Compatible with WordPress 5.8 GDPR ready
Nitrol – Multifunctional Optimization WordPress Plugin v1.0
Nitrol is a lightweight and flexible WordPress Plugin that speeds up your website by disabling unnecessary WordPress features, extra traces, REST API, Heartbeat API, etc. It also allows you to configure various security options such as disabling XML-RPC, Malicious Requests, theme/plugin file editor, WP Access for certain roles, and more. The plugin has optimization support for various plugins such as WooCommerce, Contact Form 7, and others.
Disable WordPress Heartbeat API
The WordPress Heartbeat API should usually be disabled (or limited) because it consumes server resources.
Emojis were first introduced in WordPress 4.2. They are tiny icons or smileys used on the Internet. If you don’t use it, Emojis script (wp-emoji-release.min.js?ver=4.3.1) in WordPress creates an extra HTTP request, which adds to total page load time, and slows down your WordPress site. Many professional website owners never use it.
Disable RSS Feed
RSS feeds allow users to subscribe to your blog posts. However, when building small static websites, you may want to turn off the RSS feeds.
Disable RSD Link
The RSD link is used by blog clients. If you edit your site from your browser then you don’t need this. It is also used by some 3rd party applications that utilize XML-RPC requests. In most cases, this is just unnecessary code.
Disable wlwmanifest.xml Link
WordPress automatically adds a wlwmanifest link to your site header for Windows Live Writer support. This is a link tag with a reference to your site’s wlwmanifest.xml file. However, this manifest is not used by most users out there.
Disable jQuery Migrate Link
The jQuery Migrate plugin is used to help sites upgrade to the latest version of jQuery. There are cases where the Migrate script may be included when it is not needed for anything.
WordPress has been an oEmbed consumer for a long time, but with the update, WordPress itself became an oEmbed provider. This feature is useful for a lot of people, and you may want to keep it enabled. However, what this means is that it also generates an additional HTTP request on your WordPress site now to load the wp-embed.min.js file. And this loads on every single page. While this file is only 1.7 KB, things like these add up over time. The request itself is sometimes a bigger deal than the content download size.
Disable Query Strings
Limit Post Revisions
Certainly, revisions are a very useful feature by WordPress but over time this can lead to unnecessary overhead in our WordPress database which means more records for nothing.
Disable Default Widgets
Let’s be honest – nobody uses all the default widgets that come with WordPress out of the box. In fact, there are probably a few default widgets that you would never use.
Disable WooCommerce Styles/Scripts for Non-Woocommerce Pages
WooCommerce loads three core CSS style sheets on every page and post when installed on a WordPress site. You can save a bit of page load time here by disabling the styles and scripts from pages and content that do not need it.
Disable CF7 Styles/Scripts for Non-CF7 Pages
Temporarily Maintenance Mode
Temporarily close access to your site by visitors.
Disable Search Functionality
The WordPress search feature is really useful, but you might easily come across a situation where you want to remove the default search functionality.
Disable Native JPEG Compression
What many people don’t realize is that WordPress automatically compresses uploaded JPG images by up to 90%. If these images are further compressed with an image optimization plugin like ShortPixel or WP Smush, the drop in image quality is often noticeable.
Add Alt Text to Gravatar Images
For some inexplicable reason, WordPress doesn’t include default alt text when it grabs an author image from the Gravatar server. The code snippet below fixes that. Simply copy and paste it into your theme’s functions file, and the alt text “Gravatar for [author name]” will be automatically added to author Gravatars.
Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.
Protect Website from Malicious Requests
Reject all malicious URL requests (brute-forces, eval, base64, etc).
Add HTTP Security Headers
Your web browser supports many HTTP security headers which can improve your website security against clickjacking, cross-site scripting, XSS attacks, and other common attacks.
There are certain situations where users would want to use XML-RPC. However, with advances in technology, the use and functionality of XML-RPC have been greatly reduced since its inception. As such, the original pros that this feature gave, have become outweighed by the potential security risks that are involved by leaving it enabled.
Disable the theme / plugin file editor
The WordPress admin area has an easy way to edit your theme and plugin files just by going to Editor under the Appearance menu items. This also makes it very easy for a malicious attacker to edit your theme files if they gain access to your WordPress website. Don’t make it easy for them.
Disable REST API
The WordPress REST API provides endpoints for WordPress data types. This allows developers to interact with sites remotely by sending and receiving JSON objects. However, most website owners do not need these features, and it may be smarter to disable the WordPress JSON REST API.
Disable WordPress Version
All security experts advise against revealing sensitive information to the public. But, does the WordPress version number count as sensitive information? Well, it does. WordPress version number might not be as sensitive as user details or your login credentials. But it still stores enough information to render your website vulnerable.
Disable Comments URL
A lot of spam comments come from spambots. When they cannot leave a comment with a URL, they move on to the next website, or so we hope. Thus, by not allowing URLs in the comments section, you are blocking the bot.
Disable Comments Admin Class
This option removed the admin name from your comments (if your website uses comments). This helps to protect you because before cracking an admin’s password, a hacker needs the admin’s username, This makes finding that username more difficult.
Disable WP Access for certain roles
There are a number of reasons why you might want to limit other users’ access to your WordPress dashboard. Say you’re running a blog. You might want to give limited access to writers so they can create and edit posts without changing your theme, plugins, or other settings. You might also want to block subscribers from accessing your dashboard entirely.
Disable WP Admin Bar for certain roles
When viewing the public pages on the front end of your website, the admin bar can be a bit distracting. It may also affect your website’s design and user experience.
Server info tab
With Nitrol, you no longer need to dig into your server configs to find out if the values meet the minimum requirements or not. Just open the ready-made Server Info Tab inside Nitrol Dashboard and get a complete report on all your PHP limits and PHP extensions.
Are you on a staging branch and want to push your changes to live? Just export the Nitrol settings and import them on another site. This process takes a few seconds since we are using JSON file format instead of bulky XML.
Smart Nitrol Dashboard keeps your site up-to-date. Our auto-updates handler is fully native and powered by WordPress HTTP API.
Every 6 hours and also after every update, Nitrol Dashboard updates the plugin changes data, so you can view the changelog right in your admin panel.