and it’s from a well meaning place, but the concern isn’t whether cyber threats exist, it’s scope and responsibility. If every plugin justified adding its own Site Health scanner on the basis that the security landscape is dangerous, the WordPress admin would quickly become unusable. That’s precisely why WordPress has a core Site Health system and why security, performance, and monitoring are typically handled by dedicated tools chosen intentionally by site owners, not bundled into unrelated plugins.
A plugin whose purpose is restoring classic widgets is not a security or site-monitoring plugin. Making such functionality non-optional — especially when it surfaces large red warnings — creates unnecessary confusion and anxiety for users and clients. Opt-in would be reasonable; forced alerts are not. Plugin ethics are as much about restraint as capability, and this still feels like an overstep beyond the plugin’s intended lane.
As I explained yesterday, if you click the “ignore” button on the security alert screen, the button disappears.
It just takes one click.
The current situation regarding cyber threats is very serious. And the truth is, we are worrying about this. When many start to worry, as you said, rest assured that a solution will emerge in due time.
You have every right to think differently. However, since we gave advance warning and you can remove the button with just one click, I don’t think the one-star review is warranted.
Note that you wrote: “…most notably a massive Site Health module with a big red warning that cannot be disabled…“
It is not true.
Hi Bill,
Unfortunately your retorts have only enforced my 1 star review.
This plugin should do one thing only; disable gutenberg widgets.
In fact, to disable gutenberg widgets and enforce classic widgets is a very simple 2 lines of code job:
add_filter('gutenberg_use_widgets_block_editor', '__return_false');
add_filter('use_widgets_block_editor', '__return_false');
Your plugin is bordering on bloatware.
Again, whilst I appreciate your attempts at adding your opinionated views of security and “anti hacker” coding—you are not an expert in this field. These kinds of security practices and errors should be left to dedicated plugins.
In fact, you’ve raised further potential security issues in your attempts. I’ve had a quick look over the codebase, and I’m actually quite concerned over the coding used. You’re missing many nonce and administrator privilege checks, you’ve got thousands of lines of spurious code added to a plugin, that should be doing 1 simple job.
I really don’t mean to be harsh, however, your lack of ownership or understanding of my direction is clear to me this plugin is not fit for purpose.
I would like to offer you this quote that’s many years old, when it comes to authoring plugins that seems relevant, by Daniel Auener:
“WordPress plugin best practices no. 3: A plugin does what it has to do, nothing more”
Again, the crux of my review is simple: it is not clear to users that this plugin will be doing a whole lot of more of irrelevant (to the task at hand) extra coding and miscellaneous file installations—bordering on dangerous due to the multitude of files and lines of code added.
You said:
you are not an expert in this field. These kinds of security practices and errors should be left to dedicated plugins.
Sorry, I disagree.
You can see my resumee here:
https://sergiominozzi.com/
You’re clueless Bill, sorry. It is this type of dangerous self belief and overestimations of your own abilities that creates issues, as you force your opinionated codebase on unaware downloaders of your plugin.
Any dev worth their salt in security would understand that adding so much bloat, which just creates a massive security risk in itself, to a plugin with a simple task is not a suitable path to take.
I repeat, AGAIN—AND FOR THE LAST TIME, YOU SHOULD NOT BE ADDING SO MUCH (potentially dangeous) CODE TO A PLUGIN WITH A SINGLE PURPOSE. I hope that’s clear this time.
Caio.
