Comprehensive WordPress performance optimization and security hardening plugin

WordPress out-of-the-box includes numerous features that most sites don't need:

• Excessive HTTP requests for scripts and styles
• Hundreds of unnecessary database queries
• Bloated wp_head output with meta tags, feeds, and generator tags
• Constant update checks for core, plugins, and themes
• Inefficient media handling and image size generation
• Missing input sanitization and security hardening

Result: Slower page loads, higher server costs, security vulnerabilities, poor user experience.

WP Performance is a comprehensive must-use plugin that:

• ✅ Eliminates bloat - Removes 50+ unnecessary WordPress features
• ✅ Optimizes queries - Reduces database calls by 30-50%
• ✅ Enhances security - Adds input sanitization and hardening
• ✅ Zero configuration - Works out-of-the-box
• ✅ Production-tested - Battle-tested on high-traffic sites
• ✅ Modern codebase - PHP 8.2+, PSR-4, comprehensive quality tooling

Script & Style Management (Enqueue Module)

• Remove WordPress version from scripts and styles
• Disable emoji scripts and styles
• Remove DNS prefetch for s.w.org
• Clean up script/style tags
• Optimize jQuery loading

Database Query Optimization (WPQuery Module)

• Optimize WP_Query with smart caching
• Reduce term count queries
• Optimize post meta queries
• Improve last modified time queries

Media Optimization (Media Module)

• Disable unnecessary image sizes
• Lazy load images
• Optimize image generation
• Remove image size suffix
• Prevent WebP conversion for specific formats

Update Management (Update Module)

• Disable WordPress core update checks
• Disable plugin update checks
• Disable theme update checks
• Remove update nag screens
• Reduce HTTP requests to WordPress.org

General Cleanup (CleanUp Module)

• Remove RSD link, WLW manifest, shortlink
• Disable REST API discovery
• Remove WordPress generator tag
• Clean up wp_head bloat
• Disable XML-RPC when not needed

Input Sanitization (Sanitize Module)

• Sanitize $_GET, $_POST, $_REQUEST superglobals
• Prevent XSS attacks
• Clean user input automatically
• Validate URLs and paths

General Security

• Remove version information exposure
• Disable file editing in admin
• Harden WordPress configuration

Term Count Optimization

• Optimized term counting for better performance
• Reduced database calls for taxonomy queries
• Smart caching for term counts

Post GUID Optimization

• Optimize post GUID queries
• Improve permalink performance

Post Meta Optimization

• Efficient meta query handling
• Reduce meta table lookups

composer require jazzman/wp-performance

This package is part of the jazzman WordPress ecosystem and depends on:

• jazzman/autoload-interface - Autoloading interface
• jazzman/wp-app-config - Configuration management
• jazzman/wp-db-pdo - PDO database layer

All dependencies are installed automatically via Composer.

The plugin works out-of-the-box with sensible defaults for most sites. No configuration needed.

src/
├── Optimization/          # Performance optimization modules
│   ├── CleanUp.php       # Remove WordPress bloat
│   ├── Enqueue.php       # Optimize scripts and styles
│   ├── LastPostModified.php # Caching optimization
│   ├── Media.php         # Image and media optimization
│   ├── PostGuid.php      # GUID optimization
│   ├── PostMeta.php      # Meta query optimization
│   ├── TermCount.php     # Term count optimization
│   ├── Update.php        # Update check management
│   └── WPQuery.php       # Query optimization
├── Security/              # Security hardening modules
│   └── Sanitize.php      # Input sanitization
└── Utils/                 # Utility classes

• ✅ PHPStan (max level with baseline)
• ✅ Psalm (strict mode with baseline)
• ✅ PHPMD (mess detection with baseline)
• ✅ PHP CS Fixer (PSR-12 compliance)
• ✅ Rector (automated refactoring)
• ✅ Roave Security Advisories (dependency scanning)

GitHub Actions workflows for:

• Code quality checks on PR
• Static analysis
• Code style validation
• Security scanning

• PHP: 8.2+ (strictly enforced)
• WordPress: 6.0+
• Composer: For installation and autoloading

After years of WordPress development across hundreds of sites, I identified common performance bottlenecks:

• Default WordPress includes 50+ features most sites never use
• Each feature adds HTTP requests, database queries, and processing time
• Manual optimization is tedious and error-prone
• Most performance plugins focus on caching, not eliminating unnecessary features

WP Performance takes a different approach: Instead of caching bloat, eliminate it at the source.

Part of the jazzman WordPress ecosystem:

• jazzman/wp-object-cache - PSR-16 object caching
• jazzman/wp-nav-menu-cache - Navigation menu caching
• jazzman/wp-password-argon - Argon2i password hashing
• jazzman/wp-lscache - LiteSpeed cache integration
• jazzman/wp-geoip - GeoIP functionality

Found a bug? Have a feature request? Contributions welcome!

1. Fork the repository
2. Create feature branch (git checkout -b feature/amazing)
3. Run quality checks (composer phpstan && composer psalm && composer cs-check)
4. Commit changes (git commit -m 'Add amazing feature')
5. Push to branch (git push origin feature/amazing)
6. Open Pull Request

⭐ If WP Performance improved your site, please star the repo!

💬 Questions? Open an issue on GitHub

Built with ❤️ for the WordPress community