Category Archives: autoptimize

Autoptimize code; blacklist/whitelist becoming blocklist/ allowlist

As of the soon-to-be-released Autoptimize 2.7.4, all occurrences of “blacklist” and “whitelist” in the code will be changed into “blocklist” and “allowlist”. There is no impact for users of Autoptimize, everything will work as before.

If however you are using Autoptimize’s API, there are two (to my knowledge rarely used) filters that are now deprecated and will be removed at a later stage. `autoptimize_filter_js_whitelist` and `autoptimize_filter_css_whitelist` still work in 2.7.4 but if you’re using them switch to  `autoptimize_filter_js_allowlist` and `autoptimize_filter_css_allowlist` to avoid problems when they are removed in the release after 2.7.4.

Small post-publishing clarification dd. 22/07/2020: this post is just an announcement, I feel no urge to discuss the change and am not really interested in arguments pro or contra. Don’t fret over this change, fretting is useless, instead enjoy the summer, kiss your lover, read a good book, … :-)

Google PageSpeed Insights updated, new metrics and recommendations!

If you tested your blog’s performance on Google PageSpeed Insights yesterday and do so again today, you might be in for a surprise with a lower score even if not one byte (letter) got changed on your site. The reason: Google updated PageSpeed Insights to Lighthouse 6, which changes the KPI’s (the lab data metrics) that are reported, adds new opportunities and recommendations and changes the way the total score is calculated.

So all starts with the changed KPI’s in the lab metrics really; whereas up until yesterday First Contentful Paint, Speed Index, Time to Interactive, First Meaningful Paint, First CPU Idle and First input delay were measured, the last 3 ones are now not shown any more, having been replaced by:

  • Largest Contentful Paint marks the point when the page’s main content has likely loaded, this can generally be improved upon by removing removing render-blocking resources (JS/ CSS), optimizing images, …
  • Total Blocking Time quantifies how non-interactive a page while loading, this is mainly impacted by Javascript (local and 3rd party) blocking the main thread, so improving that generally means ensuring there is less JS to execute
  • Cumulative Layout Shift which measures unexpected layout shifts

The total score is calculated based on all 6 metrics, but the weight of the 3 “old” ones (FCP, SI, TTI) is significantly lowered (from 80 to 45%) and the new LCP & TBT account for a whopping 50% of your score (CLS is only 5%).

Lastly some one very interesting opportunity and two recommendations I noticed;

  • GPSI already listed unused CSS, but now adds unused JS to that list, which will prove to be equally hard to control in WordPress as JS like CSS is added by almost each and every plugin. Obviously if you’re using Autoptimize this will flag the Autoptimized JS, disalbe Autoptimize for the test by adding ?ao_noptimize=1 to the URL to see what original JS is unused.
  • GPSI now warns about using document.write and about the impact of passive listeners on scrolling performance which can lead to Google complaining about … Google :-)

Summary: Google Pagespeed Insights changed a lot and it forces performance-aware users to stay on their toes. Especially sites with lots of (3rd party) JavaScript might want to reconsider some of the tools used.

Autoptimize 2.7; final stretch, testers needed!

Autoptimize 2.7 is in the final stages and the beta version can as of now be downloaded from

Main new features:

So who want to test? Feedback in the comments please! :-)

Autoptimize: no more broken pages due to CSS/ JS not found!

When cached HTML links to deleted Autoptimized CSS/ JS the page is badly broken … no more with a new (experimental) option in AO27 to use fallback CSS/ JS which I just committed on the beta branch on GitHub.

For this purpose Autoptimize hooks into template_redirect and will redirect to fallback Autoptimized CSS/ JS if a request for autoptimized files 404’s.

For cases where 404’s are not handled by WordPress but by Apache, AO adds an ErrorDocument directive in the .htaccess-file redirecting to wp-content/autoptimize_404_handler.php. Users on NGINX or MS IIS or … might have to configure their webserver to redirect to wp-content/autoptimize_404_handler.php themselves though, but those are smart cookies anyway, no?

If you want to test, you can download Autoptimize 2.7 beta here and replace 2.6 with it.

Autoptimize & Trojan.Cryxos.2960: false positive

I’ve had a couple of reports of Bitdefender flagging optimized JS as infected by Trojan.Cryxos.2960. I investigated earlier today and this almost certainly is a false positive. If you want you can “solve” this hiccup by excluding wp-includes/js/imagesloaded.min.js from JS optimization.

Async Javascript: urgent update available

There’s an update for Async Javascript that needs your urgent attention. Update asap!

[Update] I was warned by WordFence about a vulnerability in Async JavaScript that was being actively exploited. Based on their input I updated the plugin to fix the bug. WordFence in the meantime published a post about this and other affected plugins and with regard to AsyncJS writes:

Async JavaScript’s settings are modified via calls to wp-admin/admin-ajax.php with the action aj_steps. This AJAX action is registered only for authenticated users, but no capabilities checks are made. Because of this, low-privilege users including Subscribers can modify the plugin’s settings.

Similar to Flexible Checkout Fields above, certain setting values can be injected with a crafted payload to execute malicious JavaScript when a WordPress administrator views certain areas of their dashboard.

Autoptimize 2.7 with Critical CSS integrated, beta out

The title says it all; I just pushed the first beta of Autoptimize 2.7 which has some small fixes/ improvements but which most importantly finally sees the “Autoptimize power-up” fully integrated.

Next to the actual integration and switching to object-oriented for most (but not all) of AOCCSS files, there are some minor functional changes as well, most visible ones being buttons to clear all rules and to clear all jobs from the queue.

I hope to be able to release AO27 officially in April, but for that I need the beta thoroughly tested off course. Most important part to test is the critical CSS logic obviously, so if you have the power-up running, download/ install the beta and simply disable the power-up to have Autoptimize fill that void (if the power-up is active, AO refrains from loading it’s own critical CSS functionality).