Title: SmallPict
Author: c0redump
Published: <strong>Machi 4, 2026</strong>
Last modified: Machi 4, 2026

---

Tafuta vijalizi

![](https://ps.w.org/smallpict/assets/banner-772x250.png?rev=3474731)

![](https://ps.w.org/smallpict/assets/icon-256x256.png?rev=3474731)

# SmallPict

 By [c0redump](https://profiles.wordpress.org/c0redump/)

[Pakua](https://downloads.wordpress.org/plugin/smallpict.1.1.7.zip)

 * [Details](https://sw.wordpress.org/plugins/smallpict/#description)
 * [Reviews](https://sw.wordpress.org/plugins/smallpict/#reviews)
 *  [Installation](https://sw.wordpress.org/plugins/smallpict/#installation)
 * [Development](https://sw.wordpress.org/plugins/smallpict/#developers)

 [Saidia](https://wordpress.org/support/plugin/smallpict/)

## Maelezo

SmallPict is the simplest way to speed up your WordPress site. We automatically 
compress and convert your images to modern formats (WebP & AVIF), making your pages
load instantly without sacrificing visual quality.

**Everything you need for a super fast WordPress website:**

 * **Simply Magical**: Install, activate, and done. No confusing server configuration
   or complicated API keys.
 * **Zero Server Load**: Compression happens in our cloud, so your hosting server
   stays light and fast. Works with all hosting types.
 * **Premium Quality**: Smart AI technology ensures the smallest possible file size
   without sacrificing visual quality.
 * **Your Images Stay Safe**: We never store your images. After optimization, files
   go directly back to your WordPress — no copies kept on our servers.
 * **Modern Formats**: Automatically serves next-gen formats like WebP and AVIF (
   Pro) for superior speed.

**Why SmallPict?**
 * Faster WordPress website * Sharp images * No complex settings*
Your images stay private

### External services

This plugin connects to our 3rd-party external API to compress and optimize your
uploaded images without impacting your local server performance.

 * **Data sent**: The plugin sends the raw uploaded image file along with your compression
   preferences (e.g., target format and quality level). This data is sent automatically
   in real-time every time you upload a new media file to the WordPress Media Library.
 * **Service Details**: The API receives the data, converting images to modern formats
   like WebP or AVIF based on your settings, and immediately returns the optimized
   image to your WordPress site. We do not permanently store or retain your images.
 * **Terms of Service**: https://smallpict.tuxnoob.com/en/terms
 * **Privacy Policy**: https://smallpict.tuxnoob.com/en/privacy

## Screenshots

 * [[
 * **Dashboard**: Monitor your usage and quota.

## Installation

 1. Upload the plugin files to the `/wp-content/plugins/smallpict` directory, or install
    the plugin through the WordPress plugins screen directly.
 2. Activate the plugin through the ‘Plugins’ screen in WordPress.
 3. Follow the opt-in wizard to connect your Freemius account.
 4. Configure your compression settings in Settings -> SmallPict.

## FAQ

### Does this plugin require an account?

Yes, it requires a free SmallPict account (managed via Freemius) to securely access
the cloud processing API.

### What happens if I reach my quota?

Your images will stop being optimized until your quota resets next month or you 
upgrade your plan.

## Reviews

Hakuna hakiki za programu-jalizi hii.

## Wachangiaji & Wasanidi

“SmallPict” is open source software. The following people have contributed to this
plugin.

Contributors

 *   [ c0redump ](https://profiles.wordpress.org/c0redump/)
 *   [ wam ](https://profiles.wordpress.org/wam/)

[Translate “SmallPict” into your language.](https://translate.wordpress.org/projects/wp-plugins/smallpict)

### Interested in development?

[Browse the code](https://plugins.trac.wordpress.org/browser/smallpict/), check 
out the [SVN repository](https://plugins.svn.wordpress.org/smallpict/), or subscribe
to the [development log](https://plugins.trac.wordpress.org/log/smallpict/) by [RSS](https://plugins.trac.wordpress.org/log/smallpict/?limit=100&mode=stop_on_copy&format=rss).

## Changelog

#### 1.1.7

 * Enhancement: Added minimalist plugin banner and high-res icon for WordPress.org
   repository.

#### 1.1.6

 * Fix: Corrected GitHub Actions deploy workflow — moved `SLUG` and `BUILD_DIR` 
   to env vars (were incorrectly passed as `with:` inputs to `10up/action-wordpress-
   plugin-deploy`).
 * Fix: Replaced deprecated `buttonizer/freemius-deploy` GitHub Action with a direct
   Freemius API Python script, eliminating the `set-output` deprecation warning.
 * Fix: Corrected Freemius API HMAC-SHA256 signing to match PHP SDK — uses RFC 2822
   date, hex HMAC digest, and URL-safe base64 without padding.

#### 1.1.5

 * Security: Server-side quota enforcement — monthly usage now tracked in DynamoDB
   and enforced before each job starts.
 * Security: File size limit per plan is now validated server-side before processing
   begins (prevents oversized uploads bypassing plan limits).
 * Security: Removed hardcoded JWT fallback secret — API now returns 500 if `JWT_SECRET`
   env var is missing.
 * Security: `is_sandbox` mode is now determined by a server-side environment variable(`
   ALLOW_SANDBOX`), not a client-supplied flag (prevents quota bypass).
 * Security: S3 object key is now validated to belong to the authenticated tenant(
   prevents path traversal attacks).
 * Security: Replaced `file_get_contents()` S3 upload with streaming cURL (`CURLOPT_INFILE`)
   to prevent PHP OOM errors on large files.
 * Security: Admin JS now receives a nonce via `wp_localize_script` for future AJAX
   request verification.
 * Performance: Upload polling now uses exponential backoff (2s5s, max 20 attempts)
   replacing a flat 60-second blocking loop.
 * Performance: Bulk imports via WP-CLI and REST API now skip synchronous blocking
   optimization to prevent timeouts.
 * Performance: Lambda `/tmp` directory is now fully cleaned after each job (input
   + output files) to prevent storage leaks across warm invocations.
 * Performance: Presigned S3 download URLs extended from 15 minutes to 1 hour to
   support longer async processing jobs.
 * Fix: `get_usage` API endpoint now returns real usage data from DynamoDB instead
   of a hardcoded placeholder.
 * Fix: `image/gif` added to allowed upload content types for animated image support
   on paid plans.
 * Fix: Free-tier engine now respects the user-configured quality setting instead
   of hardcoding 80.
 * Fix: JWT session token expiry reduced from 7 days to 24 hours for improved security
   posture.
 * Compliance: All output variables pass `WordPress.Security.EscapeOutput` PHPCS/
   WPCS sniffs (confirmed zero violations).
 * Compliance: cURL streaming usage justified with `phpcs:disable` blocks and documented
   rationale.

#### 1.1.4

 * Fix: Addressed WordPress.org review feedback regarding strict late escaping for
   all output data.
 * Fix: Replaced raw `json_encode` with `wp_json_encode` to comply with WordPress
   Coding Standards.
 * Remove: Stripped Pro UI capabilities and Freemius gating from WordPress.org build.

#### 1.1.3

 * Fix: Freemius library conflict check.
 * Fix: Escaping inline CSS outputs.
 * Update: Added c0redump to Contributors list.
 * Update: Detailed External Services endpoint in readme.

#### 1.1.2

 * Fix: Replaced `rename()` function with `WP_Filesystem::move()` to comply with
   WordPress standards.
 * Fix: Added `smallpict.pot` template file to satisfy Domain Path requirement.

#### 1.1.1

 * Security: Improved output escaping and sanitization across settings and admin
   pages.
 * Security: Added direct file access protection to all remaining PHP files.
 * Fix: Removed development logging functions for cleaner production operation.
 * Fix: Standardized timezone handling to use `gmdate()`.
 * Fix: Replaced `unlink` with `wp_delete_file` for better filesystem compatibility.

#### 1.1.0

 * New: Fully managed SaaS architecture (Serverless).
 * New: Freemius integration for plans, billing, and quota management.
 * New: Strict backend validation for plan capabilities.
 * New: Added “Hard Reset” trigger for debugging localhost states (`?sp_reset_license
   =1`).
 * Improvement: Enhanced file handling with fallback strategies for Docker/NAS.
 * Improvement: Adaptive SSL verification for better compatibility.
 * Fix: Comprehensive cleanup of data during uninstallation.
 * Fix: Resolved “headers already sent” issues during activation.
 * Fix: UI synchronization for “Keep Original” format restrictions.

#### 1.0.0

 * Initial Release.
 * Serverless Image Optimization via AWS Lambda.
 * Freemius Integration for Licensing.
 * WebP Support.

## Meta

 *  Version **1.1.7**
 *  Last updated **mwezi 1 zilizopita**
 *  Active installations **Chini ya 10**
 *  WordPress version ** 5.8 au juu **
 *  Tested up to **6.9.4**
 *  PHP version ** 7.4 au juu **
 *  Language
 * [English (US)](https://wordpress.org/plugins/smallpict/)
 * Tags
 * [AVIF](https://sw.wordpress.org/plugins/tags/avif/)[compression](https://sw.wordpress.org/plugins/tags/compression/)
   [image optimization](https://sw.wordpress.org/plugins/tags/image-optimization/)
   [speed](https://sw.wordpress.org/plugins/tags/speed/)[webp](https://sw.wordpress.org/plugins/tags/webp/)
 *  [Advanced View](https://sw.wordpress.org/plugins/smallpict/advanced/)

## Ratings

No reviews have been submitted yet.

[Your review](https://wordpress.org/support/plugin/smallpict/reviews/#new-post)

[See all reviews](https://wordpress.org/support/plugin/smallpict/reviews/)

## Contributors

 *   [ c0redump ](https://profiles.wordpress.org/c0redump/)
 *   [ wam ](https://profiles.wordpress.org/wam/)

## Saidia

Got something to say? Need help?

 [Angalia Baraza ya Usaidizi](https://wordpress.org/support/plugin/smallpict/)