Title: Autoptimize ‘suspicious javascript code’ warning Last modified: August 1, 2021 --- # Autoptimize ‘suspicious javascript code’ warning * Resolved [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/) * I recently installed Autoptimize on the website for my club. I’ve enabled the Javascript optimizer and not too long ago, we started having issues with MS browsers blocking the site, reporting it as unsafe. I’ve done a scan on pcrisk.com and their scanner suggested there are 3 files created by your plugin causing the issue, like so: * ``` /wp-content/cache/autoptimize/js/autoptimize_a983704174d6e18552569bd9419dde0e.js Severity: Suspicious Reason: Detected suspicious JavaScript code Details: Detected encoded JavaScript code commonly used to hide suspicious behaviour. Offset: 24 Threat dump: View code File size[byte]: 231136 File type: ASCII MD5: 88E2B2346CFD5D3DBC2AF672EE3EAA3A Scan duration[sec]: 20.855 /wp-content/cache/autoptimize/js/autoptimize_532a2cc8a7919512c333b099908e5de6.js Severity: Suspicious Reason: Detected suspicious JavaScript code Details: Detected encoded JavaScript code commonly used to hide suspicious behaviour. Offset: 24 Threat dump: View code File size[byte]: 267065 File type: ASCII MD5: 06F7BD570C693AE94DFF7C6BC337B90F Scan duration[sec]: 21.505 /wp-content/cache/autoptimize/js/autoptimize_925a2c108644648ff10d6082ecfc7e33.js Severity: Suspicious Reason: Detected suspicious JavaScript code Details: Detected encoded JavaScript code commonly used to hide suspicious behaviour. Offset: 24 Threat dump: View code File size[byte]: 350218 File type: ASCII MD5: 4730BD75ED744E69D1B751C85AC9BE12 Scan duration[sec]: 24.124 ``` * I’ve not had this issue with any other website I’ve built, which mostly use your plugin for optimisation purposes. * Please can you help me to understand what this error is, why it is happening and what I can do to sort it? * Thanks in advance. * Best wishes, * James * The page I need help with: _[[log in](https://login.wordpress.org/?redirect_to=https%3A%2F%2Fwordpress.org%2Fsupport%2Ftopic%2Fautoptimize-suspicious-javascript-code-warning%2F%3Foutput_format%3Dmd&locale=en_US) to see the link]_ Viewing 15 replies - 1 through 15 (of 15 total) * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14724979) * Autoptimize combines the JavaScript that is added by your theme & plugins (and WordPress core) James, so one of those is (or was) adding suspicious code. Try disabling JS aggregation to see if a specific JS-file is identified. You might have to try different pages, as most plugins only add JS on pages where the plugin is active). * hope this clarifies, frank * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14725130) * Thanks for your reply Frank. I do understand what you’re saying, that it’s not the plugin, one of the aspects it is combining. * I did test the scanner by disabling JS optimising (but maintaining the HTML and CSS) optimisation and that did actually sort the problem, seemingly. Once JS was turned off, it reported no errors. Could it be because when the code itself is combined, it seems suspicious? * Either way, I will follow your advice to try different pages and see what happens. * Thank you again for your help. * Best wishes, * James * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14725739) * > Could it be because when the code itself is combined, it seems suspicious? * can’t say with 100% certainty, but I would be surprised if that would be the case, as a lot of sites would get flagged that way? * you can always try the “don’t aggregate but defer” and “defer inline JS” options, which might actually be better from a performance point of view? 🙂 * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14727935) * Yeah, I think you’re right. All the other websites I have built that use your plugin would all have the same issue as well, which they don’t. * It’s also odd that when I removed the combining, the error went, which suggests that the individual js scripts weren’t a problem either. You’d think the problem has to be somewhere. * I’ll try the defer option at some point to see if that helps. The website is lightweight enough that even without deferring the js, the performance penalties aren’t too great, thankfully. * Thanks so much for your input. * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14730061) * so what would be interesting to know; does the problem re-appear when “aggregate JS” is back on and if so can you save the contents of one or more flagged JS- files to a github gist or pastebin paste so I can review the contents? * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14735392) * Apologies for the delayed reply! So I’ve just switched the js optimisation on again and completed the same scan as before. Here’s a link to the three files which are marked as suspicious by the pcrisk.com scan. * [https://drive.google.com/drive/folders/1hLK3KjKcrKKKAxzI3im-2aZYNh127GHL?usp=sharing](https://drive.google.com/drive/folders/1hLK3KjKcrKKKAxzI3im-2aZYNh127GHL?usp=sharing) * I’ve had to do them as Google Docs, rather than pastebin or anything like that. * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14735405) * I just thought I’d say that I have switched it off again, since I want to avoid the website being perceived as malicious. Looking forward to your feedback. Thanks! * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14735712) * Based on the contents of the warning in your original post (“Detected encoded JavaScript code commonly used to hide suspicious behaviour”) and the JS source, my money is on the JS which even has the string “suspiciousStrings” in it and which indeed also does encoding. The likely culprit; wp-content/plugins/popup- builder/public/js/PopupBuilder.js, can you try excluding `wp-content/plugins/ popup-builder/` from JS optimization and test if that makes the warnings go away? * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14735778) * So that has had a positive effect. Thanks so much for the feedback. The new scan shows only one file that is the issue now, rather than three. I’ve added the newest error in a new document to the same Google Drive folder. What do you think this one is? * Thanks so much again for your help! * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14736526) * that’s the same wp-content/plugins/popup-builder/public/js/PopupBuilder.js, which is now excluded but is still minified by AO as the original file is not. untick the “minify excluded js/ css” option (near the bottom of the screen) and that warning should disappear too. * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737052) * Hi. So I followed your advice and it did result in no suspicious files, which is in itself great. I of course missed the option, with it being at the bottom of the page. * The only issue now (which perhaps might not have much to do with the plugin) is that it is now marked as blacklisted by the pcrisk scanner, where it wasn’t before. I’ll see what I can do about that. * Thanks again for the help. * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737097) * It would make sense for them to limit the amount of scans for a domain per time unit (24h), so maybe that’s what’s happening. * Also, I see “The scanner crawlers are blocked by the web application firewall on this domain/website. The scan result could be incomplete.” -> did you activate cloudflare bot fighting mode maybe? * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737176) * You might be right. As it happens, I checked and bot fighting mode is not active. It perhaps is something else. Either way, I hope it will sort itself out, as there just isn’t anything I can see as being wrong. * Thanks so much for your support in understanding why the issues were happening in the first place. I’m happy to mark this as resolved now, since the issues don’t seem to have anything to do with your plugin any more. * Plugin Author [Optimizing Matters](https://wordpress.org/support/users/optimizingmatters/) * (@optimizingmatters) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737179) * you’re welcome, feel free to [leave a review of the plugin and support here](https://wordpress.org/support/plugin/autoptimize/reviews/#new-post)! 🙂 * Thread Starter [jgolding94](https://wordpress.org/support/users/jgolding94/) * (@jgolding94) * [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737493) * Done 🙂 Viewing 15 replies - 1 through 15 (of 15 total) The topic ‘Autoptimize ‘suspicious javascript code’ warning’ is closed to new replies. * ![](https://ps.w.org/autoptimize/assets/icon-256X256.png?rev=2211608) * [Autoptimize](https://wordpress.org/plugins/autoptimize/) * [Frequently Asked Questions](https://wordpress.org/plugins/autoptimize/#faq) * [Support Threads](https://wordpress.org/support/plugin/autoptimize/) * [Active Topics](https://wordpress.org/support/plugin/autoptimize/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/autoptimize/unresolved/) * [Reviews](https://wordpress.org/support/plugin/autoptimize/reviews/) ## Tags * [javascript](https://wordpress.org/support/topic-tag/javascript/) * 15 replies * 2 participants * Last reply from: [jgolding94](https://wordpress.org/support/users/jgolding94/) * Last activity: [4 years, 10 months ago](https://wordpress.org/support/topic/autoptimize-suspicious-javascript-code-warning/#post-14737493) * Status: resolved