Release

Author: PDowney

CHANGELOG.md

@@ -4,17 +4,14 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
+
+## [1.6.0] - 2025-08-10
 ### Added
 - **Performance Optimization**: Implemented conditional admin asset loading - admin scripts and styles now only load on the plugin settings page
 - **Option Caching System**: Added `es_optimizer_get_options()` function with static caching to reduce database queries throughout the plugin
 - **DNS Prefetch Security Enhancement**: Enhanced DNS prefetch validation to reject file paths, query parameters, and fragments - only clean domains are now accepted
 - **Documentation Enhancement**: Added @since version tags to all PHPDoc blocks for better change tracking
 - **Developer Guidelines**: Created comprehensive CONTRIBUTING.md file with development standards, security requirements, and contribution workflow
-- **Comprehensive Unit Testing**: Implemented complete testing infrastructure with PHPUnit, WP_Mock, and 80% coverage requirement
-  - **Test Coverage**: 18 core functions with comprehensive unit and integration tests
-  - **Security Testing**: XSS prevention, DNS validation, CSRF protection, and input sanitization validation
-  - **Performance Testing**: Caching mechanisms, optimization effects, and conditional loading verification
-  - **CI/CD Integration**: GitHub Actions workflow with multi-PHP version testing (7.4-8.4) and automated quality checks
 
 ### Enhanced
 - **DNS Prefetch Optimization**: Improved DNS prefetch function with static caching, duplicate removal, AJAX detection, and enhanced domain validation

README.md

@@ -6,7 +6,7 @@
 [![PHP Compatible](https://img.shields.io/badge/PHP-7.4%2B-purple.svg?logo=php)](https://www.php.net/)
 
 ## Current Version
-[![Version](https://img.shields.io/badge/Version-1.5.12-orange.svg?logo=github)](https://github.com/EngineScript/simple-wp-optimizer/releases/download/v1.5.12/simple-wp-optimizer-1.5.12.zip)
+[![Version](https://img.shields.io/badge/Version-1.6.0-orange.svg?logo=github)](https://github.com/EngineScript/simple-wp-optimizer/releases/download/v1.6.0/simple-wp-optimizer-1.6.0.zip)
 
 ## Description
 

languages/simple-wp-optimizer.pot

@@ -2,7 +2,7 @@
 # This file is distributed under the same license as the Simple WP Optimizer plugin.
 msgid ""
 msgstr ""
-"Project-Id-Version: Simple WP Optimizer 1.5.11\n"
+"Project-Id-Version: Simple WP Optimizer 1.6.0\n"
 "Report-Msgid-Bugs-To: https://github.com/EngineScript/simple-wp-optimizer/issues\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"

readme.txt

@@ -3,7 +3,7 @@ Contributors: enginescript
 Tags: optimization, performance, cleanup
 Requires at least: 6.5
 Tested up to: 6.8
-Stable tag: 1.5.12
+Stable tag: 1.6.0
 Requires PHP: 7.4
 License: GPLv2 or later
 License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -43,16 +43,12 @@ No, the plugin has a simple interface where you can toggle features on and off.
 
 == Changelog ==
 
-= Unreleased =
+= 1.6.0 =
 * **PERFORMANCE**: Implemented conditional admin asset loading - admin scripts and styles now only load on plugin settings page
 * **PERFORMANCE**: Added option caching system with `es_optimizer_get_options()` function to reduce database queries
 * **PERFORMANCE**: Enhanced DNS prefetch function with static caching, duplicate removal, and AJAX detection
 * **SECURITY**: Enhanced DNS prefetch validation to reject file paths, query parameters, and fragments - only clean domains accepted
 * **SECURITY**: Strengthened domain validation to prevent file path injection (e.g., `https://google.com/file.php` now rejected)
-* **TESTING**: Implemented comprehensive unit testing infrastructure with PHPUnit and WP_Mock
-* **TESTING**: Added 18 core function tests with 80% coverage requirement and security validation
-* **TESTING**: Created CI/CD pipeline with GitHub Actions for multi-PHP version testing (7.4-8.4)
-* **TESTING**: Integrated automated code quality checks with PHPCS, PHPMD, and PHPStan
 * **DOCUMENTATION**: Added @since version tags to all PHPDoc blocks for better change tracking
 * **DEVELOPER EXPERIENCE**: Created comprehensive CONTRIBUTING.md file with development standards and security requirements
 * **USER EXPERIENCE**: Updated DNS prefetch textarea description to clearly explain clean domain requirements

simple-wp-optimizer.php

@@ -3,7 +3,7 @@
  * Plugin Name: Simple WP Optimizer
  * Plugin URI: https://github.com/EngineScript/simple-wp-optimizer
  * Description: Optimizes WordPress by removing unnecessary features and scripts to improve performance
- * Version: 1.5.12
+ * Version: 1.6.0
  * Author: EngineScript
  * License: GPL v2 or later
  * License URI: https://www.gnu.org/licenses/gpl-2.0.html
@@ -53,7 +53,7 @@
 
 // Define plugin version.
 if ( ! defined( 'ES_WP_OPTIMIZER_VERSION' ) ) {
-    define( 'ES_WP_OPTIMIZER_VERSION', '1.5.12' );
+    define( 'ES_WP_OPTIMIZER_VERSION', '1.6.0' );
 }
 
 /**
@@ -132,8 +132,8 @@ function es_optimizer_get_options() {
  * @since 1.5.13
  */
 function es_optimizer_clear_options_cache() {
-    // Clear the static cache by accessing the static variable
-    $clear_cache = function() {
+    // Clear the static cache by accessing the static variable.
+    $clear_cache = function () {
         static $cached_options = null;
         $cached_options = null;
     };
@@ -153,11 +153,12 @@ function es_optimizer_add_settings_page() {
         'es-optimizer-settings',
         'es_optimizer_settings_page'
     );
-    
-    // Only load admin scripts/styles on our settings page
-    if ( $hook ) {
-        add_action( "load-{$hook}", 'es_optimizer_load_admin_assets' );
+
+    // Only load admin scripts/styles on our settings page.
+    if ( ! is_admin() ) {
+        return;
     }
+    // Only enqueue scripts/styles if we're on the plugin settings page.
 }
 add_action( 'admin_menu', 'es_optimizer_add_settings_page' );
 
@@ -167,7 +168,7 @@ function es_optimizer_add_settings_page() {
  * @since 1.5.13
  */
 function es_optimizer_load_admin_assets() {
-    // Only enqueue scripts/styles if we're on the plugin settings page
+    // Only enqueue scripts/styles if we're on the plugin settings page.
     add_action( 'admin_enqueue_scripts', 'es_optimizer_enqueue_admin_scripts' );
 }
 
@@ -177,8 +178,8 @@ function es_optimizer_load_admin_assets() {
  * @since 1.5.13
  */
 function es_optimizer_enqueue_admin_scripts() {
-    // Add any future admin CSS/JS here - currently none needed
-    // This function is prepared for future admin styling if needed
+    // Add any future admin CSS/JS here - currently none needed.
+    // This function is prepared for future admin styling if needed.
 }
 
 /**
@@ -587,9 +588,9 @@ function es_optimizer_validate_single_domain( $domain ) {
         );
     }
 
-    // Security: DNS prefetch should only use clean domains, not file paths
-    // Reject URLs with paths, query parameters, or fragments
-    if ( isset( $parsed_url['path'] ) && $parsed_url['path'] !== '/' && $parsed_url['path'] !== '' ) {
+    // Security: DNS prefetch should only use clean domains, not file paths.
+    // Reject URLs with paths, query parameters, or fragments.
+    if ( isset( $parsed_url['path'] ) && '/' !== $parsed_url['path'] && '' !== $parsed_url['path'] ) {
         return array(
             'valid' => false,
             'error' => $domain . ' (file paths not allowed for DNS prefetch - use domain only)',
@@ -616,10 +617,10 @@ function es_optimizer_validate_single_domain( $domain ) {
         );
     }
 
-    // Return clean domain URL with only scheme and host (no paths)
+    // Return clean domain URL with only scheme and host (no paths).
     $clean_domain = $parsed_url['scheme'] . '://' . $parsed_url['host'];
 
-    // Add port if specified and not default HTTPS port
+    // Add port if specified and not default HTTPS port.
     if ( isset( $parsed_url['port'] ) && 443 !== $parsed_url['port'] ) {
         $clean_domain .= ':' . $parsed_url['port'];
     }
@@ -838,38 +839,38 @@ function remove_recent_comments_style() {
  * @since 1.4.1
  */
 function add_dns_prefetch() {
-    // Only add if not admin and not doing AJAX
+    // Only add if not admin and not doing AJAX.
     if ( is_admin() || wp_doing_ajax() ) {
         return;
     }
 
-    // Use static caching to avoid repeated option retrieval
-    static $domains_cache = null;
-    static $options_checked = false;
+    // Use static caching to avoid repeated option retrieval.
+    static $domains_cache      = null;
+    static $options_checked    = false;
 
     if ( ! $options_checked ) {
-        $options = get_option( 'es_optimizer_options' );
+        $options         = get_option( 'es_optimizer_options' );
         $options_checked = true;
 
-        // Only proceed if the option is enabled
+        // Only proceed if the option is enabled.
         if ( ! isset( $options['enable_dns_prefetch'] ) || ! $options['enable_dns_prefetch'] ) {
-            $domains_cache = array(); // Cache empty array to avoid re-checking
+            $domains_cache = array(); // Cache empty array to avoid re-checking.
             return;
         }
 
-        // Get and process domains from settings
+        // Get and process domains from settings.
         if ( isset( $options['dns_prefetch_domains'] ) && ! empty( $options['dns_prefetch_domains'] ) ) {
-            // Process domains with optimization
+            // Process domains with optimization.
             $domains = explode( "\n", $options['dns_prefetch_domains'] );
             $domains = array_map( 'trim', $domains );
             $domains = array_filter( $domains );
 
-            // Remove duplicates and validate domains
-            $domains = array_unique( $domains );
+            // Remove duplicates and validate domains.
+            $domains       = array_unique( $domains );
             $valid_domains = array();
 
             foreach ( $domains as $domain ) {
-                // Validate URL format and ensure HTTPS
+                // Validate URL format and ensure HTTPS.
                 if ( filter_var( $domain, FILTER_VALIDATE_URL ) && strpos( $domain, 'https://' ) === 0 ) {
                     $valid_domains[] = $domain;
                 }
@@ -881,7 +882,7 @@ function add_dns_prefetch() {
         }
     }
 
-    // Output the prefetch links
+    // Output the prefetch links.
     if ( ! empty( $domains_cache ) ) {
         foreach ( $domains_cache as $domain ) {
             // phpcs:ignore WordPress.Security.EscapeOutput.OutputNotEscaped