Use this GitHub.com Access Token –
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 – with your Git Updater plugin.
This access token is used to provide automatic updates and receive support. This plugin does not send any information, save for the access token, to any third-party services. No private information is disclosed or stored that has not been provided by yourself and explicitly made public from within your Lighthouse plugin.
As you install Lighthouse for the first time, you get a dashboard section (Settings -> Lighthouse) showing you a summary of your options and your system settings. You also get a list of optimisation presets.
By selecting certain options you can save page requests (prevent unused styles and scripts from loading) and database queries (prevent unused database queries from being performed, thus saving precious loading time). The list continues to show the total number of options you have selected, the total number of recommended options and several cache values, if you decide to enable them (otherwise they stay at zero).
If you are a complete WordPress beginner, I advise using a preset, then navigating through the options and see what each one does. If you can find your way around WordPress or if you’ve read stuff online, I advise you to check each option in the list below, enable them gradually and check the site’s performance. Note that some options will be effective after 5 to 10 minutes.
Also note that the last settings tab (Help) is available for advanced users only.
Keep reading below to see an overview of the available options.
This option removes most of WordPress-related information, notifications, dashboard meta boxes, widgets, WordPress logos and version details.
It also removes some (mostly) unused taxonomies, such as link categories and post formats and declutters the admin bar. You can use this option for client sites, where you want to remove the WordPress logo and the avatar function and make the backend looking more white-label.
Remove version parameter from scripts and stylesheets
This option removes version parameter from scripts and stylesheets URLs in order to help with browser caching.
Disable emojis and smilies
This option disables replacing special characters with emojis and smilies and stops the emoji scripts/styles loading saving several requests and queries. This option also disables all content parsing (clickable links, smilie conversion, bbCode conversion and other WordPress-specific parsing).
Disable canonical URL redirection
This option disables URL redirection when page is not found. By default, WordPress redirects a non-existent page to the closest permalink it finds.
Disable author archive
This option disables author archives and helps with search engine indexation, duplicate content and security.
Scripts and styles setup
Move scripts to footer
This option tries to move all theme and plugin scripts to footer, provided they have been correctly enqueued using
wp_enqueue_script(), helping with page speed and performance. Note that this option may break some themes and animation-heavy sites.
As WordPress themes and plugins add JS scripts to footer, blocking page rendering, this option moves all correctly enqueued scripts (i.e. using the
wp_enqueue_script() function) to footer. Note that it will not function as expected in all cases. If the theme has lots of scripts and dependencies, something might break. And, as Murphy says, if something can break, it will break.
Remove jQuery Migrate
This option removes the jQuery Migrate script, which is only useful when using older themes and plugins, when depending on older scripts or when debugging.
Remove script and style attributes, remove CSS classes from menus and page navigation
This option removes
Normalize HTTP(S) scheme
This option forces the use of HTTP/HTTPS based on the active WordPress settings and is useful when switching from HTTP to HTTPS or to minimise mixed content warnings.
Clean up theme
This option removes RSD, WLW references, WordPress generator tag and post shortlinks from the theme’s
<head> section. It also removes WordPress-generated <rel> tags (search engines do not use them anymore). These details are not needed in 90% of the cases.
Hide RSS links
This option removes RSS links and prevents content copying and republishing.
Disable comment cookies
This option disables the user information – name, email and website – being saved in a browser cookie. This is usually done to have the details autocompleted in the comment form. Only check this option if you don’t have a comment-heavy site.
Disable core autoupdates
This option disables automatic WordPress updates (useful for managed and/or custom coded sites). Note that checking this option might leave your site vulnerable, as security updates should be applied automatically.
Disable plugin autoupdates
This option disables automatic plugin updates (useful for managed and/or custom coded sites).
Disable WordPress embeds
This option removes embed query vars, disables oEmbed discovery, completely removes the related scripts and disallows WordPress posts to be embedded on remote sites.
Delete expired transients
This option regularly deletes expired transients (temporary data) from the database and improves performance on large sites.
Read the official WordPress guidelines for hardening and securing your site.
Protect WordPress against malicious URL requests and bad HTTP(S) queries
This option blocks suspicious requests to your site (no referrer, no user agent or no physical browser).
This option disables remote access to your WordPress site (may cause issues with some plugins). Please reconsider the use of plugins which request XML-RPC access.
Advanced security (SSL only)
Enable HTTP Strict Transport Security (HSTS)
By adding the Strict Transport Security header to your site, you secure every visit from your visitors except for the initial visit. That still leaves your site vulnerable to MITM (man-in-the-middle) attacks for that initial visit, so there is a technique called “preloading” that will add your site to a pre-populated domain list. Once your site is on that list, the major browsers that support HSTS preloading will be notified that your site requires SSL, and every visit, even the very first one from a visitor, will automatically be forced through SSL.
Cache & Compression Settings
Browser caching and asset compression
Optimise HTTP(S) headers
This option activates cache control, ETag and 304 headers. It helps with browser caching and/or when there is no caching plugin available.
On an article-heavy site, using Gravatars can hurt performance a bit, as WordPress needs to connect to gravatar.org for every avatar to fetch it. This caching module saves a copy of the image on the server, and loads it 10 times faster next time, without the need for an external request. The cache expires in 14 days by default and is removed from the server in 90 days. Values can be changed to accommodate your needs.
Minify/compress HTML source code
This option removes all linefeeds and extra space characters from the HTML source code.
This option displays PHP errors and warnings both on front-end and back-end for debugging purposes. Do not activate on live/production sites.
Disable HTML in WordPress comments
This option disables HTML code in WordPress comments. HTML is sometimes used for bold/italic text or links.
Remove Dashicons from front-end for non-administrators
This option removes the Dashicon font from front-end for non-administrators, if the theme doesn’t require Dashicons.
Remove comment reply script (if using a third-party comments plugin)
This option removes the reply script, usually enqueued in <head>, if the theme uses no comment replying or a third-party comments plugin (Disqus, Jetpack, etc).
Remove X widget (
These options remove the respective widgets, making the Appearance -> Widgets section faster.