The Off Switch (formerly WP Avoid Slow)
WordPress prioritises backwards compatibility. That’s a feature. It also means every install ships with things you didn’t ask for. An emoji CDN script. An oEmbed script. A Windows Live Writer manifest (discontinued 2017). Dashicons loaded for logged-out visitors. Heartbeat polling every 15 seconds. A version tag that tells the world exactly which WordPress you’re running. None of these are bugs. They’re just not needed on most sites. Disable what you don’t need. Keep what you do. The Off Switch lets you disable each one, individually. One screen, every switch A live counter shows how many switches are on. A sticky bar keeps Save, the filter, and state chips (All / On / Off / Changed / New) in reach while you scroll. Changed switches are highlighted until you save, and an “unsaved changes” pill shows exactly what you’ve flipped before you commit. Jump between sections with live per-section counts, or copy a WP-CLI command that replicates your whole configuration on another site. Every switch card states what it removes, what it saves, and what to watch out for. All 104 switches were functionally verified against a live WordPress 7.0 install for this release. Bloat Remover Emoji script – ~15 KB + 1 HTTP request. Browsers handle emoji natively. Embed script – ~4 KB + oEmbed discovery links in . RSD link – Really Simple Discovery. Only needed for legacy XML-RPC clients. WLW manifest – Windows Live Writer has been discontinued since 2017. WordPress 6.3 removed this link from core — the switch matters on WordPress 6.2 and older. WP version tag – Stops advertising your WordPress version to the world. Shortlink – Removes from and HTTP headers. Search engines ignore it. Asset query strings – Strips ?ver= from scripts, styles, and WP 6.5+ Script Modules so CDNs and proxies cache correctly. XML-RPC – Closes a common brute-force attack vector. XML-RPC Kill Requests – Goes further than disabling: hard-kills any incoming xmlrpc.php request with a 403 before WordPress loads at all. Heartbeat API – Reduces admin polling from every 15 s to every 60 s. Dashicons (frontend) – ~35 KB (CSS + font) saved for every logged-out visitor. REST API Discovery Link – Removes from . Safe to remove on standard sites. RSS Feed Links – Removes feed autodiscovery tags from . Modern browsers no longer act on them. Leave enabled if you publish an RSS feed. Speculation Rules (WP 6.8+) – Disables the WP 6.8+ Speculation Rules API that prefetches links before users click. Can inflate analytics, increase server bandwidth, and trigger consent flows on unfetched pages. Disable All Feeds – Redirects all RSS and Atom feed URLs to the homepage. For sites with no RSS subscribers. Comment Auto-Links – Stops WordPress from converting plain-text URLs in comments into clickable links. Editor Autosave – Deregisters the autosave script that POSTs editor content to the server every 60 seconds. For teams that prefer explicit saves. DNS Prefetch – Removes all hints from . Redundant when Emojis and Embeds are already disabled. Recent Comments Inline CSS – WordPress outputs a small inline block in whenever the Recent Comments widget is active. Remove it if your theme already styles the widget. Script & Style Control jQuery Migrate – ~30 KB. Modern themes don’t need it. Block Library CSS – ~7 KB loaded on every page, even with no Gutenberg blocks. Global Styles (theme.json CSS) – 10-50 KB inline CSS from block themes. SVG Duotone Filters – Hidden SVG blob injected on every page, even with no duotone images. WordPress 6.3 made duotone output on-demand — the switch matters on WordPress 6.2 and older. Script/Style type attributes – type="text/javascript" and type="text/css" are redundant in HTML5. Defer non-critical JavaScript – Adds defer so scripts don’t block HTML parsing. jQuery is never deferred. Move scripts to footer – Relocates enqueued scripts from to just before . jQuery is never moved. Template Output Buffering (WP 7.0) – Since WordPress 7.0, classic themes get every frontend page buffered in memory in full and re-parsed before a single byte reaches the visitor, so late-printed block styles can be hoisted into . Turning the buffer off restores streamed output for faster TTFB and lower peak memory. Block themes are unaffected. WordPress Behaviour Tweaks Self-pingbacks – WordPress pings your own posts when you link between them – a wasted HTTP request that creates an unwanted comment on the target post. Capital P filter – WordPress corrects “WordPress” to “WordPress” on every rendered string. Remove if you don’t need the autocorrect. Limit post revisions – WordPress stores unlimited revisions per post. Caps revisions at 3 to prevent silent database growth on active editorial sites. Attachment pages – WordPress creates a full template page for every uploaded file. These waste crawl budget on most sites. Sends a 301 redirect to the parent post instead. Comments – Closes all comments and pingbacks site-wide, hides existing comments on the frontend, and removes comment-related UI from wp-admin (Comments menu, admin bar node, dashboard widget). Enable only if your site does not use comments. Search – Redirects all WordPress search queries (/?s=) to the homepage with a 301, preventing bots from triggering repeated database queries. Also removes search forms rendered via get_search_form(). Hardcoded forms in theme templates are not affected. oEmbed Provider – WordPress registers a REST endpoint at /wp-json/oembed/1.0/embed so other sites can embed your content via the oEmbed protocol. Remove it if you don’t want your content embeddable externally. Does not affect your ability to embed others’ content. Post via Email – Removes the Post via Email configuration from Writing Settings and disables the feature. Almost no modern site uses email-to-post. Update Services (Ping-o-Matic) – Removes Update Services from Writing Settings and stops outbound pings to weblog ping services on every published post. Native XML Sitemap (WP 5.5+) – Disables WordPress’s built-in XML sitemap generator. Most sites use external SEO plugins (Yoast, Rank Math) for sitemaps instead. Removes unnecessary redirects and reduces crawl overhead (default OFF). oEmbed Auto-Embed – Disables WordPress from regex-scanning post content for [embed] shortcodes and oEmbed patterns on every frontend page load. For sites that do not embed external content, removing this filter saves processing overhead (default OFF). Database & Query Expired Transients – Schedules a daily cleanup of expired transient rows in wp_options. Useful on low-traffic sites where WP-Cron can go days without firing. Abandoned Auto-Drafts – WordPress creates an auto-draft every time the post editor opens. Abandoned sessions leave these rows permanently. Runs a daily sweep to delete auto-drafts older than 30 days. Skip Row Count on Singles – On every single post or page, MySQL runs SQL_CALC_FOUND_ROWS to count total matching rows – a full index scan only needed for paginated archives. Removes that sub-query on all singular views. Adjacent Post Links – Older WordPress queries the previous and next post on every single post page to output in — two extra DB queries per page load. Google dropped support for these hints in 2019, and modern WordPress no longer outputs them; the switch matters on older installs. Reduce Trash Retention – WordPress keeps trashed items for 30 days before permanent deletion. A daily sweep permanently deletes posts and comments trashed more than 7 days ago, keeping wp_posts leaner on active editorial sites without affecting normal recovery workflows. Image Performance Google Fonts display:swap – Without font-display:swap, the browser hides text while your Google Font downloads (FOIT). Adds display=swap to every Google Fonts URL so visitors see text immediately. Add missing image dimensions – Images without width and height attributes cause layout shifts (CLS). Reads dimensions from attachment metadata and injects them automatically. LCP image priority – Adds fetchpriority="high" to the first content image so the browser loads it before lower-priority resources. Adds fetchpriority="low" and decoding="async" to all others. Lazy load images – Adds loading="lazy" to images below the fold. The first image is never lazy-loaded – it is the LCP candidate and must load immediately. Disable PDF thumbnails – WordPress generates thumbnail previews for every uploaded PDF when ImageMagick is available. Rarely used on the frontend; adds significant upload processing time. Disable scaled images – WordPress 5.3+ creates a downsized -scaled copy of any image whose longest side exceeds 2560 px on upload. On most sites this extra file is never served. Disabling it stores the original as-uploaded. Applies to new uploads only. Disable extra image sizes – WordPress 5.3 added 1536×1536 and 2048×2048 intermediate sizes to every image upload. These oversized copies are rarely requested and waste disk space. Theme and plugin image sizes are not affected. Applies to new uploads only. Security & Admin Hardening Block User Enumeration – WordPress redirects ?author=1 to /author/username/, exposing registered usernames. Intercepts those requests and redirects to the homepage before the username is revealed. Disable Author Archives – Redirects all /author/username/ pages to the homepage. For sites with no author profile pages. Disable File Editor – Defines DISALLOW_FILE_EDIT to remove the plugin and theme code editor from wp-admin. Eliminates a code-injection surface a compromised admin account could exploit. Disable Application Passwords – Removes the Application Passwords UI and stops all tokens from being accepted. For sites that don’t use REST API or XML-RPC integrations. Suppress Admin Email Check – Disables the periodic full-screen prompt asking admins to confirm their email address. One less interruption, no functional change. Remove X-Pingback Header – Strips X-Pingback: from every HTTP response, stopping the site from advertising its XML-RPC endpoint URL to scanners. Clean Admin Bar – Removes the WordPress logo dropdown, the duplicate “Visit Site” link, and the admin bar search for a less cluttered editing environment. Hide Update Nag for Non-Admins – Hides the core update notice from editors and contributors who cannot action it. Administrators still see it normally. Restrict REST API to Logged-In Users – The REST API is publicly accessible by default, allowing unauthenticated enumeration of posts, users, and other data. Restricting access to authenticated users reduces the attack surface. Will break public REST consumers such as headless frontends. Redirect Unauthenticated Admin Access – By default, visiting /wp-admin/ without being logged in redirects to the login page, confirming a WordPress admin area exists. This redirects unauthenticated requests to the homepage instead, reducing information disclosure to scanners. AJAX, Cron, WP-CLI, and admin-post.php requests are never affected. Hide Author Sitemap – WordPress 5.5 added a built-in XML sitemap that includes a users file listing the author archive URL for every user with published posts — up to 2,000 usernames, publicly accessible. Removes the users entry from the sitemap index entirely (WP 5.5+, default ON). Remove X-Redirect-By Header – WordPress 5.1+ adds an X-Redirect-By: WordPress header on every redirect, openly advertising that the site runs WordPress. Removes it from all redirects (default ON). Hide PHP Version Header – PHP sends an X-Powered-By: PHP/x.x.x header on every response, exposing your exact PHP version to every visitor and scanner. Removes it from all responses (default ON). Generic PHP Error Messages – WordPress fatal error messages can include internal file paths and line numbers. Replaces them with a generic response that reveals nothing about server structure (default ON). Hide Admin Bar on Frontend – Removes the WordPress admin toolbar from the public-facing site for all logged-in users. Reduces frontend CSS/JS overhead for logged-in sessions (default OFF). Remove Dashboard Welcome Panel – Removes the “Welcome to WordPress” panel from the dashboard home screen for all users (default OFF). Remove Default Dashboard Widgets – Removes four default dashboard widgets including WordPress Events and News, which makes an outbound HTTP request to api.wordpress.org on every dashboard load (default OFF). Remove Admin Footer Text – Removes the “Thank you for creating with WordPress” text and WordPress version number from the wp-admin footer (default OFF). Disable REST Users Endpoint – WordPress’s REST API exposes /wp-json/wp/v2/users publicly, returning usernames and slugs for all users with published posts. Removes this endpoint for unauthenticated requests only — Gutenberg and plugins that need it while logged in are unaffected (default ON). Disable Email Change Notifications – WordPress sends emails to users when their email address or password changes. On agency-managed sites these are noise. Suppresses both notification types (default OFF). Disable Auto-Update Emails – WordPress emails after every automatic core, plugin (WP 5.5+), and theme (WP 5.5+) update. On sites where auto-updates are routine these arrive constantly (default OFF). Auto-Update Emails: Errors Only – A middle ground: suppresses core auto-update success emails only. Failure emails still arrive so you know when action is needed (default OFF). Skip Bundled Themes on Upgrade – Defines CORE_UPGRADE_SKIP_NEW_BUNDLED to stop WordPress installing a new default theme on every core upgrade. Existing themes are not affected (default OFF). Disable Site Health – Disables WordPress Site Health checks entirely. Site Health runs a 12-hour background cron job and makes REST API calls on every admin page load, fetching a list of ~20 WordPress.org API endpoints. On managed hosting with automated updates, these checks are redundant and add unnecessary server load (default OFF). WordPress 7.0 Off switches for the new subsystems WordPress 7.0 turns on by default. AI Support – WordPress 7.0 ships a built-in AI client framework that initialises on every request. Filters wp_supports_ai to false so the AI subsystem never bootstraps — no providers, no AI REST surface, no AI options on the Connectors page. Connectors Registry – WordPress 7.0 initialises a connector registry on every request, frontend included, registering the bundled Akismet connector and any AI providers. Skips registry initialisation entirely on sites that use no connectors. Core AI Abilities – Stops WordPress from registering its built-in AI abilities (site info, user info, and more) when the Abilities API registry is first used. Completes the AI off switch. Abilities REST API – Removes the wp-abilities/v1 REST namespace (list, categories, and run endpoints) that exposes server-side abilities to REST clients. Icons REST Endpoint – Removes the /wp/v2/icons endpoints that serve SVG icon data to the block editor icon picker. AI Connectors Page – Removes the Connectors submenu from Settings, hiding the AI provider configuration page. Admin View Transitions – Removes the CSS View Transitions stylesheet WordPress 7.0 enqueues on every wp-admin screen, restoring instant admin navigation. Command Palette – Removes the ⌘K / Ctrl+K command palette: the admin bar trigger button and the JS bundle enqueued on every wp-admin page. Block Editor Remote Block Patterns – WordPress fetches patterns from api.wordpress.org on every editor load. …
Top keywords
- wordpress58×2.45%
- removes26×1.10%
- default22×0.93%
- admin16×0.68%
- off16×0.68%
- sites16×0.68%
- page14×0.59%
- rest14×0.59%
- wp14×0.59%
- api13×0.55%
- disable13×0.55%
- post13×0.55%
ZenPress
ZenPress is a lightweight, high-performance plugin that improves your WordPress and WooCommerce sites through a range of supportive actions. Combined with Cache Enabler, Autoptimize and SQLite Object Cache, you can use ZenPress as a reliable, free alternative to major premium performance plugins. By integrating directly into the WordPress core interface, ZenPress provides a simpler experience without the need for complex custom dashboards. You can improve your site’s performance and security without ads, pro versions, or database clutter. Why choose ZenPress? Use curated settings presets to help you optimize your site instantly. Experience deep integration with the WordPress core interface for a lightweight, familiar experience. Choose a free, reliable alternative to premium performance plugins. Keep your site fast and clean by disabling unused features. Harden your security by turning off unused features and protecting weak spots. Reduce bloat from third-party plugins. Enjoy an ultra-lightweight and future-proof design. Features ZenPress includes the following features: Dashboard Settings Navigate easily between categories like Core, Gutenberg, and WooCommerce using a structured tabbed interface. Identify features quickly with visual icons organized by Performance, Security, and User Interface. Select from three ready-to-use presets: Corporate, Blog, or E-commerce: each optimized for your specific site type. Understand every choice with concise descriptions that explain the benefits to your site. Use a fully accessible interface that includes ARIA-compliant tabs and full keyboard navigation support. Benefit from a design that matches the WordPress core look and feel, supporting the latest block editor features. Core Settings Block user enumeration. Clean up the admin bar. Disable “WordPress” spelling correction. Disable all feeds (RSS, Atom, comments). Disable application passwords. Disable author archives. Disable autosave (classic editor). Disable Dashicons (admin icons). Disable default lazy loading for images. Disable DNS prefetch. Disable jQuery Migrate script. Disable login language selector. Disable oEmbed. Disable password strength meter. Disable PDF thumbnails. Disable pingbacks and trackbacks. Disable prev/next post links in head. Disable shortlink. Disable Windows Live Writer link. Disable WordPress emoji scripts and styles. Disable XML-RPC and RSD link. Hide WordPress version. Limit post revisions to 10. Limit REST API to logged-in users. Remove “Thanks for using WordPress” from footer. Remove Help tab. Remove REST API links from page source. Remove WordPress logo from admin bar. Gutenberg Settings Disable default pattern categories in Site Editor. Load block styles separately. Remove WordPress default block patterns. WooCommerce Settings Disable Stripe scripts on product and cart pages. Disable WooCommerce cart fragments. Disable WooCommerce scripts and styles on non-shop pages. Disable WooCommerce widgets. Hide WooCommerce version. Remove WooCommerce default block patterns. Ads-blocker Settings Clean up the Dashboard. Tools Settings Protect login from brute force. Show cache actions in admin bar. Integrations ZenPress integrates with Cache Enabler, Autoptimize, and SQLite Object Cache. When any of these plugins is active, the Tools tab shows integration status and one-click autoconfig actions. Admin bar: Adds a ZenPress menu to the admin bar with “Clear all caches” and options for each active cache (page, static files, object cache). Only appears when Cache Enabler, Autoptimize, or SQLite Object Cache is active. Hides those plugins’ own admin bar buttons. Autoptimize: Minify JS and CSS, combine CSS, static file caching, 404 fallbacks. Cache Enabler: Clear cache on content changes, WebP, compression, minify HTML. SQLite Object Cache: Enable “Use APCu” in the plugin if available. Presets Corporate website: For business sites and portfolios. Focuses on security, performance, and removing unused features like RSS and author archives. Blog: For content-focused blogs. Keeps RSS and other blog features while improving performance and security. E-commerce: For WooCommerce stores. Performance and security plus WooCommerce optimizations for faster checkout. Accessibility You can navigate the dashboard with confidence using an interface built to WCAG 2.1 AA accessibility standards. Move through settings efficiently using only your keyboard; we fully support the use of Tab, Arrow keys, Home, End, and Enter for all interactions. Experience faster navigation with automatic tab activation, which displays panels immediately as you move focus between sections. Always identify your position on the page through highly visible focus indicators on every interactive button and link. Every element is optimized for screen readers and assistive technologies with descriptive ARIA labels to provide clear context for every setting. Roadmap Use new Gutenberg Icon component for categories & subcategories icons instead of Dashicons. Additional presets for specific use cases. Documentation pages with detailed guides. Manage Heartbeat API (frontend + backend + admin whitelist). Remove “site health” page. Remove “Privacy tools”. Disable WooCommerce tracking. Disable marketing hub. Disable dashboard setup widget. Disable new product editor. Disable WooCommerce blocks. Disable WooCommerce promo emails. Disable CF7 CSS & JS. Disable Elementor bloat. Disable WP Bakery bloat. Disable Divi bloat. Disable Yoast SEO bloat. Disable Jetpack bloat. Disable Updraft bloat. Privacy Statement ZenPress is private by default and always will be. It does not store any data. It does not send data to any third party, nor does it include any third party resources. Accessibility Statement ZenPress aims to be fully accessible to all of its users.