Optimal State – Advanced Optimization, Performance & Security Suite
Optimal State is a complete performance suite that does it all: database optimization, automated backups, page caching, brute force protection, 2FA, search & replace, and advanced cleanup. All in one lightweight plugin. Why pay for 4-6 separate plugins? Optimal State replaces WP Rocket, UpdraftPlus, WP‑Optimize, Perfmatters, Better Search Replace, Loginizer and more — saving you money, reducing conflicts, and simplifying your workflow. ▶ Live Interactive Demo | 📕 User Manual What Makes Optimal State Different? 🚀 All‑in‑One, Not a Collection of Features Unlike plugins that bolt on random features, Optimal State is engineered as a unified performance system. Every component works together, not against each other. 💰 Replace 6+ Premium Plugins Stop paying for multiple subscriptions. Get everything you need in one plugin: UpdraftPlus → Database backup & restore (with safety rollback) WP Rocket → Page caching, browser caching, performance tweaks WP‑Optimize → Database cleanup, table optimization, autoload optimization Better Search Replace → Serialization‑safe search & replace Perfmatters → Heartbeat control, emoji removal, header cleanup Loginizer → Brute force protection, IP blocking Plus → 2FA, legacy plugin scanner, integrity scanner, index manager 🔬 Built on Real Database Science Our proprietary health scoring algorithm (0–100) analyzes 3 key areas: Performance (40%), Cleanliness (35%), and Efficiency (25%). It tells you exactly what to fix and when. 🛡️ Enterprise‑Grade Safety Every destructive operation includes: – Automatic safety backup – Emergency rollback system – Zero‑downtime restore (temp table swap) – Database validation before restore – Maintenance mode during critical ops What You Can Do With Optimal State 🗄️ Database Optimization – One‑click optimization cleans 20 types of database bloat in seconds – Real‑time health score (0‑100) shows your database condition at a glance – Table defragmentation recovers wasted disk space – Autoload optimization speeds up every page load (critical for TTFB) – Table repair fixes corrupted tables automatically – Legacy plugin scanner removes ghost data from uninstalled plugins – Delete unused tables safely (with protection for active plugins) 💾 Backup & Restore – Create GZIP‑compressed database backups with integrity checksums – Restore any backup with automatic safety rollback – Keep up to 10 backups with automatic rotation – Upload and restore external backups (up to 5GB) – Zero‑downtime restore using temporary table technology – Protected backup directory prevents unauthorized access ⚡ Caching System – Server‑side page caching delivers lightning‑fast HTML – Browser caching with automatic .htaccess rules (Apache) – Database query caching for Redis/Memcached – Mobile‑specific cache for separate mobile layouts – Smart cache preload from sitemap – GDPR‑compliant cookie detection (supports 20+ consent plugins) – Intelligent auto‑purge on content updates 🔍 Search & Replace – Serialization‑safe — handles PHP serialized data correctly – Dry run mode previews all changes before execution – Table‑specific operations for targeted updates – Partial or whole‑word matching – Essential for domain migrations 🎛️ Performance Features – Bad bot blocker blocks resource‑hungry crawlers – Font loading optimization eliminates render‑blocking fonts – Lazy load images and iframes – Heartbeat API control reduces server load by 60%+ – Post revisions limit (save 30‑50% database space) – Trash auto‑empty after X days – Disable XML‑RPC (block brute force attacks) – Remove emoji scripts (save 12KB per page) – Clean WordPress headers (hide version, RSD, WLW, shortlinks) 📊 Analytics & Monitoring – PageSpeed Insights integration (Core Web Vitals) – Performance metrics dashboard – Detailed database statistics – Activity log (last 250 operations) – Track optimization impact over time ⏰ Automation – Schedule daily, weekly, or monthly optimization – Email notifications with detailed reports – Custom time selection (run during low traffic) – Combined backup + cleanup operations 🔒 Security – Emergency rollback on restore failure – Maintenance mode during critical operations – Database validation before restore – User access control (restrict plugin to specific admins) – Settings export/import – Brute force protection for login page – IP number blocker (block entire site access) – Two‑Factor Authentication (2FA) Perfect For 🛒 E‑commerce Stores – WooCommerce session cleanup, Action Scheduler optimization, order transient removal, product index optimization 📝 High‑Traffic Blogs – Revision control, comment spam removal, transient cleanup, cache preload 🏢 Agencies & Developers – Staging/production migrations, bulk cleanup, settings export/import 🔒 Membership Sites – User metadata optimization, scheduled maintenance, login protection 🌐 Any WordPress Site – Slow admin, bloated database, poor performance, or security concerns Replaces These Popular Plugins UpdraftPlus → Backup & Restore WP Rocket → Caching & Performance WP Super Cache → Page Caching WP-Optimize → Database Cleanup Better Search Replace → Database Search & Replace Perfmatters → Performance Optimization Heartbeat Control → Heartbeat Management WP Revisions Control → Revision Limits Clearfy → Performance Tweaks Advanced Database Cleaner → Deep Database Cleanup Autoptimize → Performance Features Loginizer → Login Page Protection What Makes Optimal State Different? Unlike WP-Optimize: We include professional backup/restore and advanced caching—not just basic cleanup. Unlike UpdraftPlus: We optimize your database for performance, not just backup. Backups are 40-60% smaller due to optimization. Unlike WP Rocket: We tackle the root cause (database bloat) instead of just caching around the problem. Combined approach = better results. Unlike Perfmatters: We provide complete database management, automated backups, and intelligent cleanup—not just toggle switches. Unlike Loginizer: We provide a user-friendly, straightforward control panel that requires no technical expertise. The Optimal State Advantage: One plugin, one interface, one optimization strategy. No conflicts, no compatibility issues, no subscription fatigue. Technical Specifications Minimum Requirements: WordPress 5.5+, PHP 7.4+ Tested Up To: WordPress 7.0 Server Compatibility: Shared hosting, VPS, dedicated, cloud (AWS, DigitalOcean, etc.) Hosting Compatibility: Bluehost, SiteGround, WP Engine, Kinsta, Cloudways, all major hosts Multisite: Not currently supported Database Support: MySQL 5.6+, MariaDB 10.1+ Cache Support: Redis, Memcached, APCu compatible External Services and Resources Optimal State utilizes the following third-party services and open-source libraries to enhance functionality and user experience: Google PageSpeed Insights API – Performance measurement tool that analyzes web page content and generates suggestions to make that page faster. The plugin’s PageSpeed integration uses this API to fetch and display Core Web Vitals metrics and optimization opportunities. When you use the PageSpeed feature, your site URL is sent to Google’s servers for analysis. Use of this API is subject to Google’s Terms of Service and Privacy Policy. API Documentation: https://developers.google.com/speed/docs/insights/v5/get-started Terms of Service: https://developers.google.com/terms Privacy Policy: https://policies.google.com/privacy GTranslate Widget – Website translation service that provides automatic language translation functionality. The plugin loads the GTranslate popup widget from cdn.gtranslate.net to enable multi-language support in the admin interface. When the widget is loaded, it may connect to GTranslate’s servers to provide translation services. Use of this service is subject to GTranslate’s Terms of Service and Privacy Policy. Service Website: https://gtranslate.io/ Terms of Service: https://gtranslate.io/terms-and-conditions Privacy Policy: https://gtranslate.io/privacy-policy Note: The PageSpeed Insights feature is optional and only activates when you manually request a performance analysis. No data is sent to external services without your explicit action. Credits Developed by Luke Garrison Icons by Dashicons (WordPress Core) Performance metrics based on Google PageSpeed Insights Contributing: Interested in contributing to Optimal State? Feature requests, bug reports, and code contributions are welcome. Visit our support page for contribution guidelines. Support and Documentation Getting Help User Manual: Comprehensive documentation built into the plugin (user manual included) FAQ Section: Common questions answered in detail Live Demo: Interactive preview to explore features before installation Email Support: Priority support for Pro version users Useful Links Live Interactive Demo Support Page User Manual Feature Requests We actively develop Optimal State based on user feedback. If you have a feature request or enhancement idea, please contact us through the support page. Many current features were implemented based on user suggestions.
Top keywords
- database22×1.82%
- optimization16×1.32%
- performance15×1.24%
- page13×1.07%
- caching11×0.91%
- cleanup11×0.91%
- restore11×0.91%
- optimal10×0.83%
- optimal state10×0.83%
- state10×0.83%
- backup9×0.74%
- support9×0.74%
Sitevorx
Sitevorx is a lightweight, all-in-one WordPress plugin that helps you optimize performance, harden security, and manage your website from a single, modern dashboard. No bloat, no external dependencies — just the tools you need. Security Center (NEW in 1.1.0) Security Score Dashboard: A single 0–100 score that summarizes the hardening state of your site, with prioritized recommendations. Core Integrity Checker: Compares every WordPress core file against the official api.wordpress.org MD5 checksums to detect modified, missing, or extra files. HTTP Security Headers: One-click enable X-Content-Type-Options, X-Frame-Options, Referrer-Policy, and Permissions-Policy on the frontend. Login Honeypot: Invisible bait field on wp-login.php that silently rejects spam bots without affecting real users. User Enumeration Protection: Blocks ?author=N probing and the public REST /wp/v2/users endpoint for non-logged-in visitors. Login Notification: Emails the administrator whenever an account with manage_options logs in successfully (1-hour cooldown per IP). Login Attempt Limiter: Lock out IPs after repeated failed login attempts, with configurable threshold, lockout duration, and IP allowlist. Secret Login URL: Hide the default wp-login.php behind a custom keyword. Google reCAPTCHA v2 / v3: Protect the login form from bots, with a configurable v3 score threshold. Disable XML-RPC and Disable File Editor: Block DDoS / brute-force vectors and stop code editing from the dashboard. Speed Optimization Heartbeat Throttle: Slows the Heartbeat API to 60 seconds instead of disabling it, preserving autosave and post-locking. System Tweaks: Lazy load images, limit post revisions, allow safe SVG uploads (with XXE-hardened sanitizer). Database Cleanup: Remove revisions, spam comments, and expired transients in one click. Malware Scanner: Scan your entire codebase and database for suspicious injections. SMTP Configuration Send emails via Gmail (App Password) or a custom SMTP server (SSL/TLS). Built-in Test Email sender. Email delivery log with success/failure tracking. Force From Name and From Email to prevent address drift. Website Utilities Inject tracking codes in Header/Footer (Google Analytics, Facebook Pixel, etc.). Content Protection: Disable right-click, text selection, and drag-and-drop. Maintenance Mode: Display a professional “under construction” page to visitors. Custom Login Logo: Replace the WordPress logo on the login screen with your own brand. Disk Space Manager Recursively scan your hosting for large files (>50 MB). Auto-categorize files (backups, error logs, large media). Bulk delete to free up disk space instantly. Floating Contact Buttons Phone Hotline button with animated icon. Zalo chat button (auto-opens Zalo app). Messenger chat button (m.me deep link). Fully responsive floating widget in the corner of your site. Import / Export Settings Export all Sitevorx settings as a JSON file. Import settings from another site in one click. Reset all settings to factory defaults. Scheduled Cleanup (WP-Cron) Automatic cleanup: daily, twice daily, or weekly. Clears temp files, auto-drafts, spam, and optimizes database tables. Activity log showing the last 20 cleanup runs. Maintenance & Update Monitor Track plugins and themes that need updating. Check WordPress core, PHP version, SSL status, and WP_DEBUG. Maintenance health score with actionable recommendations. Server Info View Web Server, PHP, MySQL, and WordPress versions at a glance. PHP limits: memory, execution time, input vars, upload size. List all loaded PHP extensions. Database size monitoring. External Services Google reCAPTCHA (v2 and v3) Sitevorx can optionally integrate with Google reCAPTCHA (v2 checkbox or v3 invisible / score-based) to protect the WordPress login form. This feature is disabled by default and only works when an administrator explicitly enables it, selects a version, and provides valid Google-issued API keys. When enabled, the plugin loads the Google reCAPTCHA JavaScript on the login screen and sends the generated verification token to Google’s verification endpoint (https://www.google.com/recaptcha/api/siteverify) during login validation. For v3, the configurable score threshold (filter sitevorx_recaptcha_v3_score_threshold, default 0.5) is compared against Google’s returned score. This service is provided by Google: * Service URL: https://www.google.com/recaptcha/ * Verification endpoint: https://www.google.com/recaptcha/api/siteverify * Terms of Service: https://policies.google.com/terms * Privacy Policy: https://policies.google.com/privacy WordPress.org Core Checksums API The Security Center → Kiểm Tra Toàn Diện → WordPress Core Integrity check (off by default; runs only when the admin clicks “Kiểm tra”) fetches the official MD5 checksums for the installed WordPress version from WordPress.org so it can flag modified or missing core files. Verification endpoint: https://api.wordpress.org/core/checksums/1.0/ Request payload: only the installed WordPress version string (e.g. 6.4.2) and the locale en_US. No site URL, user data, or content is sent. Operated by: WordPress.org Terms of Service: https://wordpress.org/about/privacy/ Highlights All-in-one: Replaces 5-7 single-purpose plugins (SMTP, Security, Optimization, Cleanup, Maintenance). Modern UI: Gradient banners, collapsible sidebar, toast notifications, fully responsive. Secure by design: Nonce verification, input sanitization, CSRF protection, prepared database queries. Lightweight: Modular architecture — only loads what you use. Zero frontend impact. No Composer or NPM required. Localized: Full Vietnamese (vi) translation included via .po/.mo files.