Is your website slow? It might be due to high-resolution images.
While adding more images to your website makes it more engaging, it also increases its size. This means people with a slow internet connection might experience a sluggish website.
However, this can be easily solved by using an image optimization plugin. These plugins are specially designed software that can shrink down images on your website with only minimal difference in perceived quality.
In this post, we will review and evaluate some of the most popular image optimization plugins available for WordPress and help you decide which one is right for you. Throughout the post, we will follow our stringent selection criteria, which are described below.
WordPress plugin selection criteria
Our initial approach to selecting the best WordPress image optimization plugins involved identifying those with a high installation count, as these have been battle-tested by a large user base and have proven their reliability over time.
However, popularity alone isn’t enough.
Our next step involved carrying out rigorous evaluations of a large number of plugins to identify those demonstrating all of the following attributes:
- High level of security (including frequency and transparency of updates/bug fixes)
- Code quality (including meeting all best practices and WordPress codex guidelines)
- Reputation (including support, documentation, and communication)
We have also chosen to exclude all large software suites that happen to include WordPress image optimization as part of their overall package and instead concentrate solely on WordPress plugins dedicated specifically to image optimization.
Security Checklist
The EU Cyber Resilience Act has established common cybersecurity standards for software systems. In light of this, we’ve established a stringent security checklist for our reviewed plugins.
Each plugin must have a clear vulnerability disclosure policy that allows researchers to report potential security issues.
We also look for clear communication of security updates to ensure users are informed about critical changes and when support for older versions will end.
The best image optimization plugins for WordPress
We examined several WordPress image optimization plugins and their security approaches and selected the ones with the most adequate security policies.
1 – EWWW Image Optimizer
EWWW Image Optimizer is a powerful image compression tool for WordPress that offers a suite of features designed to streamline your site’s images. Its compression API automatically works its magic on new image uploads to perfectly balance compression and quality.
It provides the option to select which image sizes to generate while optimizing images; this flexibility allows you to selectively compress images on your site. But that’s just the tip of the iceberg, because the Easy IO CDN feature can further speed up your site by removing image hosting from your server entirely.
Once you configure it correctly, it can automatically scale your images, convert them to next-gen formats such as WebP, and compress them on the fly without altering your original files. And the cherry on top? It even minifies your JavaScript and CSS files by trimming away excess whitespace to make your site as fast as possible.
In the following image, we can see that the same picture was compressed to several different resolutions, and each image is a different size, ranging from 6.2 KB to 309 KB.
Pricing
The standard plan for EWWW Image Optimizer starts at $7 per month for a single site and offers all the features. However, you can opt for more expensive plans with higher API limits and increased bandwidth.
Code quality
EWWW Image Optimizer demonstrates good code quality by adhering to WordPress coding standards and best practices. This significantly reduces potential conflicts with other plugins, enhancing overall compatibility within the WordPress ecosystem. Although functions have enough comments to explain their purpose, we believe certain code sections could be refactored to improve readability.
The plugin’s extensive and user-friendly documentation provides visual aids such as photographs and video tutorials. These resources cover all fundamental steps and the setup process, making them easy to follow for people of all technical proficiency levels.
Security
We like that the plugin’s changelog provides transparent and detailed information regarding modifications in each release. However, we don’t like that security fixes are often integrated with other updates. Clubbing security updates together is not a security best practice, as this means users frequently have to wait longer to receive security fixes.
EWWW Image Optimizer has historically addressed five security vulnerabilities, ranging from Cross-Site Request Forgery (CSRF) to Remote Code Execution and Cross-Site Scripting (XSS). The most recent fix, a low-priority CSRF vulnerability, was patched on April 10, 2024. This shows that developers work hard and respond to security incidents promptly.
Moreover, the development team actively encourages security research by participating in the Patchstack Vulnerability Disclosure Program. This proactive approach to security management shows that the developers are committed to building a secure plugin.
Reputation
EWWW Image Optimizer has cultivated a strong reputation within the WordPress community, and it maintains an active blog that contributes to user engagement and trust. The plugin has impressive user ratings – users have rated it an average of 4.7 out of 5 stars across 1,712 reviews. Of these, 1,541 are five-star reviews, which indicates a high level of user satisfaction
However, it’s worth noting that among the 71 one-star reviews, some users report issues related explicitly to WebP image quality.
2 – Imagify
Imagify is a powerful solution for WordPress image compression. It offers a range of features catering to both novice WordPress users and professional web developers. One of its strongest features is its support for different image formats. It supports JPGs, PNGs, PDFs, GIFs, and even modern image formats such as AVIF and WebP right out of the box. This ensures that you can apply a single image optimization strategy to all your files, regardless of their type.
It offers a Smart Compression feature, eliminating the need for users to navigate complex settings or make technical decisions about compression levels. Instead, Imagify’s algorithm intelligently balances image quality and file size reduction to ensure optimal results without user intervention. This automated process saves time and ensures consistent quality across all images on a WordPress site.
You should note that Imagify offloads the compression process to its dedicated servers. This means that the user’s server resources will not be strained under the load, which is particularly beneficial for websites hosted on shared servers or those with limited processing power. It allows for efficient image optimization without impacting overall site performance. However, it also raises the question of the privacy and security of your data if you are compressing paywalled content.
During our testing, we noticed a discrepancy in resource usage calculations. Initially, we uploaded a single image to our WordPress site and expected the quota to get used up by a certain amount. Still, to our surprise, different dashboard parts showed conflicting information.
For instance, the above image shows that exactly one image was optimized on this WordPress site, and Imagify reduced its size from 2.5MB to 1.2MB. At the same time, the following screenshot shows that the original file size of the same image was 503 KB and was reduced to 208 KB.
This was concerning as Imagify charges extra for a higher usage quota; when we brought this up with the Imagify support team, they simply redirected us to a documentation post explaining how quota usage is Calculated at Imagify, which still didn’t answer our question about why the dashboard shows two different numbers.
Pricing
Imagify offers a free forever plan but it has a usage quota of 20MB per month. To compress more images, you must purchase the $5.99 /month plan, which offers a cap of 500MB per month.
Code quality
Imagify’s code is well-structured, and the developers who created it did a good job keeping everything organized and easy to understand. The codebase contains helpful comments and splits up different tasks into separate classes. By creating a separate class for each feature, they have made a maintainable codebase that can be updated easily.
Furthermore, Imagify’s documentation is up-to-date and tells users how to set up the plugin and fix common problems, which is helpful for non-experts.
Security
From a security perspective, Imagify’s approach is somewhat opaque. The changelog lacks explicit mentions of security patches or vulnerability resolutions, which may raise concerns among security-conscious users.
However, the plugin implements a responsible disclosure policy for security researchers by providing a dedicated channel for reporting potential vulnerabilities. This approach is superior to creating a generic contact form, expediting the reporting process, and ensuring sensitive information is handled securely.
Reputation
Imagify was developed by WP Media (founded in France in January 2014) and launched its services in January 2016. Since then, it has achieved significant market share and has approximately 900,000 active installations.
User feedback is predominantly positive on WordPress.org, with an average rating of 4.3 out of 5 stars based on 1,479 reviews. The ratings distribution shows 1,164 five-star reviews and 193 one-star reviews, indicating a high level of user satisfaction with occasional dissatisfaction due to specific use cases or compatibility issues.
3 – Optimole
Optimole is an image optimization plugin for WordPress that delivers optimized and compressed images to users to improve website speed and performance. It has real-time image optimization capabilities, which means it can produce different images based on the user’s device and browser.
Like other popular plugins, Optimole serves compressed images from a global CDN, which further reduces load times and improves user experience. It can also implement lazy loading, saving bandwidth by only fetching images when needed. Furthermore, you can use it to add custom watermarks to your images to protect them from unauthorized use.
One thing that stood out during our internal testing was that Optimole only allows you to upload images smaller than 5.7MB to its dashboard. This seems counterproductive, as the only purpose of using an image compression tool is to shrink oversized images.
Pricing
The Optimole starter plan costs $27/month and offers unlimited image compression for sites with a monthly traffic of about 40k visitors. The business plan, which costs $55/month, offers all the same features but allows you to configure your custom domain and increases the visitor limit to 100k.
Code Quality
Optimole’s code looks well-written, adhering to WordPress coding standards and providing sufficient comments, which are spread throughout the codebase to provide more context. However, some lines of the codebase are excessively long and could use a bit of refactoring.
Optimole has a dedicated changelog section in its GitHub repository; however, it doesn’t provide adequate information on security updates. Security fixes are often hidden behind a vague message like “Harden Security” without providing any additional information.
The plugin site contains in-depth documentation that provides sufficient information and resources to solve all user queries and guide them through different features. This is helpful for users who are just starting with WordPress and unfamiliar with the process.
Security
Optimole releases regular updates to address security vulnerabilities and improve performance. In the past, we have seen a few minor vulnerabilities in their codebase that were fixed by the developers in a timely manner.
The plugin developers do not host a bug bounty or a similar vulnerability disclosure program that encourages users to detect vulnerabilities in their software.
In addition, the Optimole WordPress plugin listing does not provide any information about how to responsibly disclose a security vulnerability to plugin developers. The plugin homepage contains a contact form that can be used to reach out to the customer support team. Since there isn’t a dedicated channel for communicating security issues, high-priority requests might get buried under customer support queries.
Reputation
Optimole has over 200,000 installations on WordPress.org and a generally positive reputation among users. Many praise its ease of use, performance improvements, and responsive support. It is built by Vertistudio, a small team of developers based in Romania.
Out of its six hundred reviews, over 530 reviews have awarded Optimole 5 stars, bringing its average rating up to 4.7 out of 5 stars. Some negative reviews complained about the limited number of images and their bad experience with the Optimole configuration.
4 – ShortPixel Image Optimizer
ShortPixel Image Optimizer offers a comprehensive set of features designed to streamline image compression and conversion, which ultimately contributes to faster loading times and improved user experience.
It supports next-generation image formats such as WebP and AVIF, which offer superior compression while maintaining high visual quality. This is crucial for meeting Google’s PageSpeed recommendations and improving Core Web Vitals scores.
ShortPixel also uses external servers for image optimization, minimizing the load on the user’s hosting environment. This approach also allows for more powerful compression algorithms to be used without being constrained by the limitations of shared hosting environments. However, compressing sensitive data hidden behind a paywall would raise privacy concerns.
ShortPixel also offers features that cater to more advanced users and specific use cases. These include removing certain images from optimization, restoring original pictures if needed, and integrating with other popular WordPress plugins and page builders. Such flexibility makes ShortPixel a viable option for many WordPress users, from bloggers to e-commerce site owners.
Pricing
ShortPixel has adopted a credit-based system, where each image optimization consumes one credit. This model allows users to choose plans based on their specific volume needs. You can buy 30,000 credits for a one-time cost of $19.99, or you can opt for a monthly subscription of $9.99, which gives you unlimited credits.
Code Quality
ShortPixel’s well-structured code follows quality coding practices by incorporating helpful comments and adhering to WordPress standards. This significantly reduces potential conflicts with other plugins and enhances overall compatibility.
However, the plugin’s approach to security updates is somewhat inconsistent. Fixes are sometimes released promptly, while at other times, they are bundled with major feature updates. This could potentially leave users vulnerable for extended periods.
Although the ShortPixel Knowledgebase is comprehensive, it suffers from poor organization. Some sections contain an overwhelming number of short posts, while others are sparsely populated. This indicates a need for better content management and structure to improve user experience.
Security
Like many other plugins, ShortPixel has faced vulnerabilities in the past, including a PHP Object Injection vulnerability in September 2023 and a Cross-Site Scripting vulnerability in June 2022, both of which were addressed promptly by the development team.
We like that the plugin developers have provided clear instructions on their WordPress listing on how to disclose security vulnerabilities responsibly. Moreover, the plugin’s commitment to security is further evident by its participation in the Patchstack Vulnerability Disclosure Program.
By participating in a Bug bounty program, the ShortPixel developers created a system that efficiently reports and resolves security issues. This proactive approach to security management demonstrates the team’s dedication to maintaining a safe and reliable product for its users.
Reputation
The ShortPixel team is relatively well-known in the WordPress community. It started in 2014 and often attends WordPress events and other conferences. On WordPress.org, the plugin has more than 300,000 active installations, which makes it one of the most popular plugins.
Moreover, it has overall good reviews, with an average rating of 4.5 out of 5 stars from 764 reviews. Of these, 653 are 5-star reviews, and 71 are 1-star reviews. Some users have complained about poor customer support in their reviews. Despite this, the plugin’s high average rating suggests that most users are satisfied with its performance.
5 – Smush
Smush is a WordPress plugin designed to optimize and compress images to reduce a website’s loading times. As you might expect, it supports basic features such as lossless and lossy image compression, lazy image loading, and even modern image formats including WebP. In addition, it provides an option to remove or keep EXIF data from your images.
You can use it to compress an unlimited number of images, each as big as 256MB – this is particularly useful since many other plugins put arbitrary limits on file size and image number to upsell expensive plans.
Pricing
Smush is developed by WPMU DEV, a WordPress hosting provider. If you use WPMU DEV to host your WordPress website, you can use the entire suite of plugins for no extra cost.
However, if you are not a WPMU DEV user, you can purchase the basic plan for $3/month, which provides you with a license for a single site. More expensive plans offer similar features but with relaxed limits on the number of sites and increased CDN bandwidth.
Code Quality
Smush is built by experienced developers who maintain commendable code quality. For example, after inspecting their source code, you can see that all the functions have a comment block that explains their purpose and a version number for when a particular feature was introduced. This makes it easier to track changes and make updates in the future.
The plugin adheres to WordPress coding standards and best practices. Still, we don’t like that the changelog provides vague messages like “Improvement: Security improvements“ without providing additional information about the changed security component.
The developers have created extensive documentation on the plugin’s site, but it is long. Even though the long document contains necessary information, it can be hard to navigate, especially on mobile devices.
Security
Smush is regularly updated, and its past record shows that developers quickly patched vulnerabilities whenever they were discovered. We particularly like that the plugin has a separate section on its WordPress plugin page that tells security researchers how to report security issues or bugs.
We also like that Smush is part of Patchstack’s vulnerability disclosure program. This program rewards developers and security researchers for responsibly disclosing a security vulnerability in the plugin, helping to ensure that Smush is regularly tested by security researchers and remains secure against common WordPress attacks.
Reputation
Smush has one of the strongest reputations among WordPress users, as it is backed by a large WordPress hosting company with a large user base. WPMU Dev has an active community of WordPress developers and users who regularly share their thoughts. It also has a strong presence on social media platforms and an active blog.
On WordPress.org, it has over a million active installations and almost six thousand reviews, with an average rating of 4.8 out of 5 stars. Out of those six thousand reviews, more than 5,400 are five-star reviews, which shows how much people love it. Most poorly rated reviews are pretty old, and users who left the reviews recently seem quite pleased with the plugin.
Wrapping Up
In this post, we examined the technical aspects, security measures, and user reputations of leading WordPress image optimization plugins. By reviewing their code quality, security practices, and user feedback, we’ve provided you with the crucial information needed to decide which tool best suits your website’s needs.
Whether you prioritize cutting-edge features, robust security, or user-friendly interfaces, understanding these nuances can significantly impact your WordPress site’s performance and security.
However, it’s important to remember that plugin security is just one piece of the broader WordPress security puzzle.
To ensure comprehensive protection for your WordPress site, we strongly recommend considering a holistic security solution.
This is where Patchstack comes in.
Patchstack is a specialized WordPress security platform that goes beyond individual plugin vulnerabilities to safeguard your entire WordPress ecosystem. By signing up for Patchstack, you’ll benefit from:
- Comprehensive vulnerability detection across all WordPress components.
- 48-hour early warnings about potential security threats.
- Automated security patches and updates.
- Real-time monitoring and threat intelligence.
Sign up for Patchstack and make sure your WordPress site is safe, secure, and protected today.
