WordPress is a very popular website framework used by over 500K websites in Canada (35M around the world). Most of these websites use the basic vanilla out-of-the box installation without any tweaks applied. While a vanilla WordPress installation will work properly, there are some tweaks that will improve performance. Not only will these tweaks improve performance, they will also increase the security of WordPress. In this post, I will show you how to optimize your WordPress website for better performance.
The tweaks outlined here involve adding custom code to the website. There are several ways to add code to WordPress. The first method is to add the code to the functions.php file in a Child theme (never edit the functions.php file in the parent theme as your changes will be removed on the next theme update). Another method to add code to WordPress is to use a plugin (we use Code Snippets or WPCode for this). Read our blog post on how to add additional functionality to WordPress for instructions.
Also, we always use a test environment when adding new code to a website. We test the code on our test server first before launching the code on a live website. We can rollback any changes easily if things go wrong (i.e. a missing semicolon can stop a website from running).
Disable Dashicons
WordPress includes a set of icons called dashicons. These icons provide an easy way to add icons to the posts and pages on your site. While these dashicons may be useful for adding visual elements to your content, they also slow down your site’s performance and increase the size of your page.
Disabling dashicons can help reduce page size and improve overall site performance, this is especially true if you are not using dashicons on your site. The code removes dashicons for non-logged in users.
To remove dashicons, add this code:
function majaid_dequeue_dashicon() {
if (current_user_can( ‘update_core’ )) {
return;
}
wp_deregister_style(‘dashicons’);
}
add_action( ‘wp_enqueue_scripts’, ‘majaid_dequeue_dashicon’ );
Remove Query Strings
For most websites, having query strings added to loading files do not add anything to the loading of the website. In fact, some caching programs will not cache files that have query strings attached to them.
A file with a query string looks like this (note the ‘?ver=6.4.1’ added to the end of the file being loaded):
<link rel=’stylesheet’ id=’dashicons-css’ href=’http://wordpress.local/wp-includes/css/dashicons.min.css?ver=6.4.1′ media=’all’ />
Note that some developers use query strings when adding new versions of plugins. If this is the case, clear the server cache after adding and running this code snippet. Remove query strings to help optimize your WordPress website.
function majaid_remove_query_strings() {
if(!is_admin()) {
add_filter(‘script_loader_src’, ‘majaid_remove_query_strings_split’, 15);
add_filter(‘style_loader_src’, ‘majaid_remove_query_strings_split’, 15);
}
}
function majaid_remove_query_strings_split($src){
$output = preg_split(“/(&ver|\?ver)/”, $src);
return $output[0];
}
add_action(‘init’, ‘majaid_remove_query_strings’);
Disable Emoji Icons (Emoticons)
Emoji icons are those pretty icons that people use when writing text messages. Most websites do not use these emoticons at all. If you do not use emoticons on your website, you can safely remove this functionality. WordPress Emoji load through a JavaScript file, removing this file will help speed up page loading.
To remove emoticons, add this code.
function majaid_disable_emojis() {
remove_action( ‘wp_head’, ‘print_emoji_detection_script’, 7 );
remove_action( ‘admin_print_scripts’, ‘print_emoji_detection_script’ );
remove_filter( ‘the_content_feed’, ‘wp_staticize_emoji’ );
remove_action( ‘wp_print_styles’, ‘print_emoji_styles’ );
remove_action( ‘admin_print_styles’, ‘print_emoji_styles’ );
remove_filter( ‘comment_text_rss’, ‘wp_staticize_emoji’ );
remove_filter( ‘wp_mail’, ‘wp_staticize_emoji_for_email’ );
add_filter( ‘tiny_mce_plugins’, ‘majaid_disable_emojis_tinymce’ );
}
function majaid_disable_emojis_tinymce( $plugins ) {
if ( is_array( $plugins ) ) {
return array_diff( $plugins, array( ‘wpemoji’ ) );
} else {
return array();
}
}
add_action( ‘init’, ‘majaid_disable_emojis’ );
Remove RSD Links
Really Simple Discovery (RSD) is a feature WordPress uses that allows external applications to use services that WordPress supports. RSD is not used by the vast majority of websites. Disabling RSD links can help improve the security of your site and reduce the risk of attacks as the website does not permit people that are not logged into the admin dashboard to add content to the website.
To remove RSD links, simply add this code:.
remove_action( ‘wp_head’, ‘rsd_link’ ) ;
Disable XML-RPC
XML-RPC is an application that allows external users to connect to WordPress backend to make changes to the website. Most hackers will attempt to abuse the built in XML-RPC capability to attack WordPress websites through a DDOS attack or brute force attack. If you do not use XML-RPC to remotely access your website, then you are safe to disable it. Not only does it remove another file from loading but it also increases the security of your website.
To remove XML-RPC capability, add this code:
add_filter(‘xmlrpc_enabled’, ‘__return_false’);
Disable Self Pingback
Pingbacks occur when someone links to your website content from their website. You will get a notice in your post or page that someone has linked to your content. These pingbacks also occur when you link to other posts within your website (for example, you link one blog post to another). You do not need to have these notifications show up in your backend. You can simply disable the pingbacks.
To disable pingbacks to optimize your WordPress website, add this code:
function majaid_disable_pingback( &$links ) {
foreach ( $links as $l => $link )
if ( 0 === strpos( $link, get_option( ‘home’ ) ) )
unset($links[$l]);
}
add_action( ‘pre_ping’, ‘majaid_disable_pingback’ );
Disable Heartbeat
WordPress has a built in functionality that uses the wp-admin/admin-ajax.php file to make AJAX calls on a frequent basis. This functionality allows WordPress to show that a post is being edited by another user, show real-time notifications, and create auto-saves. Most caching plugins disable heartbeat automatically.
Even though this is great functionality for most users, it puts more stress on your web server by making frequent calls to the database and server. For instance, when you are editing a post, heartbeat makes a save every 15 seconds.
If you use the ‘Save Draft’ functionality when writing content, you can safely turn off the heartbeat.
To turn off heartbeat, add this code:
add_action( ‘init’, ‘stop_heartbeat’, 1 );
function stop_heartbeat() {
wp_deregister_script(‘heartbeat’);
}
If you like the peace of mind feeling heartbeat give you, you can change the frequency of when heartbeat runs.
To change the frequency of heartbeat, add this code:
function majaid_set_heartbeat_time_interval($settings) {
$settings[‘interval’]=60; // change this number as required
return $settings;
}
add_filter(‘heartbeat_settings’, ‘majaid_set_heartbeat_time_interval’);
Note: do not add both code snippets to your website, use one or the other.
Hide WordPress Version
Although this tip will not improve the performance of your website, it is useful for those who wish to remove the line in every page loaded that tells the browser that the website was built using WordPress.
Here is the line that each page contains in the code:
<meta name=”generator” content=”WordPress 6.4.1″ />
To remove this line, add this code:
remove_action( ‘wp_head’, ‘wp_generator’ ) ;
The above set of code snippets will allow you to improve the performance of your WordPress website. Add the snippets for the items you do not need. Your WordPress website will load faster and your visitors will appreciate the page speed.
Need help to optimize your WordPress website?
Let’s chat!