Take control of WordPress with smart performance tweaks, security enhancements, and usability improvements.
RefiTune is an all-in-one toolkit that helps optimize, secure, and refine WordPress websites without touching code. Every feature can be enabled or disabled independently through a clean and intuitive admin interface.
WordPress sites often accumulate unnecessary features, legacy functionality, and third-party plugins over time. This can lead to slower loading times, increased maintenance overhead, and a larger attack surface.
RefiTune was built to solve these problems through a single, lightweight toolkit that gives site owners and developers precise control over how WordPress behaves.
Instead of installing separate plugins for:
- XML-RPC disabling
- Login protection
- Maintenance mode
- SMTP configuration
- Admin bar control
- SVG uploads
- Comment disabling
- Redirect management
- Performance tweaks
RefiTune brings everything together in one centralized dashboard.
Every feature is completely optional.
Enable only the modules you need and leave the rest inactive. No unnecessary code runs when a feature is disabled.
Many modules are designed specifically to reduce WordPress overhead by:
- Removing unnecessary frontend and backend assets
- Limiting database growth
- Optimizing background processes
- Reducing external requests
RefiTune includes practical security improvements that can be enabled with a single click, helping protect sites against common attack vectors without requiring advanced server knowledge.
Whether you're managing:
- A personal blog
- A business website
- A WooCommerce store
- A client portfolio
- Multiple WordPress installations
RefiTune helps keep your sites lean, secure, and easier to maintain.
RefiTune follows the WordPress philosophy of flexibility and transparency. Features are organized into independent modules, making it easy to understand exactly what is active on a site.
No hidden optimizations. No mysterious settings. Just clear controls for the features you choose to use.
- Header Cleanup – Remove unnecessary
wp_headoutput. - Feed Management – Control RSS and Atom feeds.
- Disable Emoji – Remove WordPress emoji scripts and styles.
- Disable jQuery Migrate – Eliminate legacy jQuery compatibility layer.
- Post Revisions Limit – Reduce database bloat.
- Auto-save Interval – Customize WordPress autosave frequency.
- Trash Auto-Delete – Automatically remove old trash items.
- Heartbeat API Control – Configure or disable Heartbeat API.
- Disable XML-RPC – Completely disable XML-RPC access.
- Disable Trackback/Pingback – Prevent spam and abuse.
- Disable File Editor – Hide built-in theme and plugin editors.
- Login Error Messages – Use generic login errors.
- Restrict Admin Access – Control access to
wp-admin. - REST API Restrictions – Protect sensitive REST endpoints.
- Login Limit – Limit failed login attempts and reduce brute-force attacks.
- Hide Admin Bar – Hide the toolbar for selected user roles.
- Block Visibility (Mobile) – Show or hide Gutenberg blocks by device type.
- Login Page Customization – Customize logo, colors, and branding.
- Email Notifications – Disable or fine-tune WordPress system emails.
- Email Sending – Configure SMTP or disable email delivery entirely.
- Disable Comments – Disable comments globally with WooCommerce review support.
- External Links in New Window – Automatically open external links in new tabs.
- Enable Page Excerpt – Add excerpt support to pages.
- SVG Upload – Upload SVG files with security filtering.
- AVIF Upload – Enable AVIF image uploads.
- Role Redirects – Redirect users after login or logout based on role.
- Maintenance Mode – Put the site into maintenance mode.
- Display the current year via
[refi-year]or duration via[refi-year from="2006"]shortcodes.
Overview of all available modules and their status.
Configure each feature individually.
Detailed documentation and usage instructions.
| Requirement | Version |
|---|---|
| WordPress | 5.9+ |
| Tested up to | 7.0 |
| PHP | 7.4+ |
- Go to Plugins → Add New.
- Upload the plugin ZIP file.
- Activate the plugin.
- Upload the plugin folder to:
/wp-content/plugins/refitune/
- Activate the plugin from the WordPress admin panel.
- Navigate to:
Tools → RefiTune – Site Refiner Toolkit
- Enable the modules you want to use.
Currently available languages:
- English
- Hungarian (Magyar)
The plugin is translation-ready.
Text Domain
refitune
No. Most modules are designed to improve performance by removing unnecessary WordPress functionality and reducing resource usage.
Only if your theme and plugins are compatible with modern jQuery versions. Test thoroughly before enabling this option on production sites.
Some third-party services, mobile applications, and legacy integrations may stop working.
Yes. Failed attempts are tracked for both usernames and email addresses.
No. Administrators always retain access.
Yes. The plugin returns an HTTP 503 status code while maintenance mode is active.
- Improved redirect validation.
- Enhanced SVG sanitization.
- Strengthened REST API restrictions.
- Improved SMTP credential handling.
- Modular settings sanitization.
- Initial public release.
- WordPress 7.0 compatibility verification.
- PHP 8.5 compatibility verification.
Recommended security update including:
- Redirect hardening
- SVG sanitization improvements
- REST API restrictions
- SMTP credential handling improvements
Initial release.
- Website: :contentReference[oaicite:0]{index=0}
- Plugin Repository: :contentReference[oaicite:1]{index=1}
- Hungarian Documentation: :contentReference[oaicite:2]{index=2}
- Author Website: :contentReference[oaicite:3]{index=3}
Licensed under the GNU General Public License v2.0 or later.
See:
:contentReference[oaicite:4]{index=4}