AgilePress

Tag: Bloatware

  • The Plugin Killer: Why ASE (Admin Site Enhancements) is Essential for AgilePress

    We have a rule at AgilePress: If a feature can be coded in 5 lines, don’t install a plugin for it.

    But sometimes, you need 20 tiny features. You need to enable SVG uploads, duplicate posts, change the login logo, and hide the admin bar for subscribers. In the old days, you would install 10 different “micro-plugins” to do this.

    • Duplicate Post (Plugin A)
    • SVG Support (Plugin B)
    • WPS Hide Login (Plugin C)
    • Disable Gutenberg (Plugin D)

    This leads to “Plugin Bloat.” 10 plugins mean 10 update streams, 10 potential security holes, and a cluttered dashboard.

    Enter ASE (Admin Site Enhancements). It is the only “Swiss Army Knife” plugin allowed in the AgilePress stack. It replaces dozens of single-purpose plugins with one lightweight interface.

    The AgilePress Rule: When NOT to Use ASE

    Before we praise this plugin, we must apply our Minimalist Filter.

    ASE is lightweight, but it is still a plugin. Do not install ASE if you only need 1 or 2 of its features.

    • Example: If you only need to enable SVG uploads, do not install ASE. Add a simple PHP snippet to FluentSnippets.
    • Example: If you only need to hide the WordPress version number, use a snippet.

    So, when do we recommend ASE?

    1. For Agencies/Implementers: When you want a standard “Base Config” for all your clients that cleans up the dashboard instantly without maintaining 50 individual code snippets.
    2. For Non-Technical Clients: When the client needs to toggle features (like “Maintenance Mode” or “Disable Comments”) via a GUI checkbox, not code.
    3. For Volume: When you find yourself installing 3 or more “utility plugins.” At that point, ASE becomes more efficient than managing multiple dependencies.

    The “Green Zone”: Modules We Recommend

    If you decide ASE is right for your project, these are the modules that execute perfectly. Activate these to replace other plugins.

    1. Content Management

    • Replaces: Yoast Duplicate Post, SVG Support, Simple Page Ordering.
    • The Function:
      • Duplicate Posts/Pages: Adds a “Duplicate” link in the admin list. Simple, effective.
      • SVG Upload: Sanitizes and allows SVG files in the media library.
      • Content Order: Lets you drag and drop posts/pages to reorder them (great for custom post types).

    2. Admin Interface Cleanup

    • Replaces: Admin Menu Editor, Clean Admin Bar.
    • The Function:
      • Clean Admin Bar: Remove the annoying WordPress logo, comments icon, and “Howdy” text.
      • Hide Admin Notices: Moves all those annoying marketing banners into a separate panel. This is a sanity saver for clients.
      • Admin Columns: Lets you add “Featured Image” or “ID” columns to your post lists.

    3. Login Screen Customization

    • Replaces: LoginPress, Custom Login.
    • The Function:
      • Change the WordPress logo to your client’s logo.
      • Change the background URL.
      • Verdict: You don’t need a heavy plugin like LoginPress just to change a logo. ASE does this natively.

    4. Utilities

    • Replaces: Disable XML-RPC, Change Login URL.
    • The Function:
      • Disable XML-RPC: A crucial security tweak to stop brute force attacks.
      • Redirect 404 to Homepage: A simple way to retain link juice (though we prefer handling this via SEO plugins, this is a good quick fix).

    The “Red Zone”: Modules We Do NOT Recommend

    Just because ASE can do it, doesn’t mean it should. ASE is a “Jack of all trades,” but for critical infrastructure, we prefer specialists.

    1. SMTP (Email Delivery)

    • The Problem: The SMTP module in ASE is too basic. It lacks detailed logging. In our testing, if an email fails, you often won’t know why or if it was even sent. It connects via standard SMTP credentials, which is less secure than API.
    • The AgilePress Solution:FluentSMTP.
      • FluentSMTP is free.
      • It has detailed Email Logs (vital for debugging).
      • It connects via API (Amazon SES, SendGrid, Google).
      • Verdict: Keep ASE’s SMTP OFF. Use FluentSMTP.

    2. Code Snippets

    • The Problem: ASE stores snippets in the database. If you make a syntax error, you can crash your site and get locked out.
    • The AgilePress Solution:FluentSnippets.
      • As discussed in our previous article, file-based snippets are faster and safer (crash protection).
      • Verdict: Keep ASE’s Snippets OFF.

    3. Password Protection / Maintenance Mode

    • The Problem: It works for simple needs, but if you need a “Coming Soon” page that collects emails, or complex access rules, it falls short.
    • The Solution: For simple maintenance, ASE is fine. For anything complex, use a dedicated solution or server-level rules.

    Free vs. Pro: Do You Need to Pay?

    For 95% of AgilePress projects, the Free version is enough. The features listed above (Duplication, SVGs, Login Customization, Admin Cleanup) are all free.

    Consider Pro only if:

    1. Agency White Labeling: You want to completely hide the fact that you are using WordPress or ASE from your clients.
    2. ACF Integration: You want to show complex Custom Fields in your admin columns and allow “Quick Edit” for them.

    Conclusion: The Ultimate Consolidator

    ASE is the first plugin we install after the theme if the project requires multiple tweaks.

    The Strategy:

    • Need 1 tweak? -> Write a Snippet.
    • Need 5 tweaks? -> Install ASE.
    • Need Email? -> Use FluentSMTP.

    Action Item: Install ASE today. Go through the menu and see how many other plugins you can deactivate. Your site will be lighter, and your dashboard cleaner.

  • Stop Using SSL Plugins: Why “Really Simple SSL” is Making Your Site Slow

    In 2026, HTTPS is not a “feature”; it is the baseline. Yet, millions of WordPress sites still rely on plugins like Really Simple SSL (now rebranded as Simple and Performant Security) to handle their encryption.

    This is a mistake. While these plugins are marketed as “one-click solutions,” they are actually performance taxes disguised as convenience. They solve a database problem by using PHP to rewrite your site’s code on every single page load.

    At AgilePress, we believe in fixing the root cause, not patching the symptoms. Here is why you should delete your SSL plugin today and how to configure HTTPS the right way.

    1. The Myth of the “One Click SSL”

    Why do people install these plugins? Because they see the dreaded “Broken Padlock” (Mixed Content Warning) in their browser. Instead of fixing the broken links, they install a plugin that promises to “fix it automatically.”

    But there is a catch. The plugin doesn’t actually fix your content in the database. It acts as a middleman.

    2. The Villain: Output Buffering

    The core problem with SSL plugins is how they achieve their “magic.” They use a technique called Output Buffering.

    • How it works: When a user visits your site, WordPress generates the page. Before sending it to the user’s browser, the plugin interrupts the process. It scans the entire HTML code held in memory, searches for every http:// instance, and replaces it with https:// dynamically.
    • The Cost: This happens on every single page view (unless aggressively cached). You are forcing your server to perform a “Search & Replace” text operation millions of times a day, increasing your Time to First Byte (TTFB).

    Furthermore, these plugins often handle redirects via PHP (wp_redirect). This means a visitor requesting http://example.com has to wait for WordPress to boot up just to be told to go to https://. A server-level redirect (Nginx/Apache) would handle this in milliseconds, before WordPress even wakes up.

    Finally, the “Feature Creep.” Really Simple SSL is no longer just an SSL plugin; it has morphed into a full security suite with firewalls and login protection. If you already have a security plugin, you are now running redundant code.

    3. The AgilePress Solution (The “Hard” Way is the Fast Way)

    We don’t use plugins for SSL. We configure the server. Here is the protocol to migrate away from SSL plugins without breaking your site.

    Step 1: The Certificate (Hosting Level)

    Ensure your hosting provider (SiteGround, Cloudways, Kinsta) has issued a Let’s Encrypt certificate. This is standard in 2026. Do not try to generate certificates via PHP plugins; let the server handle the renewal via certbot or cPanel.

    Step 2: The Database Cleanup (The Real Fix)

    Instead of filtering http:// on the fly, we will permanently change the links in the database.

    1. Backup your database.
    2. Install Better Search Replace (or use WP-CLI if you are a pro).
    3. Search for: http://yourdomain.com
    4. Replace with: https://yourdomain.com
    5. Run: This fixes 99% of mixed content errors permanently. The plugin is no longer needed to “filter” output because the output is already correct.

    Step 3: Server-Level Redirects (301)

    We want to force HTTPS before WordPress loads.

    If you use Apache/OpenLiteSpeed (.htaccess): Add this to the very top of your .htaccess file:

    <IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
</IfModule>

    If you use Nginx: Add this to your server block configuration:

    server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://example.com$request_uri;
}

    Step 4: HSTS (The “Pro” Header)

    Many plugins charge for “Premium” to enable HSTS (HTTP Strict Transport Security). This is literally one line of code that tells browsers: “Never try to load this site over HTTP again, not even to check.”

    Apache (.htaccess):

    <IfModule mod_headers.c>
Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
</IfModule>

    Nginx:

    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;

    Conclusion: Less is More

    By following this protocol, you have achieved three things:

    1. Removed a plugin (and its future update risks).
    2. Eliminated Output Buffering, lowering your CPU usage.
    3. Secured the site at the server level, which is faster and more robust.

    If your hosting provider does not offer a simple “Force HTTPS” button in 2026, the solution is not to install a plugin—it is to change your hosting provider.