Title: Unrendered PHP code Last modified: June 14, 2021 --- # Unrendered PHP code * Resolved [solu78](https://wordpress.org/support/users/solu78/) * (@solu78) * [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/) * My security scanner tells me: * “We have detected unexecuted php code on your site. PHP code displayed to end users can give away information that a hacker may use to attack your site. This may also be the result of server misconfiguration.” * Btw – I’d share the precise link, but then the link would be public. If you must have the exact link to answer this question, please let me know if there’s a way to send it privately. * Does this plugin have some unexecuted PHP code in it? - This topic was modified 4 years, 11 months ago by [solu78](https://wordpress.org/support/users/solu78/). Viewing 4 replies - 1 through 4 (of 4 total) * Plugin Author [Stoyan Georgiev](https://wordpress.org/support/users/stoyangeorgiev/) * (@stoyangeorgiev) * [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/#post-14557041) * Hey there [@solu78](https://wordpress.org/support/users/solu78/) , * Would it be possible to be more specific about the issue and how it is connected to the SG Optimizer? Do you have any issues when using our plugin? * It would be impossible to find the exact reason for that without a URL. As for the second question, I am afraid that sending details in private is not following the community guidelines, so you can safely send it here. * Kind regards, Stoyan * Thread Starter [solu78](https://wordpress.org/support/users/solu78/) * (@solu78) * [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/#post-14558561) * Hello [@stoyangeorgiev](https://wordpress.org/support/users/stoyangeorgiev/) — * I have Siteground as my host, Cloudflare for the CDN, and I have a site scanner( from Sitelock) installed that is notifying me that the following link may have‘ unexecuted php code’: * [https://havihealth.com/wp-content/uploads/siteground-optimizer-assets/%url%](https://havihealth.com/wp-content/uploads/siteground-optimizer-assets/%url%) * The plugin is currently working great and from what I can tell, my website is functioning at 100%. * That said, I wanted to be proactive and inquire if that security warning was coming from the SG optimizer (as Sitelock has identified it as a vulnerability). * **RE: Optimizer set up** * Environmental Optimization Enable HTTPS > On Fix Insecure Content > OFF Heartbeat > OFF DNS Prefetch. > ON (//ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare- static/rocket-loader.min.js) Scheduled Database Maintenance > ON * Front End Optimization — Everything is ON + I have prefetched google fonts (i. e., [https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxP.ttf](https://fonts.gstatic.com/s/roboto/v27/KFOmCnqEu92Fr1Mu4mxP.ttf)) * Media optimization — None * Thanks so much for your help. - This reply was modified 4 years, 11 months ago by [solu78](https://wordpress.org/support/users/solu78/). - This reply was modified 4 years, 11 months ago by [solu78](https://wordpress.org/support/users/solu78/). * Plugin Author [Hristo Pandjarov](https://wordpress.org/support/users/hristo-sg/) * (@hristo-sg) * SiteGround Representative * [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/#post-14561455) * We do not add any PHP code there. Check the files and see where it is coming from. Of course, it can always be false positive but there is a chance that a plugin / custom function is adding it there. I can see the rocket-loader.min. js too so please stop and disable all wp rocket stuff or other performance optionzations to be sure you’re avoiding conflict. * Thread Starter [solu78](https://wordpress.org/support/users/solu78/) * (@solu78) * [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/#post-14562858) * Thanks for your reply. * Outside of Cloudflare rocket-loader, I don’t have any other speed or cashing plugin. I’ll turn off the rocket-loader and any minification of JavaScript, HTML, and CSS in Cloudflare. * Because I DNS-prefetched the rocket loader, could that be causing a conflict as well? * Here are the following two items I have DNS-prefetched on this Siteground optimizer plugin: * //ajax.cloudflare.com/cdn-cgi/scripts/7d0fa10a/cloudflare-static/**rocket-loader**. min.js * //cloudflare.com - This reply was modified 4 years, 11 months ago by [solu78](https://wordpress.org/support/users/solu78/). - This reply was modified 4 years, 11 months ago by [solu78](https://wordpress.org/support/users/solu78/). Viewing 4 replies - 1 through 4 (of 4 total) The topic ‘Unrendered PHP code’ is closed to new replies. * ![](https://ps.w.org/sg-cachepress/assets/icon-256x256.gif?rev=2971889) * [Speed Optimizer - The All-In-One Performance-Boosting Plugin](https://wordpress.org/plugins/sg-cachepress/) * [Support Threads](https://wordpress.org/support/plugin/sg-cachepress/) * [Active Topics](https://wordpress.org/support/plugin/sg-cachepress/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/sg-cachepress/unresolved/) * [Reviews](https://wordpress.org/support/plugin/sg-cachepress/reviews/) ## Tags * [php](https://wordpress.org/support/topic-tag/php/) * 4 replies * 3 participants * Last reply from: [solu78](https://wordpress.org/support/users/solu78/) * Last activity: [4 years, 11 months ago](https://wordpress.org/support/topic/unrendered-php-code/#post-14562858) * Status: resolved