Nitrol – Multifunctional Optimization WordPress Plugin

Compatible with WordPress 5.8 GDPR ready


Nitrol – Multifunctional Optimization WordPress Plugin - 1


Nitrol – Multifunctional Optimization WordPress Plugin - 2


Nitrol – Multifunctional Optimization WordPress Plugin - 3


Nitrol – Multifunctional Optimization WordPress Plugin - 4


Nitrol – Multifunctional Optimization WordPress Plugin - 5


Nitrol – Multifunctional Optimization WordPress Plugin - 6


Nitrol – Multifunctional Optimization WordPress Plugin - 7


Nitrol – Multifunctional Optimization WordPress Plugin - 8

Nitrol – Multifunctional Optimization WordPress Plugin - 9

Nitrol – Multifunctional Optimization WordPress Plugin v1.0

Nitrol is a lightweight and flexible WordPress Plugin that speeds up your website by disabling unnecessary WordPress features, extra traces, REST API, Heartbeat API, etc. It also allows you to configure various security options such as disabling XML-RPC, Malicious Requests, theme/plugin file editor, WP Access for certain roles, and more. The plugin has optimization support for various plugins such as WooCommerce, Contact Form 7, and others.

Disable WordPress Heartbeat API

The WordPress Heartbeat API should usually be disabled (or limited) because it consumes server resources.

Disable Emoji

Emojis were first introduced in WordPress 4.2. They are tiny icons or smileys used on the Internet. If you don’t use it, Emojis script (wp-emoji-release.min.js?ver=4.3.1) in WordPress creates an extra HTTP request, which adds to total page load time, and slows down your WordPress site. Many professional website owners never use it.

Disable RSS Feed

RSS feeds allow users to subscribe to your blog posts. However, when building small static websites, you may want to turn off the RSS feeds.

The RSD link is used by blog clients. If you edit your site from your browser then you don’t need this. It is also used by some 3rd party applications that utilize XML-RPC requests. In most cases, this is just unnecessary code.

WordPress automatically adds a wlwmanifest link to your site header for Windows Live Writer support. This is a link tag with a reference to your site’s wlwmanifest.xml file. However, this manifest is not used by most users out there.

The jQuery Migrate plugin is used to help sites upgrade to the latest version of jQuery. There are cases where the Migrate script may be included when it is not needed for anything.

Disable Embeds

WordPress has been an oEmbed consumer for a long time, but with the update, WordPress itself became an oEmbed provider. This feature is useful for a lot of people, and you may want to keep it enabled. However, what this means is that it also generates an additional HTTP request on your WordPress site now to load the wp-embed.min.js file. And this loads on every single page. While this file is only 1.7 KB, things like these add up over time. The request itself is sometimes a bigger deal than the content download size.

Disable Query Strings

When it comes to WordPress performance, this question comes up quite a bit, and that is how to remove query strings from static resources. Your CSS and JavaScript files usually have the file version on the end of their URLs, such as domain.com/style.css?ver=4.6. Some servers and proxy servers are unable to cache query strings, even if a cache-control:public header is present. By removing them, you can sometimes improve your caching.

Limit Post Revisions

Certainly, revisions are a very useful feature by WordPress but over time this can lead to unnecessary overhead in our WordPress database which means more records for nothing.

Disable Default Widgets

Let’s be honest – nobody uses all the default widgets that come with WordPress out of the box. In fact, there are probably a few default widgets that you would never use.

Disable WooCommerce Styles/Scripts for Non-Woocommerce Pages

WooCommerce loads three core CSS style sheets on every page and post when installed on a WordPress site. You can save a bit of page load time here by disabling the styles and scripts from pages and content that do not need it.

Disable CF7 Styles/Scripts for Non-CF7 Pages

You might want to load these CSS & JavaScript files only on the pages where you are using the Contact Form 7 plugin to create a form. It will save your site from loading extra files on each page instead these files will be loaded only on the pages with contact forms.

Temporarily Maintenance Mode

Temporarily close access to your site by visitors.

Disable Search Functionality

The WordPress search feature is really useful, but you might easily come across a situation where you want to remove the default search functionality.

Disable Native JPEG Compression

What many people don’t realize is that WordPress automatically compresses uploaded JPG images by up to 90%. If these images are further compressed with an image optimization plugin like ShortPixel or WP Smush, the drop in image quality is often noticeable.

Add Alt Text to Gravatar Images

For some inexplicable reason, WordPress doesn’t include default alt text when it grabs an author image from the Gravatar server. The code snippet below fixes that. Simply copy and paste it into your theme’s functions file, and the alt text “Gravatar for [author name]” will be automatically added to author Gravatars.

Force SSL

Each site is issued a unique SSL certificate for identification purposes. If a server is pretending to be on HTTPS, and its certificate doesn’t match, then most modern browsers will warn the user from connecting to the website.

Protect Website from Malicious Requests

Reject all malicious URL requests (brute-forces, eval, base64, etc).

Add HTTP Security Headers

Your web browser supports many HTTP security headers which can improve your website security against clickjacking, cross-site scripting, XSS attacks, and other common attacks.

Disable XML-RPC

There are certain situations where users would want to use XML-RPC. However, with advances in technology, the use and functionality of XML-RPC have been greatly reduced since its inception. As such, the original pros that this feature gave, have become outweighed by the potential security risks that are involved by leaving it enabled.

Disable the theme / plugin file editor

The WordPress admin area has an easy way to edit your theme and plugin files just by going to Editor under the Appearance menu items. This also makes it very easy for a malicious attacker to edit your theme files if they gain access to your WordPress website. Don’t make it easy for them.

Disable REST API

The WordPress REST API provides endpoints for WordPress data types. This allows developers to interact with sites remotely by sending and receiving JSON objects. However, most website owners do not need these features, and it may be smarter to disable the WordPress JSON REST API.

Disable WordPress Version

All security experts advise against revealing sensitive information to the public. But, does the WordPress version number count as sensitive information? Well, it does. WordPress version number might not be as sensitive as user details or your login credentials. But it still stores enough information to render your website vulnerable.

Disable Comments URL

A lot of spam comments come from spambots. When they cannot leave a comment with a URL, they move on to the next website, or so we hope. Thus, by not allowing URLs in the comments section, you are blocking the bot.

Disable Comments Admin Class

This option removed the admin name from your comments (if your website uses comments). This helps to protect you because before cracking an admin’s password, a hacker needs the admin’s username, This makes finding that username more difficult.

Disable WP Access for certain roles

There are a number of reasons why you might want to limit other users’ access to your WordPress dashboard. Say you’re running a blog. You might want to give limited access to writers so they can create and edit posts without changing your theme, plugins, or other settings. You might also want to block subscribers from accessing your dashboard entirely.

Disable WP Admin Bar for certain roles

When viewing the public pages on the front end of your website, the admin bar can be a bit distracting. It may also affect your website’s design and user experience.

Server info tab

With Nitrol, you no longer need to dig into your server configs to find out if the values meet the minimum requirements or not. Just open the ready-made Server Info Tab inside Nitrol Dashboard and get a complete report on all your PHP limits and PHP extensions.

Import/Export settings

Are you on a staging branch and want to push your changes to live? Just export the Nitrol settings and import them on another site. This process takes a few seconds since we are using JSON file format instead of bulky XML.

Automatic updates

Smart Nitrol Dashboard keeps your site up-to-date. Our auto-updates handler is fully native and powered by WordPress HTTP API.

Dynamic changelog

Every 6 hours and also after every update, Nitrol Dashboard updates the plugin changes data, so you can view the changelog right in your admin panel.