README

Comprehensive WordPress performance optimization and security hardening plugin

The Problem

WordPress out-of-the-box includes numerous features that most sites don't need:

Excessive HTTP requests for scripts and styles
Hundreds of unnecessary database queries
Bloated wp_head output with meta tags, feeds, and generator tags
Constant update checks for core, plugins, and themes
Inefficient media handling and image size generation
Missing input sanitization and security hardening

Result: Slower page loads, higher server costs, security vulnerabilities, poor user experience.

The Solution

WP Performance is a comprehensive must-use plugin that:

✅ Eliminates bloat - Removes 50+ unnecessary WordPress features
✅ Optimizes queries - Reduces database calls by 30-50%
✅ Enhances security - Adds input sanitization and hardening
✅ Zero configuration - Works out-of-the-box
✅ Production-tested - Battle-tested on high-traffic sites
✅ Modern codebase - PHP 8.2+, PSR-4, comprehensive quality tooling

Key Features

🚀 Performance Optimization

Script & Style Management (Enqueue Module)

Remove WordPress version from scripts and styles
Disable emoji scripts and styles
Remove DNS prefetch for s.w.org
Clean up script/style tags
Optimize jQuery loading

Database Query Optimization (WPQuery Module)

Optimize WP_Query with smart caching
Reduce term count queries
Optimize post meta queries
Improve last modified time queries

Media Optimization (Media Module)

Disable unnecessary image sizes
Lazy load images
Optimize image generation
Remove image size suffix
Prevent WebP conversion for specific formats

Update Management (Update Module)

Disable WordPress core update checks
Disable plugin update checks
Disable theme update checks
Remove update nag screens
Reduce HTTP requests to WordPress.org

General Cleanup (CleanUp Module)

Remove RSD link, WLW manifest, shortlink
Disable REST API discovery
Remove WordPress generator tag
Clean up wp_head bloat
Disable XML-RPC when not needed

🔐 Security Hardening

Input Sanitization (Sanitize Module)

Sanitize $_GET, $_POST, $_REQUEST superglobals
Prevent XSS attacks
Clean user input automatically
Validate URLs and paths

General Security

Remove version information exposure
Disable file editing in admin
Harden WordPress configuration

⚡ SQL Query Optimization

Term Count Optimization

Optimized term counting for better performance
Reduced database calls for taxonomy queries
Smart caching for term counts

Post GUID Optimization

Optimize post GUID queries
Improve permalink performance

Post Meta Optimization

Efficient meta query handling
Reduce meta table lookups

Installation

composer require jazzman/wp-performance

Dependencies

This package is part of the jazzman WordPress ecosystem and depends on:

jazzman/autoload-interface - Autoloading interface
jazzman/wp-app-config - Configuration management
jazzman/wp-db-pdo - PDO database layer

All dependencies are installed automatically via Composer.

Configuration

The plugin works out-of-the-box with sensible defaults for most sites. No configuration needed.

Architecture

Module-Based Design

src/
├── Optimization/          # Performance optimization modules
│   ├── CleanUp.php       # Remove WordPress bloat
│   ├── Enqueue.php       # Optimize scripts and styles
│   ├── LastPostModified.php # Caching optimization
│   ├── Media.php         # Image and media optimization
│   ├── PostGuid.php      # GUID optimization
│   ├── PostMeta.php      # Meta query optimization
│   ├── TermCount.php     # Term count optimization
│   ├── Update.php        # Update check management
│   └── WPQuery.php       # Query optimization
├── Security/              # Security hardening modules
│   └── Sanitize.php      # Input sanitization
└── Utils/                 # Utility classes

Quality Tools

✅ PHPStan (max level with baseline)
✅ Psalm (strict mode with baseline)
✅ PHPMD (mess detection with baseline)
✅ PHP CS Fixer (PSR-12 compliance)
✅ Rector (automated refactoring)
✅ Roave Security Advisories (dependency scanning)

CI/CD

GitHub Actions workflows for:

Code quality checks on PR
Static analysis
Code style validation
Security scanning

Requirements

PHP: 8.2+ (strictly enforced)
WordPress: 6.0+
Composer: For installation and autoloading

Why This Plugin Exists

After years of WordPress development across hundreds of sites, I identified common performance bottlenecks:

Default WordPress includes 50+ features most sites never use
Each feature adds HTTP requests, database queries, and processing time
Manual optimization is tedious and error-prone
Most performance plugins focus on caching, not eliminating unnecessary features

WP Performance takes a different approach: Instead of caching bloat, eliminate it at the source.

Related Packages

Part of the jazzman WordPress ecosystem:

jazzman/wp-object-cache - PSR-16 object caching
jazzman/wp-nav-menu-cache - Navigation menu caching
jazzman/wp-password-argon - Argon2i password hashing
jazzman/wp-lscache - LiteSpeed cache integration
jazzman/wp-geoip - GeoIP functionality

Contributing

Found a bug? Have a feature request? Contributions welcome!

Fork the repository
Create feature branch (git checkout -b feature/amazing)
Run quality checks (composer phpstan && composer psalm && composer cs-check)
Commit changes (git commit -m 'Add amazing feature')
Push to branch (git push origin feature/amazing)
Open Pull Request

Support

⭐ If WP Performance improved your site, please star the repo!

💬 Questions? Open an issue on GitHub

Built with ❤️ for the WordPress community

jazzman / wp-performance

Maintainers

Details