WebsiteFix One-Click Performance Optimizer

You’ve heard “you should throttle the Heartbeat API” or “xmlrpc.php should probably be disabled”? But every time you end up in a forum thread with 12 conflicting code snippets, three of which will wreck your site.

WebsiteFix One-Click Optimizer solves exactly this problem. Seven hand-curated performance and security fixes, each with auto-safety-check (automatically detects conflicting plugins and does NOT intervene), each one-click-activatable and just as one-click reversible.

The 7 Fixes

1. Throttle the Heartbeat API
Reduces the WordPress Heartbeat frequency contextually: 60s in the admin, 120s in the post editor (instead of 15s), practically off on the frontend. Typical savings: 75–85% less admin-ajax.php load → lower CPU throttling at your host, significantly lower TTFB value.

2. Disable XML-RPC & Pingbacks
Closes the XML-RPC endpoint (by far the most common brute-force attack target on WordPress) and disables outbound pingbacks. Auto-safety-check: if Jetpack, Wordfence, or Sucuri are active, the fix does NOT intervene — you don’t have to choose between security plugin and xmlrpc hardening. Plus REST API user enumeration protection for anonymous requests.

3. Remove Emojis & oEmbed Discovery
Removes the WordPress emoji polyfill scripts (wp-emoji-release.min.js, ~14 KB) and the oEmbed auto-discovery routes. Saves 2–3 HTTP requests per page load. URL embeds in the editor remain functional — only public discovery is turned off.

4. Strip Query Strings from Static Assets
Strips ?ver=… from CSS/JS asset paths. Proxy and CDN caches (Cloudflare, host caches) can now cleanly cache the assets. Auto-safety-check: with WP Rocket / W3 Total Cache / WP Super Cache, the fix does NOT intervene — caching plugins handle this themselves.

5. Remove jQuery Migrate from Frontend
Removes jquery-migrate.min.js (~11 KB) from the frontend but keeps it active in the admin. On modern themes (2020+), Migrate is unnecessary. Lighthouse Performance score typically increases by 1–3 points.

6. Block Author Archives (User Enumeration Protection)
Prevents username discovery via /?author=N or /author/<name>/. Auto-safety-check: if Yoast already has Author Archives disabled, the fix does not intervene. The most well-known brute-force prep trick is neutralized — calls are 301-redirected to the homepage. Additionally: REST API user-individual endpoints blocked for anonymous calls.

7. Hide WordPress Version from Frontend
Removes the <meta name="generator"> tag from the HTML head, from the RSS feed, and from asset URL ?ver= strings. External scanners and brute-force bots can no longer directly identify the exact WordPress version — version-specific exploit-sweep attacks become more expensive. Auto-safety-check: if Wordfence / Sucuri / All-in-One Security / Perfmatters are active, the fix does not intervene (they handle this themselves).

How It Works Technically

When you activate a fix, the plugin writes a single PHP file to /wp-content/mu-plugins/wf-optimizer-<fix-slug>.php. WordPress automatically loads must-use plugins before all regular plugins — no activation workflow needed, no reload trick, the fix takes effect immediately.

When you deactivate, the file is deleted. Standard WordPress behavior returns immediately. When you uninstall the plugin itself, ALL fix files are automatically removed.

We NEVER edit your functions.php. We do not touch theme files, wp-config.php, or existing plugins. Each fix is isolated in its own file — you can inspect them yourself, and you can just as easily delete them manually if you don’t want to use the plugin anymore.

All filesystem operations go through the WordPress WP_Filesystem API (put_contents, delete, is_writable, etc.) — no direct PHP filesystem calls.

What It Does NOT Do

• Writes nothing to your database (a single wp_options entry with the list of active fixes is the exception — ~50 bytes).
• Modifies no theme files, no functions.php, no wp-config.php.
• Does not automatically deactivate existing plugins — auto-safety-check detects conflicts and skips the fix.
• Sends no user data to external servers. Fully offline-capable.
• Shows no ad banners, no nag screen, no trial expiration.

Who Is Behind This

WebsiteFix is a WordPress diagnostic tool developed in Frankfurt, Germany. The seven snippets are ported 1:1 from our free Smart Fix Library at website-fix.com/smart-fix-library. The plugin is open source under GPL. Feedback/bugs: support@website-fix.com.

Auf Deutsch / In German

Sieben kuratierte WordPress-Performance- und Security-Fixes mit einem Klick aktivierbar. Jeder Fix kommt mit Safety-Check (erkennt konfligierende Plugins automatisch und greift dann NICHT ein). Aktivierte Fixes werden als Must-Use-Plugin-Datei in /wp-content/mu-plugins/ mit dem Präfix wf-optimizer- abgelegt — kein Theme-Edit, kein Reload-Workaround, sofortige Rückgängig-Möglichkeit. Read-only-Verbindung zu deiner Datenbank — nur ein einziger wp_options-Eintrag mit ~50 Bytes wird gespeichert. Die sieben Snippets sind 1:1 aus unserer kostenlosen Smart-Fix-Library auf website-fix.com portiert.

Want a free diagnosis before fixing?

If you’re not sure which of the 7 fixes you actually need — start with a free 60-second scan of your live site at website-fix.com/plugin/optimizer. It runs from outside (no FTP, no login, no admin access required) and tells you exactly which performance leaks are draining your hosting plan:

• Heartbeat API hammering your CPU? Yes/No, with the live frequency.
• XML-RPC open to brute force? Yes/No, with the current attack surface.
• Author archives leaking usernames? Yes/No, with the exposed names.
• jQuery Migrate still loading in your frontend? Yes/No, with the wasted KB.

You get a personalized “activate these 3 first” recommendation — instead of guessing. The scan is free, no signup, no email wall before the result.

After the scan: come back here, hit “Apply” on the matching fix in the plugin’s Tools page, done. Two free tools, one workflow.

Want the deeper 92-point audit (database bloat tables, PHP error stack traces, hook-chain conflicts, slow query log)? That’s at website-fix.com — same place, same no-login policy. Use this plugin for the surface fixes, use the online tool for the diagnosis that needs more than a heuristic.

Auf Deutsch

Wenn du nicht sicher bist, welche der 7 Optimierungen du wirklich brauchst, starte mit dem kostenlosen 60-Sekunden-Scan auf website-fix.com/plugin/optimizer. Der Scan läuft extern — kein FTP, kein Login, kein Backend-Zugang — und zeigt dir konkret, welche Performance-Lecks deinen Hosting-Plan ausquetschen. Du bekommst eine “diese 3 zuerst aktivieren”-Empfehlung statt zu raten. Kostenlos, keine Anmeldung, keine E-Mail-Wall vor dem Ergebnis.