WordPress Optimizer: Site Booster Module

The Ocean Site Booster's WordPress Optimizer module enables you to control core WordPress features that may be redundant or present a security issue for your website.

access WordPress Optimizer module for Ocean Site Booster

To access WordPress Optimizer, click on the cog icon, then toggle to enable the module.

enable WordPress Optimizer module for Ocean Site Booster

By disabling WordPress core features you don't need or use, you're boosting your website's performance (disabling processes that continuously run in the backend using your server resources), as well as your privacy and security.

Enable (or disable) any option you would like to use, then save changes at the bottom of the module page.

Available WordPress Optimizer options include:

Disable Rest API for Logged Out Users

This option enables you to restrict access to the Rest API functionality only to registered and logged-in users, thus increasing the security of your website by hiding all sensitive information from malicious users and bots.

Your website can reveal lots of information.

For example, using a different browser and in incognito mode, type in your website's URL and append the following to the URL: /wp-json/wp/v2/

Basically, the entire URL you would now look like this: https://yourwebsite's-url.com/wp-json/wp/v2/

See what information is available about all users, menus, posts, pages, products... everything, as displayed in the image below.

example of information that can be retrieved using the WordPress Rest API

While this information is essential for your entire website's functionality, it's not essential to be publicly available and will not influence your website's functionality towards non-registered or non-logged in users and site visitors.

When the Disable Rest API for Logged Out Users option is enabled, anyone logged out or unregistered will receive an error message informing them they do not have permission to access the information.

WordPress Rest API restricted access example

Disable Heartbeat

This option enables you to disable the Heartbeat API.

WordPress Heartbeat API is used by lots of core WordPress features, like autosave or post revisions, but also by some plugins which display live notifications, like sales on your website.

The Heartbeat API provides a communication protocol using AJAX calls between the browser and the server. Each pulse (heartbeat) utilizes website's CPU, and this can be troublesome for people on shared hosting with limited CPU quota.

Likewise, high CPU usage can also cause overload, which among some hosting providers is grounds for account suspension.

Before disabling Heartbeat API, consider the following:

  • Do you have use of the periodical autosave feature on the website?
  • Do you have use of the notifications that a post or page you want to edit is already being edited by someone else?
  • Do you have use of any other real-time or live notification on your website, be it backend or frontend?
  • Do you use the post scheduling option on your website?
  • Do you use any other optimization or caching plugins which are already controlling the Heartbeat API functionality in any way?
  • Is your website an eCommerce website of any kind?

If your answer to any of these questions is yes, do not disable Heartbeat API.

With most hosting providers, even when it comes to large, frequently visited and even eCommerce websites, there's no true need to disable the Heartbeat API.

For more information, on the Heartbeat API, its functionality and use-cases, also see the following resources:

Disable Gutenberg Editor

This option enables you to disable the Gutenberg editor (for posts, pages, etc) and utilize the Classic editor instead, without the need to install any third-party plugins.

disable Gutenberg editor and enable Classic editor

Disable WP Cron

This option enables you to disable all WP Cron related actions.

WP-Cron is how WordPress handles scheduling time-based tasks. Several WordPress core features, such as checking for updates and publishing scheduled post, utilize WP-Cron.

WP-Cron works by checking, on every page load, a list of scheduled tasks to see what needs to be run. Any tasks due to run will be called during that page load.

If your website doesn't depend on any WP Cron jobs, ie. you want to manually check updates, manually update necessary plugins, and you are not utilizing any plugins or specific plugin features which rely on WP Cron, then you can disable this option.

Disable Autosave

This option enables you to disable the autosave feature without disabling the entire Heartbeat API. However, if you have already disabled Heartbeat API, this feature is already disabled since it depends on the Heartbeat API.

The autosave feature functions in the exact same manner autosave in any document editor, such as Microsoft Word or Google Docs functions - periodically, this option will run and save all your changes to a specific post, page, etc, without the need for you to constantly use the Save Draft or Update option. In case of any power or server issues, the autosave feature prevents the loss of your work.

If you don't have the need for this feature, you can disable it.

Disable Feeds

This option enables you to disable all feeds, RSS, Atom and RDF that can be found using these URLs on your website:

  1. https://yourwebsite.com/feed/
  2. https://yourwebsite.com/feed/rss/
  3. https://yourwebsite.com/feed/rss2/
  4. https://yourwebsite.com/feed/atom/
  5. https://yourwebsite.com/feed/rdf/

Replace yourwebsite.com in the examples with the actual URL of your website.

Feeds enable users and applications to receive regular updates from / about your website without actually visiting the website.

If you want to avoid various applications and third-party website to harvest information from you in this manner (for example, if you're trying to build a subscribers list), or simply have no need for it, you can disable it.

For more information on WordPress feeds, their functionality, pros and cons, see the following:

Disable XML-RPC

This option enables you to disable WordPress XML-RPC functionality on your website.

XML-RPC in WordPress is used to enable you to post content on your website using many popular weblog clients, as well as using the email option.

However, the XML-RPC functionality is also one of the most misused options and thus represents a security issue that opens the door for various attacks, such as brute force, DoS and DDoS.

If you're not using any form of remote publishing on your website, you can disable this feature.

Disabling XML-RPC also disables pingbacks and trackbacks.

Revisions Control

This option enables you to disable WordPress revisions, enable unlimited revisions or set up a custom number of revisions to save storage on your server (and your database).

WordPress revisions is a system that stores a record of every saved draft or published update.

Depending on your needs, determine which option would be the best for you.

Some hosting providers control the WordPress revisions option on the hosting level, so you may not be able to manipulate this using our plugin.

Found an error in this doc or believe it needs improvement?

Send us a prepurchase ticket, include the URL of the page, and add suggestions and more details about how we can make things better for you.

That's it!

Boost your WordPress website on all levels with OceanWP and Ocean Site Booster.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Related Articles