Performance & Security
A self-hosted site manager’s toolkit: the security hardening, performance tuning, admin cleanup, content controls and email handling you’d otherwise install half a dozen micro-plugins for — as independent modules on a single settings page (Settings → Site Toolkit). Every module is off by default and registers no hooks while disabled, so the plugin changes nothing until you opt in. 🔐 Security — disable XML-RPC, hide the WordPress version, disable user enumeration (author scans, sitemaps, oEmbed, author archives), block the REST users endpoint, disable the file editors, block readme/license files, security headers (with optional HSTS), disable application passwords, session management, and an admin audit log. 🔓 Login Page — change the login URL, login rate limiting, hide detailed login errors, username-only sign-in, disable the language switcher, record each user’s last login, and login screen branding (use your site identity automatically or a custom logo from the media library). 🚀 Performance — control autosave and post revisions, remove asset version query strings, throttle the Heartbeat API, remove wp_head bloat and generator tags, dequeue unused default assets (emoji, jQuery Migrate, Block Library CSS), disable self-pings, scheduled database maintenance, DNS prefetch/preconnect hints, and manage generated image sizes. 🛠️ Admin / UX — hide the front-end toolbar, change the WordPress greeting, replace the account menu with a logout button, dashboard widget manager, custom admin footer, maintenance mode, media library user isolation, environment indicator, suppress update notices on non-production, trim the WordPress toolbar menu, and an “All Settings” menu item. 📝 Content & Editorial — customize excerpts, disable the block editor per post type, disable trackbacks, targeted comment controls (media comments, plain-text links, minimum length), disable comments entirely, disable oEmbed, and restore the Links Manager. 📧 Email & Notifications — disable selected notification emails, and redirect or block all outgoing email on non-production environments. If you have further suggestions, please contact us via the plugin support page. If this plugin is useful for managing your WordPress settings, please leave a review. Developed by JMR.codes.
Top keywords
- disable11×3.46%
- login6×1.89%
- block5×1.57%
- admin4×1.26%
- settings4×1.26%
- wordpress4×1.26%
- email3×0.94%
- hide3×0.94%
- library3×0.94%
- manager3×0.94%
- media3×0.94%
- menu3×0.94%
DietPress
DietPress puts your WordPress on a diet and speeds it up. It pairs a complete set of performance optimizations (the ones that used to ship in “Zero Config Performance Optimization”) with a clean, risk-based interface to disable the WordPress features you do not use. Everything is configurable, and the performance optimizations are already on by default, so you can simply activate and enjoy a faster site, or fine-tune every detail. Coming from “Zero Config Performance Optimization”? This is the same plugin, now called DietPress and fully configurable. All your previous optimizations stay active by default; you just gained a settings page and a whole new set of WordPress-diet options. By default WordPress loads functions, services and scripts that most sites do not need. They slow down loading times and consume hosting resources. DietPress lets you trim that fat and apply battle-tested performance tweaks, with a clear description of what each option does and what might break, organized by risk level so you always know what is safe. TWO THINGS IN ONE PLUGIN 1. Performance optimizations (on by default) Automatic Critical CSS inlined in the head (optional experimental deferral of non-critical CSS) JavaScript defer parsing with smart dependency handling Image loading attributes safety net: lazy loading, decoding=async and fetchpriority for images that bypass core Automatic image dimensions for better CLS scores (including picture elements) Resource hints: preconnect and DNS prefetch for common third-party origins Theme stylesheet, critical fonts and logo preloading for a faster LCP Google Fonts display=swap RSS feed optimization (cache headers and item limit) Server rules in .htaccess: browser caching, GZIP and Brotli compression, immutable cache headers, CORS for fonts and keep-alive (master switch plus per-feature toggles) Database maintenance: daily expired-transient cleanup and safe query optimizations 2. Put WordPress on a diet (risk-based, opt-in) Light (safe for any site): emojis, RSD/WLW tags, shortlinks, self-pingbacks, comment pagination, and more Moderate (evaluate first): oEmbed, jQuery Migrate, Dashicons on the frontend, Global Styles and Duotone, remote block patterns, avatars and Gravatar, comment threading, and more Strict (site-specific): granular RSS feed control, Heartbeat API mode, post revisions and autosave, disable comments, XML sitemap, native lazy loading/fetchpriority, content types, and more Widgets: dashboard widgets (including third-party ones from Yoast, WooCommerce, Elementor, Jetpack, Wordfence, Rank Math, Gravity Forms), classic sidebar widgets, block-editor widgets and the Customizer Emails: silence the automatic emails WordPress sends on its own, grouped by area: auto-update results for core, plugins and themes (plus the new-version notice), comment moderation and new-comment notices, and new user, password and email-change notices, plus toggles for the admin email verification prompt and post-by-email. Every option is off by default, and critical notices such as a failed core update are always kept SCALE, PROFILES AND ANALYZER Savings indicator: HTTP requests removed, CSS/JS saved and active optimizations at a glance Quick profiles: Personal Blog, WooCommerce Store, Landing Page and Maximum Cleanup Site analyzer: personalized recommendations based on your active plugins and content Import and export your whole configuration as a JSON file COMPATIBILITY AND EXTENSIBILITY The plugin includes filters for developers: dietpress_critical_css – Customize the inline critical CSS dietpress_critical_css_handles – Define which CSS handles are critical dietpress_skip_defer_script_handles – Opt scripts out of the JavaScript defer dietpress_skip_defer_style_handles – Opt stylesheets out of the CSS deferral dietpress_preconnect_hints – Customize preconnect origins dietpress_dns_prefetch_domains – Customize DNS prefetch domains dietpress_critical_fonts – Define critical fonts to preload Compatible with: Well-coded themes and page builders (Divi, Elementor, Beaver Builder, Gutenberg) Cache plugins (WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, etc.) Security plugins (DietPress focuses on performance and deliberately leaves security to them; we recommend our free Vigilant) CDNs (Cloudflare, StackPath, KeyCDN, etc.) thanks to CORS and Vary headers WordPress Multisite HOW TO VERIFY THE OPTIMIZATIONS Cache rules: check your .htaccess for a block marked # BEGIN DietPress with immutable Cache-Control headers Logo preload: view page source and look for pointing to your logo Critical CSS: view source and look for in the head Compression: test at giftofspeed.com/gzip-test Always measure with tools like Google PageSpeed, GTMetrix or WebPageTest, and run each test at least twice to account for caching. Support Need private support or custom development? Do you need one-on-one help, priority troubleshooting, or a custom feature, integration, or tweak built specifically for your site? I offer private support and custom development. Just contact me and tell me what you need. Need help or have suggestions? Official website WordPress support forum YouTube channel Documentation and tutorials Love the plugin? Please leave us a 5-star review and help spread the word! About AyudaWP We are specialists in WordPress security, SEO, AI and performance optimization plugins. We create tools that solve real problems for WordPress site owners while maintaining the highest coding standards and accessibility requirements.