This post may contain affiliate links, please read our affiliate disclosure to learn more.
How to Disable WP Optimize From Creating “wpo-plugins-tables-list.json”

How to Disable WP Optimize From Creating “wpo-plugins-tables-list.json”

 By Charles Joseph | Cybersecurity Researcher
 Published on December 26th, 2023
This post was updated on December 31st, 2023

I recently stumbled upon a surprising fact about the popular WordPress plugin “WP Optimize.” It turns out that the plugin creates a file named “wpo-plugins-tables-list.json” in your public “uploads” directory — a place usually reserved for images. What’s alarming is that the file isn’t just any file — it contains all of your site’s plugins and their database tables.

Gathering all of this information in one easily accessible file can’t be good. Why would WP Optimize just casually lay out a welcome mat for hackers?

NordVPN 67% off + 3-month VPN coupon

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

Let’s nip this issue in the bud.

By inserting the following ‘add_filter’ statement into a custom plugin or your function.php file, you can stop WP Optimize from creating this hazardous file:

How to Create a Custom WordPress Plugin to Disable wpo-plugins-tables-list.json file

Creating a simple WordPress plugin to implement the code snippet above is straightforward. Here’s a quick guide to writing such a plugin:

  1. Create a PHP File for Your Plugin: First, you need to create a new PHP file for your plugin. You can name it something like disable-wpo-json-creation.php.
  2. Add the Plugin Header: At the top of your PHP file, add a comment block that WordPress recognizes as a plugin header. This includes details like the plugin name, description, version, and author.
  3. Add the Functionality: After the header, write the code that alters the behavior of WP Optimize.

Here is how your complete plugin file (disable-wpo-json-creation.php) should look:

  1. Install the Plugin: To use this plugin, you need to upload the disable-wpo-json-creation.php file to your WordPress installation under the wp-content/plugins directory.
  2. Activate the Plugin: Finally, log in to your WordPress dashboard, navigate to the ‘Plugins’ section, find the ‘Disable WPO JSON Creation’ plugin in the list, and click ‘Activate.’

Make sure to delete “wpo-plugins-tables-list.json.”


"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional
Scroll to Top