Thank you for the concern.
The plugin was officially adopted via WordPress.org after being unmaintained for a long time. This was done through the standard WordPress plugin ownership transfer process, not a takeover outside the repository.
All recent versions were:
- fully reviewed against WordPress Coding Standards,
- audited for common security issues (no remote code execution, no eval, no obfuscated code, no external injections),
- reviewed and approved by the WordPress.org plugin review team before release.
The plugin remains fully open-source, GPL-licensed, and contains no telemetry, tracking, or external dependencies beyond the official WordPress API.
Anyone is free to audit the source code at any time.
That said, it is always good practice to review any plugin update from any author – this applies universally, not only here.
If you have a specific security concern or code reference, I am happy to review it publicly and address it transparently.
