1.0.11 min read
Security
Review capability checks, nonces, sanitization, escaping, file safety, and no external API design.
Vacuum is designed for WordPress.org-style review expectations.
Admin action safety
- Admin actions should require appropriate capabilities.
- Mutating actions use nonces.
- Settings are sanitized before storage.
- UI output is escaped.
- File paths are normalized before use.
File safety
The plugin skips SVG and animated GIF files, avoids direct processing of unsupported formats, creates backups before source-changing operations, and deletes generated derivatives only when they are known plugin outputs.
External services
Vacuum does not send images to an external optimization API. Processing happens on the WordPress server.
Related articles
AJAX EndpointsReference the authenticated admin AJAX actions used by the bulk queue.WordPress.org Review ComplianceDocument the release hygiene, prefixing, licensing, i18n, and safety decisions for review.PrivacyUnderstand local processing, stored metadata, report data, backups, and external service behavior.