1. Limit Post Revisions

By default, WordPress saves every draft and update as a new row in the wp_posts table. Over time, a single post can accumulate dozens of revisions, bloating your database size and slowing down SQL queries. This constant restricts WordPress to keeping only the last 3 revisions of a post, automatically deleting older ones to keep the database lean and optimized.

// Add to wp-config.php
define( 'WP_POST_REVISIONS', 3 );

2. Increase Autosave Interval

WordPress attempts to save your post every 60 seconds while you are in the editor. This creates frequent AJAX requests (admin-ajax.php) that can consume significant server CPU and lag the admin dashboard. This snippet changes the save frequency to 5 minutes (300 seconds), drastically reducing background server hits while you write.

// Add to wp-config.php
define( 'AUTOSAVE_INTERVAL', 300 );

3. Automated Trash Cleanup

Deleted posts, pages, and comments stay in the database indefinitely until you manually “Empty Trash.” This consumes unnecessary storage and affects database indexing. This configuration ensures that items in the trash are permanently purged every 7 days, preventing “junk” data from accumulating.

// Add to wp-config.php
define( 'EMPTY_TRASH_DAYS', 7 );

4. Disable XML-RPC

XML-RPC is an outdated API used for remote access (like posting via mobile apps). Today, it is primarily a target for DDoS and brute-force attacks where hackers try thousands of password combinations. This filter completely shuts down the XML-RPC service, closing a major security hole and saving the server resources used to monitor those requests.

add_filter( 'xmlrpc_enabled', '__return_false' );

5. Disable Pingbacks & Trackbacks

Pingbacks notify you when someone links to your site, but the system is easily exploited by spammers to overwhelm your server with fake requests. This specific snippet unsets the pingback method within the XML-RPC protocol, stopping the server from processing these incoming notifications and reducing overall background noise.

add_filter( 'xmlrpc_methods', function( $methods ) {
    unset( $methods['pingback.ping'] );
    return $methods;
});

6, Defer JavaScript Parsing

Render-blocking JavaScript is a major cause of low mobile speed scores. When a browser hits a script tag, it stops building the page to download and run it. This code adds the defer attribute to script tags, telling the browser to download the script in the background and only execute it after the HTML is fully parsed, allowing the user to see the content faster.

function dpt_defer_scripts( $tag, $handle, $src ) {
    if ( is_admin() ) return $tag;
    return str_replace( ' src', ' defer="defer" src', $tag );
}
add_filter( 'script_loader_tag', 'dpt_defer_scripts', 10, 3 );

7, Remove Emoji Scripts

WordPress loads a dedicated JavaScript file and CSS styles to support emojis in very old browsers (like Internet Explorer). Since modern browsers support emojis natively, this is redundant. This removes the extra HTTP requests and inline CSS, saving about 10-15KB per page load and reducing the amount of code the browser has to process.

add_action( 'init', function() {
    remove_action( 'wp_head', 'print_emoji_detection_script', 7 );
    remove_action( 'admin_print_scripts', 'print_emoji_detection_script' );
    remove_action( 'wp_print_styles', 'print_emoji_styles' );
    remove_action( 'admin_print_styles', 'print_emoji_styles' );
    remove_filter( 'the_content_feed', 'wp_staticize_emoji' );
    remove_filter( 'comment_text_rss', 'wp_staticize_emoji' );
    remove_filter( 'wp_mail', 'wp_staticize_emoji_for_email' );
});

8. Remove Version Strings from Static Resources

By default, WordPress appends ?ver=x.x.x to the end of CSS and JS URLs. This can prevent certain proxy servers and CDNs from caching the files, as they may treat them as dynamic content. This function strips that query argument, ensuring that browsers and CDNs cache your static assets perfectly.

function dpt_remove_wp_ver( $src ) {
    if ( strpos( $src, 'ver=' . get_bloginfo( 'version' ) ) )
        $src = remove_query_arg( 'ver', $src );
    return $src;
}
add_filter( 'style_loader_src', 'dpt_remove_wp_ver', 9999 );
add_filter( 'script_loader_src', 'dpt_remove_wp_ver', 9999 );

9. Remove RSD & WLW Manifest Links

RSD (Really Simple Discovery) and WLW (Windows Live Writer) links are only necessary if you use external software to publish to your site. Most developers today use the Gutenberg editor directly. This removes those redundant lines from the <head>, making the HTML document cleaner and slightly smaller.

remove_action( 'wp_head', 'rsd_link' );
remove_action( 'wp_head', 'wlwmanifest_link' );

10. Disable Dashicons on Frontend

Dashicons is the default icon font used in the WordPress admin dashboard. Many themes load this font on the frontend even for guests, which is a waste of a 30KB request. This snippet prevents dashicons.min.css from loading for public visitors while keeping it active for logged-in admins so the admin bar remains intact.

add_action( 'wp_enqueue_scripts', function() {
    if ( ! is_user_logged_in() ) {
        wp_deregister_style( 'dashicons' );
    }
}, 100 );

11. Control Heartbeat API

The WordPress Heartbeat API uses AJAX to provide real-time updates, such as notifying you if another user is editing a post. By default, it hits the server every 15-60 seconds, which can spike CPU usage. This code slows down the frequency to once every 60 seconds, reducing the number of admin-ajax.php hits to prevent server lag.

add_filter( 'heartbeat_settings', function( $settings ) {
    $settings['interval'] = 60; 
    return $settings;
});

12. Remove Gutenberg Block Library CSS

If you are building a custom-coded theme and write your own CSS for galleries, buttons, and tables, you don’t need the default block styles provided by WordPress. This dequeues the standard block editor CSS, saving between 25KB and 50KB of unnecessary styles from being downloaded on every page load.

add_action( 'wp_enqueue_scripts', function() {
    wp_dequeue_style( 'wp-block-library' );
    wp_dequeue_style( 'wp-block-library-theme' );
}, 100 );

13. DNS Preconnect for Third-Party Assets

Establishing a connection to an external domain (like Google Fonts) involves a DNS lookup, a TCP handshake, and a TLS negotiation. This snippet adds a preconnect link tag to the header, instructing the browser to start these connections as soon as the HTML is loaded, shaving hundreds of milliseconds off the loading time for external assets.

add_action( 'wp_head', function() {
    echo '<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>';
}, 1 );

14. Disable Shortlinks

WordPress generates a “shortlink” tag (e.g., [yoursite.com/?p=123](https://yoursite.com/?p=123)) in the header for every post. Since modern SEO relies on “Pretty Permalinks,” these tags are rarely used by humans or search engines. This removes the rel="shortlink" tag to slim down the source code.

remove_action( 'wp_head', 'wp_shortlink_wp_head' );

15. Remove WordPress Generator Tag

The generator tag identifies the specific version of WordPress you are using. This is a security liability, as it helps hackers target version-specific vulnerabilities. Removing it protects your site and reduces the header size by one line.

remove_action( 'wp_head', 'wp_generator' );

16. Native Lazy Loading for Images

“Lazy loading” ensures that images at the bottom of a page aren’t downloaded until the user actually scrolls to them. This ensures every image has the loading="lazy" attribute, which modern browsers handle natively without the need for heavy JavaScript libraries.

add_filter( 'the_content', function( $content ) {
    return str_replace( '<img', '<img loading="lazy"', $content );
});

17. Disable Self-Pingbacks

WordPress sends a “ping” notification to your own site whenever you link to your own internal posts. This creates unnecessary database entries and can trigger unwanted notification emails. This function cancels the internal ping, keeping your comment section clean and reducing DB writes.

function dpt_disable_self_pings( &$links ) {
    $home = get_option( 'home' );
    foreach ( $links as $l => $link )
        if ( 0 === strpos( $link, $home ) ) unset($links[$l]);
}
add_action( 'pre_ping', 'dpt_disable_self_pings' );

18. Disable Global Styles (theme.json) CSS

Since WordPress 5.9, a large block of inline CSS and SVG filters is injected into the header by default to support the site editor. If you are using a classic theme that doesn’t rely on theme.json, this code removes a significant amount of redundant inline code that bloats the HTML document.

remove_action( 'wp_enqueue_scripts', 'wp_enqueue_global_styles' );
remove_action( 'wp_footer', 'wp_enqueue_global_styles', 1 );

19. Disable jQuery Migrate

jquery-migrate.min.js is a script used to help old plugins work with modern versions of jQuery. Most modern, clean-coded themes don’t need it. Dequeuing this saves an extra JS request. (Always verify your interactive elements like sliders or modals still work after adding this).

add_action( 'wp_default_scripts', function( $scripts ) {
    if ( ! is_admin() && isset( $scripts->registered['jquery'] ) ) {
        $script = $scripts->registered['jquery'];
        if ( $script->deps ) {
            $script->deps = array_diff( $script->deps, array( 'jquery-migrate' ) );
        }
    }
});

20. Remove REST API Links from Head

WordPress includes links in the header to inform browsers and crawlers about the site’s JSON REST API. If you aren’t using the REST API for external apps or headless setups, removing these links cleans up the header and hides the discovery endpoint from basic bots.

remove_action( 'wp_head', 'rest_output_link_wp_head' );

21. Leverage Browser Caching (.htaccess)

This tells the visitor’s browser to store static files (like images and CSS) locally for a specific period. By setting long expiration headers, you significantly improve the load time for returning visitors, as their browser will load the files directly from their hard drive instead of your server.

# Add this to your .htaccess file
<IfModule mod_expires.c>
    ExpiresActive On
    ExpiresDefault "access plus 1 month"
    ExpiresByType image/webp "access plus 1 year"
    ExpiresByType image/jpg "access plus 1 year"
    ExpiresByType image/png "access plus 1 year"
    ExpiresByType text/css "access plus 1 month"
    ExpiresByType application/javascript "access plus 1 month"
</IfModule>

22. Disable Embed Scripts

WordPress loads a script (wp-embed.min.js) that allows you to easily embed YouTube videos and tweets by pasting a link. If you don’t need this automated embedding or prefer to use manual iframe tags, dequeuing the script saves one more JavaScript request on every page.

add_action( 'wp_footer', function() {
    wp_deregister_script( 'wp-embed' );
});

23. Gzip Compression (.htaccess)

Gzip compresses your HTML, CSS, and JS files on the server before sending them to the user. This can reduce the file size by up to 70%, which is one of the most effective ways to improve load speeds for users on slow mobile connections.

# Add this to your .htaccess file
<IfModule mod_deflate.c>
    AddOutputFilterByType DEFLATE text/html text/javascript text/css
</IfModule>

24. Remove Unused Image Sizes

Every time you upload an image, WordPress generates several copies (Medium, Large, 1536px, etc.). If your theme only uses “Large” and “Thumbnail,” the others are just wasting server disk space. This prevents the server from creating unused sizes, reducing server load during the upload process.

function dpt_disable_image_sizes( $sizes ) {
    unset( $sizes['medium_large'] ); 
    unset( $sizes['1536x1536'] );
    unset( $sizes['2048x2048'] );
    return $sizes;
}
add_filter( 'intermediate_image_sizes_advanced', 'dpt_disable_image_sizes' );

25. Redirect Feed Links to Home

By default, WordPress creates RSS feeds for every category, tag, and comment section. If your site isn’t a news blog where people subscribe via RSS, these links are just being crawled by bots. Removing them reduces document bloat and prevents unnecessary bot traffic from consuming bandwidth.

remove_action( 'wp_head', 'feed_links', 2 );
remove_action( 'wp_head', 'feed_links_extra', 3 );

26. Disable All Comments CSS

WordPress injects a small block of inline CSS for the “Recent Comments” widget by default, even if you aren’t using the widget. Removing this inline CSS keeps your <head> free of dead styles that don’t contribute to the page’s design.

add_filter( 'show_recent_comments_widget_style', '__return_false' );

27. Enforce WebP Uploads

WebP images are significantly lighter than JPEG or PNG while maintaining high visual quality. By prioritizing WebP for every upload, you ensure your “Total Page Size” remains as small as possible, which directly improves your Core Web Vitals scores.

(Note: This logic is usually implemented via a server-side media filter or a dedicated procedural function to check MIME types.)

28. Script Blocking for Specific Pages

Many plugins (like Contact Form 7) load their heavy CSS and JS files on every single page of your site, even if the form is only on the “Contact” page. This snippet detects the current page and dequeues the plugin’s scripts elsewhere, keeping your homepage and blog posts lightweight.

add_action( 'wp_enqueue_scripts', function() {
    if ( ! is_page( 'contact' ) ) {
        wp_dequeue_script( 'contact-form-7' );
        wp_dequeue_style( 'contact-form-7' );
    }
}, 99 );

29. Minify HTML Output

Large HTML files with extra spaces, tabs, and comments take longer to download and parse. This procedural function buffers the final HTML output and strips out all unnecessary white space. This results in a smaller “payload” being sent to the browser, which is critical for faster mobile rendering.

function dpt_minify_html( $buffer ) {
    $search = array( '/\>[^\S ]+/s', '/[^\S ]+\</s', '/(\s)+/s' );
    $replace = array( '>', '<', '\\1' );
    return preg_replace( $search, $replace, $buffer );
}
add_action( 'get_header', function() { ob_start( 'dpt_minify_html' ); });

30. Zero-Plugin Asset Loading

The last parameter (true) in the wp_enqueue_script function is the most important for speed. It ensures your JavaScript is placed in the footer. This allows the browser to show the visible UI to the user immediately, processing the heavy JS only after the visuals are ready.

wp_enqueue_script( 'dpt-main', get_template_directory_uri() . '/js/main.js', array(), null, true );

Achieving a 100/100 Lighthouse score isn’t about finding the perfect performance plugin; it’s about taking total control of your code. By implementing these 30 “Zero-Plugin” strategies, you transition from a standard WordPress user to an elite developer who prioritizes performance, security, and scalability.

Why the “Zero-Plugin” Approach Wins:

• Reduced Overhead: Every plugin adds extra PHP execution time and database queries. Native code is always faster.
• Total Control: You know exactly what is loading on your site, preventing “ghost” scripts from dragging down your Core Web Vitals.
• Enhanced Security: Fewer plugins mean a smaller attack surface for hackers.
• Sustainability: Your site stays fast even as WordPress updates, because you are using core-compatible procedural functions.

The web is evolving, and users no longer tolerate slow load times. Use these technical blueprints to strip away the bloat and build a high-performance digital presence that ranks higher and converts better.

Happy coding, and may your Lighthouse scores always stay green!