WP Optimal State PRO - User Manual v1.1.6

📘 User Manual - PRO Version 1.1.6

ℹ️ NOTICE: This manual applies to both the PRO and FREE versions. However, some features described in the manual are not available in the free version.

⚠️ WARNING: If your server is running Nginx, you need to add basic security rules to your configuration - Section 7.3.1.

📑 Table of Contents

🚀 1. Introduction

🧠 1.1. The Philosophy of WP Optimal State PRO

WP Optimal State PRO is an advanced, all-in-one WordPress optimization and management suite. It was built on the philosophy that site management should be comprehensive, secure, and powerful. It provides a complete set of tools to clean, optimize, back up, and secure your WordPress database, combined with a robust performance module to make your site exceptionally fast.

This plugin is not just a simple "cleaner." It's a complete toolkit for database management and site performance, giving you both "one-click" simplicity and the granular, advanced control that professionals demand.

👥 1.2. Who is This Manual For?

This manual is for every user of WP Optimal State PRO.

👶 For Beginners: We will guide you through the safest, most effective features, like the One-Click Optimization and the automatic scheduler, allowing you to get 90% of the benefit with zero risk.
👨‍💻 For Advanced Users: We will explore the "why" behind each tool, helping you fine-tune your database, analyze its structure, and configure the performance cache for maximum speed.
👨‍💼 For Developers: We will explain the underlying architecture, the security measures in place, and the specific SQL commands and file modifications the plugin performs.

⚠️ 1.3. A CRITICAL First Warning: ALWAYS BACK UP

🚨 WARNING: THIS IS A POWERFUL TOOL
WP Optimal State PRO interacts directly and deeply with your website's database. Operations like cleanup, optimization, and restoration are powerful and, in most cases, irreversible.

While this plugin includes its own robust, best-in-class backup system, we cannot overstate the importance of caution.

💾 Before performing ANY cleanup or restore operation, you MUST create a fresh backup.

The plugin's built-in "Safety Backup" feature during restores provides a strong safety net, but a separate, downloadable backup is your ultimate insurance policy. Use this plugin responsibly. The author and this manual are not responsible for any data loss.

🛠️ 2. Getting Started

💻 2.1. System Requirements

To ensure full compatibility and smooth operation, your server should meet these minimum requirements:

🖥️ WordPress: Version 5.5 or higher.
⚙️ PHP: Version 7.4 or higher.
🗄️ Database: MySQL 5.6+ or MariaDB 10.1+.
🌐 Server: Apache, Nginx, or a compatible server. (Browser Caching feature requires Apache with mod_expires, mod_deflate, and mod_headers).

📁 2.2. A Note on File & Directory Permissions

This plugin requires the ability to write files to your wp-content/uploads/ directory. This is a standard WordPress capability, but if your server has non-standard or overly restrictive permissions, you may encounter errors.

The plugin uses the WP_Filesystem API to safely read and write files. If you see an error like "Cannot initialize WP_Filesystem," it means your server is not configured to allow WordPress to manage its own files. You must contact your hosting provider to resolve this.

🚫 2.3. CRITICAL: Multisite Not Supported

🚨 IMPORTANT
WP Optimal State PRO cannot be activated on a WordPress Multisite (WPMU) installation.

The plugin is designed specifically for single-site WordPress installations. Its database operations (which target tables like wp_options and wp_posts) are not compatible with a multisite network (which uses wp_sitemeta, wp_blogs, and per-site tables like wp_2_options). Running it on a multisite network could cause irreversible data integrity issues. The plugin will automatically block its own activation if it detects a multisite environment.

⚡ 2.4. Installation & Activation

Navigate to your WordPress Admin Dashboard.
Go to Plugins > Add New.
Click Upload Plugin.
Choose the WP_Optimal_State_PRO_vX-X-X.zip file from your computer and click Install Now.
Once installed, click Activate Plugin.
Upon activation, the plugin will immediately check for and create its required directories and default settings files (Section 2.6).
Look for "Optimal State" in you admin menu.

🔄 2.5. Upgrading From FREE Version

The upgrade process is straightforward. Simply uninstall the free version, then install the PRO version.

📝 PLEASE NOTE: The standard upgrade procedure based on the following 8 steps involves uninstalling the free version and then installing the pro version. This will cause custom settings and database backups to be lost. Follow steps 1 and 2 closely to save a copy of these data.

🟢 KEEP YOUR DATA: To upgrade without losing any data, you need to either use an FTP client or a file explorer included in your hosting panel (e.g. cPanel or hPanel). In this case, you simply have to unzip the .zip file containing the pro version and upload the optistate folder to /wp-content/plugins/, replacing the existing folder. By replacing the files instead of deactivating and deleting the free version, all data will be preserved.

Follow these steps:

📤 Export your settings to your device (Section 9. Settings Export & Import).
💾 Generate and download a database backup.
From your dashboard, go to Plugins > Installed Plugins.
Find WP Optimal State Free and click Deactivate.
After deactivating it, click Delete (backups and settings will be deleted as well).
Now, install the PRO version: Plugins > Add New > Upload Plugin.

Choose the WP_Optimal_State_PRO_vX-X-X.zip file from your computer and click Install Now.
Once installed, click Activate Plugin.

Import your settings from your device (Section 9. Settings Export & Import).
Upgrade complete. Enjoy WP Optimal State Pro!

📊 2.6. Filesystem Footprint (What the Plugin Creates)

On activation, the plugin creates the following directories and files to store its data. All data is kept securely within your wp-content/uploads/ folder.

.../uploads/optistate-settings/
- settings.json: Stores all your saved settings (schedule, backup limits, performance toggles).
- optimization-log.json: A log of all major operations (backups, restores, cleanups).
- .htaccess: A security file that blocks all direct web access to this directory.
.../uploads/optistate/db-backups/
- Stores your .sql backups and their .checksum and .meta verification files.
- .htaccess: A security file that blocks web access.
.../uploads/optistate/db-restore-temp/
- A temporary, secure location for .sql files you upload for restoration. Files are scanned and deleted after use.
- .htaccess: A security file that blocks all access.
.../uploads/optistate/page-cache/
- Stores the static .html files for the Server-Side Page Caching feature.
- .htaccess: A security file that blocks web access to anything except .html files.

⚠️ WARNING - NGINX SERVERS
If your server is running Nginx, your site's sensitive directories are currently unprotected. The .htaccess files this plugin relies on are ignored, leaving your files and settings exposed.

To secure your server, you must manually add the security rules to your Nginx configuration. Read Section 7.3.1 for immediate instructions.

🔔 2.7. Keep the Plugin Updated

Your update process depends on whether you are using the FREE or PRO version. Please read the correct section for your plugin.

✔ UPDATING THE FREE VERSION

If you installed the free version of WP Optimal State from the official WordPress plugin repository, you can update it directly from your WordPress dashboard.

Go to Plugins → Installed Plugins.
Find "Optimal State" and click the "update now" link.

✅ All your database backups and settings will be preserved automatically.

⭐ UPDATING THE PRO VERSION

Updating the PRO version (which you received as a .zip file) takes just a couple of minutes. You have two equally valid options.

💡 Option 1: Via the Dashboard

In the plugin interface, go to section 1 and download your database backups (they will download as compressed .sql.gz files).
Then, go to section 9 (Settings Export & Import) and click Export Settings to download your .json settings file.
Go to Plugins > Add Plugin, then click Upload Plugin. Choose the .zip file containing the latest plugin release and click Install Now.
At this point, you will now be asked to either replace the current version with the uploaded one, or cancel and go back. Click Replace current with uploaded.
The update is complete! Visit the plugin admin panel to confirm that your backups and settings are intact.

👨‍💻 Option 2: Via FTP Client

Unzip the new plugin .zip file on your computer to get a folder named optistate.
Open your FTP client or hosting file explorer and navigate to wp-content/plugins/.
Upload the optistate folder from your computer, choosing to replace or overwrite all existing files in the /wp-content/plugins/optistate/ directory.
Once complete, go to Plugins > Installed Plugins, find WP Optimal State and verify that the new version number is displayed.
The update is complete! Visit the plugin admin panel to confirm that your backups and settings are intact.

📥 How to Get PRO Updates

You will receive an email notification when a new version is released.
Download the update from your account on the purchase site (Payhip.com).
If you did not register at the time of purchase or no longer have access to your account, contact 🆘 Technical Support with your license key and website URL. We will send the update package to you via email.

🎯 3. Dashboard Philosophy: The 3-Step Workflow

The plugin dashboard is organized to guide you through a logical and safe workflow.

🛡️ Step 1: The Safety Net (Backup)

Section: 1. Create a Database Backup

Before you diagnose or fix anything, you must have an exit strategy. This section is your safety net. You can create a new, verifiable backup in seconds.

🔍 Step 2: The Diagnosis (Analyze)

Sections: 3. Database Health Score, 4. Database Statistics, 6. Database Structure Analysis

You can't fix what you don't understand. These sections are your diagnostic tools.

❤️ Health Score: Gives you a high-level "grade" of your site's condition.
📊 Statistics: Shows you the raw numbers—how many post revisions you have, how much database overhead, etc.
🔍 Structure Analysis: Gives you a "map" of your database, showing you what's core, what's from plugins, and how big each table is.

✨ Step 3: The Solution (Optimize)

Sections: 2. One-Click Optimization, 5. Detailed Cleanup, 6. Advanced Optimization, 7. Automation, 8. Performance

Once you have a backup and have diagnosed the problems, you can apply the solution.

🚀 For a Quick Fix: Use Section 2 (One-Click Optimization).
🔪 For Granular Control: Use Section 5 (Detailed Cleanup).
⚡ For Deep Issues: Use Section 6 (Advanced Optimization).
⏰ For Future-Proofing: Use Section 7 (Automation).
💨 For Site Speed: Use Section 8 (Performance Manager).

💾 4. The Database Backup & Restore Manager (Section 1)

This is the plugin's most critical feature. It allows you to create, manage, download, and restore your database with a focus on security and integrity.

📥 4.1. Creating a Database Backup

📊 Maximum Backups to Keep: This setting (a number from 1 to 10) controls how many backups are stored on your server. When you create a new backup that exceeds this limit, the oldest backup will be automatically deleted.
- 💡 Recommendation: Set this to 3. This provides a good balance between having recent restore points and saving server disk space.
🔄 Create Backup Now Button: Clicking this button will:
- Instantly begin backing up your entire WordPress database.
- Package it into a .sql file.
- Generate a .checksum file (a unique SHA-256 "fingerprint") to verify the file is not corrupted.
- Generate a .meta file containing information about the backup (date, WP version, etc.).
- Store all three files in your wp-content/uploads/optistate/db-backups/ directory.
- Refresh the "Manage Existing Backups" list.

🔧 4.2. Under the Hood: The Backup & Verification Process

The backup mechanism is designed to be server-timeout proof using an asynchronous, chunked process. The plugin will execute a series of timed AJAX requests. Each request runs for a maximum of ~25 seconds, writes a chunk of data, saves its current file position in a transient, and then requests the next chunk from the browser. This ensures that the process reliably backs up databases of any size without violating server execution limits.

🔓 Lock File: When you start a backup, a temporary lock file is created to prevent concurrent operations. The .sql file is opened for writing.
🏗️ Structure Dump: The plugin gets the SHOW CREATE TABLE command for every table in your database and writes it to the file. This ensures the table structure is perfectly preserved.
📦 Data Dump (Chunked): It then selects data from each table in batches (SELECT * FROM ... LIMIT ... OFFSET ...) and writes it as a series of INSERT INTO ... commands to the .sql file. Crucially, this process is chunked and saves its state between requests.
✅ Verification: Once the last chunk is complete, the plugin generates a secure SHA-256 checksum (fingerprint) of the final file. It stores this in a dedicated .checksum file next to the backup. The backup is 100% valid and safe to restore.

📋 4.3. Managing Existing Backups (The Action Buttons)

This table lists all available backups.

✅ File Integrity: This is the most important column.
- ✅ File integrity: The plugin has just performed an on-the-fly checksum of the .sql file and confirmed that it exactly matches the "fingerprint" saved in the .checksum file. The backup is 100% valid and safe to restore.
- ⚠️ File integrity: The live checksum does not match the saved fingerprint. This means the .sql file has been modified, truncated, or corrupted since it was created. 🚫 DO NOT RESTORE THIS FILE. Delete it immediately and create a new backup.
📥 Download: This securely prepares and downloads a compressed .sql.gz version of the file to your computer.
- 🔒 Security: Before preparation, the plugin re-verifies the original file's SHA-256 checksum. If the check fails, the download is aborted, protecting you from downloading a corrupted file.
- ⚡ Efficiency: The file is compressed on-the-fly to ensure the smallest possible download size, saving you time and bandwidth. If Gzip is not available on your server, it will fall back to serving the uncompressed .sql file.
🗑️ Delete: This permanently deletes the .sql file and its associated .checksum and .meta files from your server. A confirmation modal will appear.
🔄 Restore: This is the most powerful action. It will completely replace your current database with the data from this backup file. Please read the next section carefully.

🛡️ 4.4. The Chunked, 4-Phase Safety Restore (In-Depth)

Restoring a database backup is the most critical operation the plugin performs. To ensure zero-risk data integrity against server timeouts, crashes, or corrupted files, the restore is broken down into four transactional, asynchronous phases.

🔐 Phase 1: Preemptive Safety Backup & Validation

✅ Validation: The plugin verifies the selected backup file's SHA-256 checksum against its saved fingerprint. If the file is corrupted or tampered with, the process is aborted.
💾 Safety Backup (Chunked): A complete, real-time SAFETY-RESTORE-*.sql is created in a reliable, chunked manner. This is your guaranteed rollback point.
🚧 Maintenance Mode: The site is put into a brief, non-WordPress maintenance mode to prevent data inconsistencies while the database tables are being swapped.

⚙️ Phase 2: Isolated & Chunked Staging

📊 Temporary Tables: The restore process begins by creating temporary tables (e.g., optistate_temp_wp_posts) instead of directly overwriting your live tables.
📦 Chunked Import: The backup file is imported asynchronously. The script runs for ~25 seconds, imports a chunk of SQL data into the temporary tables, saves the file position, and initiates the next request. This process runs until the entire backup is staged.

🔍 Phase 3: Critical Data Verification

✨ Sanity Check: The plugin performs a fast check on the temporary tables to ensure key WordPress tables exist. It recognizes custom table prefixes by verifying that the table names end with the standard WordPress core suffixes (e.g., _options, _posts, _users), ensuring compatibility with any WordPress installation.

⚡ Phase 4: Atomic Swap & Rollback Guarantee

🔄 Atomic Transaction: The swap is executed as a single, all-or-nothing database transaction. The live tables are instantly renamed to `_old` and the temporary tables are renamed to the live prefix.
🛟 Safety Rollback: If the atomic transaction fails (or if a fatal PHP error occurs), the database engine automatically rolls back all renames. Furthermore, the script is guaranteed to trigger an asynchronous rollback to the `SAFETY-RESTORE` backup created in Phase 1, ensuring zero data loss.

Upon successful completion, the old tables are cleaned up, the safety backup is deleted, and maintenance mode is deactivated.

This "Safety Restore" mechanism is your ultimate protection against a failed restore process, which could otherwise leave your site in a broken, half-restored state.

📤 4.5. How to Restore Database from an Uploaded File

This feature is designed to upload a .sql or .sql.gz file. You can upload a compressed backup downloaded from this plugin or an uncompressed file from phpMyAdmin.

🚨 WARNING
Only upload .sql or .sql.gz files generated by WP Optimal State or phpMyAdmin. Uploading a random file or a backup from another plugin may damage your database structure. 🧩 phpMyAdmin Compatibility: To ensure 100% compatibility with WP Optimal State, uncheck the Enclose export in a transaction option before performing exports.

🔄 Process:

📁 Choose SQL File: Click the button to select a .sql or .sql.gz file from your computer.
🔍 Validation & Upload: The file will be uploaded, and a progress bar will be displayed. During this process, a multi-step security validation occurs (see 4.6).
🔄 Restore from File: Once the upload is complete and validated, the "Restore from File" button will appear.
✅ Confirmation: Clicking this button will trigger the same confirmation modal and the exact same 4-Phase Safety Restore process described in section 4.4.
⏳ Execution: The time required to complete the restore will vary significantly depending on both the size of the database and the available server resources (from a few seconds to 30-60 minutes).

🔒 4.6. Security-First: The Upload Validation Process

When you upload a .sql or .sql.gz file, it undergoes a rigorous security scan before it is ever used.

📄 File Type Check: Verifies the file extension is .sql or .sql.gz. It also verifies the MIME type (e.g., text/plain, application/sql, application/gzip) to prevent file type spoofing.
📏 File Size Check: Enforces a 3GB maximum file size.
🛡️ Malicious Content Scan: If the file is compressed (.sql.gz), it is first securely decompressed. The plugin then reads the content of the .sql file, scanning for:
- PHP tags (<?php, <?=)
- Suspicious functions (eval(, system(, exec(, base64_decode)
🗄️ Database Name Check: The plugin (during the restore phase) reads the header of the SQL file and looks for the -- Database: dbname comment. If the database name in the file does not match your current WordPress database name, the restore is aborted. This is a critical check that prevents you from accidentally restoring a backup from a different website.

If any of these checks fail, the file is deleted, and the restore is aborted.

🛑 FALSE POSITIVES (security risks detected)
In some cases, the security scan may detect issues that do not pose a real threat.
If you are sure that your backup is secure, select Disable Restore Security Checks just below the database upload function in section 1.1.

🧹 5. The Database Optimization Suite (Sections 2-6)

This is the core optimization suite. These sections work together to help you diagnose and clean your database.

❤️ 5.1. Database Health Score (The "Why")

This is your central diagnostic hub. It gives you a "grade" from 0-100 based on the current state of your database.

📊 Overall Score: A weighted average of the three categories below (Performance * 40%, Cleanliness * 35%, Efficiency * 25%).
- 🎉 90-100 (Excellent): Your database is in optimal condition.
- 👍 75-89 (Good): A few minor areas for cleanup.
- 😐 60-74 (Fair): You have some clutter that should be addressed.
- 👎 40-59 (Poor): Your database is likely bloated and needs optimization.
- 🚨 0-39 (Critical): Your database health is poor and may be impacting site performance.
📈 Category Scores:
- ⚡ Performance: Graded on factors like database overhead, the size of your autoloaded data, and total database size.
- 🧹 Cleanliness: Graded on the amount of "junk" data, such as old post revisions, auto-drafts, spam comments, and orphaned data.
- 🎯 Efficiency: Graded on technical factors like your database's index-to-data ratio and total table count.
💡 Details & Recommendations: This is the most important part. It provides actionable advice based on your score.

📈 5.2. Database Statistics (The "What" - A Detailed Glossary)

This is the raw data used to calculate your Health Score. It shows you exactly what was found in your database.

📝 Post Revisions: Old, saved versions of your posts and pages.
📄 Auto Drafts: Unsaved drafts automatically created by WordPress.
🗑️ Trashed Posts: Posts and pages in your trash bin.
🚮 Spam Comments: Comments marked as spam.
🗑️ Trashed Comments: Comments in your trash bin.
🧩 Orphaned Post Meta: Data from plugins/themes that was left behind after a post was deleted. This is "junk" data with no post to attach to.
🧩 Orphaned Comment Meta: Data left behind after a comment was deleted.
🧩 Orphaned Term Relationships: Data linking non-existent posts to categories or tags.
⏰ Expired Transients: Temporary cached data (like a weather widget's data) that has passed its expiration date and can be deleted.
💾 All Transients: All temporary cached data, including expired and active.
📋 Duplicate Post Meta: Redundant, identical metadata entries for posts.
📋 Duplicate Comment Meta: Redundant, identical metadata entries for comments.
🧩 Orphaned User Meta: Data left behind from deleted users.
⏳ Unapproved Comments: Comments awaiting moderation.
🔗 Pingbacks: "Pingback" notifications in your comments.
🔗 Trackbacks: "Trackback" notifications in your comments.
💾 Database Overhead: "Empty" space in your tables, similar to file fragmentation. This space can be reclaimed.
📚 Total Indexes Size: The size of the database "phone book" used for fast lookups.
📊 Number of Tables: The total count of tables in your database.
⚡ Autoloaded Options: The number of settings set to load on every single page.
💽 Autoload Data Size: The total size of all autoloaded settings. This is a critical performance metric. A high number (e.g., > 1MB) can significantly slow down your site.

🚀 5.3. One-Click Optimization (The "Easy Button")

This is the simplest and safest way to clean your database. Clicking the "🚀 Optimize Now" button will:

Ask for confirmation.
Run all safe cleanup tasks (it will not touch your trash bins or unapproved comments).
Perform "Optimize All Tables" (see section 5.5).
Show you a summary of what was cleaned.
Refresh your Health Score.

This is the recommended action for most users after creating a backup.

🔪 5.4. Detailed Database Cleanup (The "Scalpel")

This section provides a button for every single item listed in the Database Statistics. It allows you to clean items one by one.

⚠️ IMPORTANT: Safe vs. Unsafe (Review First)
Most items are "safe" to clean. However, some items are marked with a ⚠️ Warning Icon. These are "unsafe" because they involve deleting data you might want to review first.

✅ Safe to Clean: * Post Revisions, Auto Drafts, Trashed Comments, Orphaned Meta (all types), Expired Transients, Duplicate Meta, Pingbacks, Trackbacks.

⚠️ Unsafe (Review First): *🗑️ Trashed Posts: This will permanently empty your posts trash bin. *💬 Spam Comments: This will permanently delete comments marked as spam. *⏳ Unapproved Comments: This will permanently delete all comments awaiting moderation. *💾 All Transients: This will clear all cached data, including non-expired. While generally safe, it can temporarily break parts of your site that rely on active cache.

⚡ 5.5. Advanced Database Optimization (The "Power Tools")

These are powerful tools for database maintenance. 💾 Always create a backup before using them.

⚡ Optimize All Tables: This runs the OPTIMIZE TABLE SQL command. It's like defragmenting your hard drive. It re-organizes tables and reclaims "Database Overhead" (empty space). This is safe to run and is included in the One-Click Optimization.
🛠️ Analyze & Repair Tables: This is a diagnostic and repair tool. It runs CHECK TABLE to find errors or corruption. If it finds any, it automatically runs REPAIR TABLE to fix them. If your site is experiencing strange database errors, run this.
⚙️ Optimize Autoloaded Options: This is a highly advanced performance tool.
- ❓ What is Autoloaded Data? In your wp_options table, some settings (autoload='yes') are loaded on every single page load. If plugins store large amounts of data here (e.g., 1MB+), it can severely slow down your site.
- 🔧 What This Tool Does: This tool scans for large autoloaded options. It uses a "skip list" to ignore essential WordPress core options (like active_plugins, siteurl) and options from major plugins (WooCommerce, Elementor, Yoast, etc.). For other large options it finds, it changes them from autoload='yes' to autoload='no'.
- 🎯 The Result: The data is still safely in your database, but it's only loaded by its plugin when it's actually needed, not on every single page of your site. This can provide a major performance boost.

🔍 5.6. Database Structure Analysis

At the bottom of Section 6, this tool provides a complete, read-only map of your database.

📊 Database Summary: Shows total tables, core vs. plugin tables, and total size.
🏗️ WordPress Core Tables: Lists all standard WP tables (e.g., wp_posts, wp_users) with descriptions of what they do.
🧩 Plugin & Theme Tables: Lists all other tables created by your plugins and theme. This is extremely useful for identifying "orphaned tables" left behind by old, uninstalled plugins that are now just taking up space.

⏰ 6. Automatic Backup & Cleanup (Section 7)

This section provides a "set it and forget it" scheduler for all the tools you just learned about.

⚙️ 6.1. Configuring the Scheduler

🔄 Run Tasks Automatically Every X DAYS: Set the frequency.
- 0 = ❌ Disabled
- 1 = 📅 Daily
- 7 = 📅 Weekly
- 30 = 📅 Monthly
⏰ Run at (Time): Select the time of day for the tasks to run.
- 💡 Recommendation: Choose a low-traffic time for your site (e.g., 3:00 AM).
💾 Backup Only: Check this box to perform only the database backup at the scheduled time. The automatic cleanup tasks will be skipped.
- 💡 Recommendation: This is useful if you want daily backups but prefer to run cleanup operations manually.
📧 Email Notifications: Check this box to have a summary report sent to your site's admin email address.

🔄 6.2. What the Scheduler Does (when it runs):

The scheduler will run in one of two modes, depending on your settings: *backup & cleanup* or *backup only*:

First, it 💾 creates a new database backup.
Then, it 🚀 runs the One-Click Optimization (all safe cleanups + table optimization).
Finally, it 📊 enforces the backup limit, deleting the oldest backup if necessary.
If enabled, it sends a success or failure email.

📧 6.3. Understanding Email Notifications (Success & Failure)

This is a key "pro" feature.

✅ Success Email: If tasks are completed, you get a simple report summarizing what was backed up and what was cleaned.
❌ Failure Email: If the backup or the cleanup fails, the plugin will send you a Failure Notification. This email is critical, as it will include:
- What stage failed (e.g., "Backup Creation Failed").
- A list of possible causes (e.g., "Insufficient disk space," "File permission problems," "PHP memory limit reached").
- Recommended actions to resolve the issue.

⏱️ 6.4. A Note on WP-Cron

This scheduler uses the built-in WordPress Cron system (wp_schedule_single_event). This is not a "true" cron job, which means it relies on someone visiting your website to trigger the schedule.

If you set a schedule for 3:00 AM, the tasks will run on the first site visit that occurs at or after 3:00 AM. For most sites, this is perfectly reliable.

⚡ 7. Performance Features Manager (Section 8)

This is a complete, standalone performance suite.

🚫 7.1. CRITICAL: Do NOT Use With Other Caching Plugins

🚨 WARNING
The Server-Side Page Caching and Browser Caching features in this section will conflict with other caching plugins like WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, etc.

🤔 You must choose ONE.

If you are already using another caching plugin, 🚫 DO NOT enable "Server-Side Page Caching" or "Browser Caching" in WP Optimal State PRO. You can, however, still use all the "WordPress Core Optimizations" (Section 7.4).

💨 7.2. Feature: Server-Side Page Caching (Deep Dive)

This is the single most effective way to speed up your site.

🎯 The Concept (Dynamic vs. Static):
- A "Dynamic" page (default WordPress) is built from scratch for every visitor. WordPress runs PHP, queries the database, assembles the header, content, and footer, and then sends the final HTML. This is slow.
- A "Static" page (with caching) is pre-built. The plugin "visits" a page, saves the final HTML, and stores it in wp-content/uploads/optistate/page-cache/. The next visitor gets this file instantly, bypassing PHP and the database.
🧠 The "Smart Cache" Engine:
- 🎯 Smart Exclusions: The plugin already knows not to cache critical pages. Logged-in users, wp-admin, cart/checkout pages, search results, and 404 pages are always excluded.
- 🍪 Cookie-Aware: This is a crucial feature. The plugin auto-detects cookies from most major consent/GDPR plugins (CookieYes, Complianz, Borlabs, etc.). It will not serve a cached page to a user who has not yet accepted cookies. This ensures privacy compliance.
- 🔄 "Smart Purge" Logic: You don't need to manually purge the cache every time you make a change. The plugin automatically purges relevant cached files when you:
  - Publish or update a post (purges the post, homepage, blog page, and related archives).
  - Approve or delete a comment (purges the post it belongs to).
  - Update a category, tag, menu, or widget.
⚙️ Configuration Options (In-Detail):
- 📊 Cache Status: Shows stats: Total Cached Pages, Mobile Pages, Total Size, etc.
- 🗑️ Purge All Cache: Deletes all cached HTML files. This is your "reset" button.
- 🔋 Automatic Preload:
  - ❓ What it does: After the cache is purged, this will find your sitemap.xml file and "visit" every URL in it. This "warms up" the cache by generating static HTML for all your pages at once.
  - ⚠️ Warning: This is resource-intensive. On large sites, it may time out. It also must bypass cookie consent banners to work.
- 🕒 Cache Lifetime: How long a cached page is considered "fresh". After this time (e.g., 1 day), a new HTML file will be generated.
- ❓ Query String Handling:
  - 1. Ignore All Query Strings: page?utm=fb serves the cache for page. Fastest, but breaks pagination.
  - 2. Include Safe Query Strings (Recommended): page?utm=fb serves cache for page. page?page=2 serves a new cache for page/2. This is the best balance of speed and functionality.
  - 3. Unique Cache for All (Advanced): page?utm=fb and page?utm=google create two separate cache files. ⚠️ Warning: This can use a very large amount of disk space.
- ⛔️ Exclude Pages from Cache: A textarea to list URLs that should never be cached.
  - 📝 Examples: /my-account/* (excludes the entire "my-account" section), /forum/ (excludes a specific page).
- 📲 Mobile-Specific Cache: Enable this ONLY if your site uses a different theme or different page layouts for mobile users (e.g., an old "mobile theme" plugin). Most modern, responsive themes do not need this.
- 🛡️ Disable Cookie Checks (Maximum Performance): Check this box ONLY if you do not use any cookie consent/GDPR plugin on your site. This will serve cached pages to all visitors immediately.
- ⤷ Add Custom Consent Cookie: If you use a rare or custom cookie banner plugin, you can add its cookie name here (e.g., my_custom_cookie) to make it compatible with the cache.

🌐 7.3. Feature: Browser Caching (.htaccess)

This complements Server Caching. It tells a visitor's browser to save static files (like your logo, CSS, and JS) on their computer.

❓ What it is: When a user visits a second page, their browser doesn't need to re-download your logo; it can pull it from its local storage.
🔧 How it works: This feature modifies your website's root .htaccess file (this feature only works on Apache servers).
📝 The .htaccess Writable Check: The plugin will check if it can write to this file. If this section shows a warning, you must fix your server's file permissions (usually 644) for .htaccess.
➕ What it Adds:
1. mod_expires: Tells browsers how long to cache file types (e.g., "cache images for 1 year," "cache CSS for 1 month").
2. mod_deflate / mod_brotli: Enables Gzip and Brotli compression, making your files smaller.
3. mod_headers: Adds security headers (like X-Content-Type-Options, X-Frame-Options) to improve your site's security score.

The following code block will be automatically added to the .htaccess file when this feature is activated:

👉 CLICK TO EXPAND (.htaccess code)

# ============================================================
# BEGIN WP Optimal State Caching
# ============================================================
# 1. EXPIRATION HEADERS
<IfModule mod_expires.c>

ExpiresActive On

# Default: 30 days

ExpiresDefault "access plus 30 days"

# Static Assets: 1 year

ExpiresByType image/jpg "access plus 1 year"

ExpiresByType image/jpeg "access plus 1 year"

ExpiresByType image/png "access plus 1 year"

ExpiresByType image/gif "access plus 1 year"

ExpiresByType image/webp "access plus 1 year"

ExpiresByType image/svg+xml "access plus 1 year"

ExpiresByType image/x-icon "access plus 1 year"

ExpiresByType font/woff "access plus 1 year"

ExpiresByType font/woff2 "access plus 1 year"

ExpiresByType application/font-woff "access plus 1 year"

# CSS & JavaScript: 1 month

ExpiresByType text/css "access plus 1 month"

ExpiresByType application/javascript "access plus 1 month"

ExpiresByType application/x-javascript "access plus 1 month"

# HTML: Respect server-side caching headers

ExpiresByType text/html "access plus 24 hours"

</IfModule>

# 2. CACHE-CONTROL & SECURITY HEADERS
<IfModule mod_headers.c>

# Security Headers

Header always set X-Content-Type-Options "nosniff"

Header always set X-Frame-Options "SAMEORIGIN"

Header always set Referrer-Policy "strict-origin-when-cross-origin"

Header always set X-XSS-Protection "1; mode=block"

# Long cache for static assets

<FilesMatch "\.(css|js|ico|pdf|jpg|jpeg|png|gif|webp|svg|woff|woff2|eot|ttf|mp4|webm|mp3|ogg|wav|aac|m4a|flac)$">

Header set Cache-Control "max-age=31536000, public, immutable"

</FilesMatch>

# Dynamic content

<FilesMatch "\.(php|html|htm)$">

Header set Cache-Control "public, max-age=86400" env=!PHP_CACHE_HEADERS

</FilesMatch>

# Protect sensitive WP files

<FilesMatch "(wp-config\.php|readme\.html|license\.txt|wp-login\.php|wp-admin/|xmlrpc\.php)">

Header set Cache-Control "no-cache, no-store, must-revalidate"

Header set Pragma "no-cache"

Header set Expires "0"

</FilesMatch>

# Ensure proper encoding handling

<FilesMatch "\.(js|css|html|htm|xml|json)$">

Header append Vary Accept-Encoding

</FilesMatch>

# Remove ETag

Header unset ETag

FileETag None

</IfModule>

# 3. COMPRESSION
# Brotli Compression

<IfModule mod_brotli.c>

AddOutputFilterByType BROTLI_COMPRESS text/html text/plain text/css application/javascript application/json image/svg+xml application/xml

</IfModule>

# GZIP Compression

<IfModule mod_deflate.c>

AddOutputFilterByType DEFLATE text/plain

AddOutputFilterByType DEFLATE text/html

AddOutputFilterByType DEFLATE text/css

AddOutputFilterByType DEFLATE text/javascript

AddOutputFilterByType DEFLATE application/javascript

AddOutputFilterByType DEFLATE application/x-javascript

AddOutputFilterByType DEFLATE application/xml

AddOutputFilterByType DEFLATE application/xhtml+xml

AddOutputFilterByType DEFLATE application/rss+xml

AddOutputFilterByType DEFLATE application/json

AddOutputFilterByType DEFLATE font/woff

AddOutputFilterByType DEFLATE font/woff2

AddOutputFilterByType DEFLATE image/svg+xml

# Skip already compressed files

SetEnvIfNoCase Request_URI \.(?:gz|zip|bz2|rar|7z|mp4|webm|avi)$ no-gzip dont-vary

# Browser workarounds

BrowserMatch ^Mozilla/4 gzip-only-text/html

BrowserMatch ^Mozilla/4\.0[678] no-gzip

BrowserMatch \bMSIE !no-gzip !gzip-only-text/html

</IfModule>

# 4. OPTIONAL PERFORMANCE TUNING
# Disable directory listing

Options -Indexes

# Leverage Keep-Alive connections

<IfModule mod_headers.c>

Header set Connection keep-alive

</IfModule>
# ============================================================
# END WP Optimal State Caching
# ============================================================

🖥 7.3.1. Nginx Server Configuration (Security + Caching)

ℹ️ IMPORTANT: Nginx Users
If your server runs on Nginx instead of Apache, the Browser Caching (.htaccess) feature cannot be activated automatically because Nginx does not use .htaccess files.

All other plugin features work normally on Nginx servers, including:

✅ Database backup and restore

✅ Database cleanup and optimization

✅ Server-side page caching

✅ WordPress core optimizations

✅ Automatic scheduling

This section provides the configuration you need to manually add to your Nginx configuration file to enable browser caching and secure your plugin directories.

📍 Where to Add This Configuration

You need to add the configuration blocks below to your Nginx configuration file. This file is typically located at:

/etc/nginx/sites-available/your-domain.com (Debian/Ubuntu)
/etc/nginx/conf.d/your-domain.conf (CentOS/RHEL)
Or inside your main nginx.conf file

⚠️ Important: Add these blocks inside your server { ... } block for your WordPress site.

🔐 Step 1: Secure Plugin Directories (Important)

Add this configuration to block direct access to sensitive plugin directories, such as database backups and your custom settings:

👉 CLICK TO EXPAND: Directory Security Configuration

# ============================================================
# WP Optimal State - Directory Security (Nginx)
# ============================================================

# Block access to plugin settings directory
location ~* /wp-content/uploads/optistate-settings/ {
    deny all;
    return 403;
}

# Block access to database backup directory
location ~* /wp-content/uploads/optistate/db-backups/ {
    deny all;
    return 403;
}

# Block access to temp restore directory
location ~* /wp-content/uploads/optistate/db-restore-temp/ {
    deny all;
    return 403;
}

# Allow only .html files in cache directory, block everything else
location ~* /wp-content/uploads/optistate/page-cache/ {
    location ~* \.html$ {
        # Allow HTML files to be served
    }
    location ~* {
        deny all;
        return 403;
    }
}

🚀 Step 2: Browser Caching Configuration (Optional)

Add this configuration to enable browser caching for static assets:

👉 CLICK TO EXPAND: Browser Caching Configuration

# ============================================================
# WP Optimal State - Browser Caching (Nginx)
# ============================================================

# Static Assets: 1 year caching
location ~* \.(jpg|jpeg|png|gif|webp|svg|ico|woff|woff2|eot|ttf|mp4|webm|mp3|ogg|wav|aac|m4a|flac|pdf)$ {
    expires 1y;
    add_header Cache-Control "max-age=31536000, public, immutable";
    add_header Vary "Accept-Encoding";
}

# CSS and JavaScript: 1 month caching
location ~* \.(css|js)$ {
    expires 1M;
    add_header Cache-Control "max-age=2592000, public, immutable";
    add_header Vary "Accept-Encoding";
}

# HTML: 24 hours (for static .html files)
location ~* \.(html|htm)$ {
    expires 24h;
    add_header Cache-Control "public, max-age=86400";
    add_header Vary "Accept-Encoding";
}

# Protect sensitive WP files - always no cache
location ~* (wp-config\.php|readme\.html|license\.txt|wp-login\.php|wp-admin/|xmlrpc\.php) {
    add_header Cache-Control "no-cache, no-store, must-revalidate" always;
    add_header Pragma "no-cache" always;
    expires 0;
}

# Security headers for all responses
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always; # For legacy browsers
add_header Referrer-Policy "strict-origin-when-cross-origin" always;
add_header X-Content-Type-Options "nosniff" always; # Set globally once

# Remove ETag for consistency across CDNs
etag off;

# Gzip compression
gzip on;
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_types text/plain text/html text/css text/xml text/javascript 
           application/json application/javascript application/xml+rss 
           application/rss+xml application/xml application/x-javascript
           font/woff font/woff2 font/truetype font/opentype 
           application/vnd.ms-fontobject image/svg+xml;
gzip_disable "msie6";

# Brotli compression (if available)
brotli on;
brotli_comp_level 6;
brotli_types text/plain text/html text/css text/xml text/javascript 
             application/json application/javascript application/xml+rss 
             application/rss+xml application/xml application/x-javascript
             font/woff font/woff2 font/truetype font/opentype 
             application/vnd.ms-fontobject image/svg+xml;

📝 Step 3: Apply the Configuration

Access your server via SSH or your hosting control panel's file manager.
Open your Nginx configuration file for editing (the location depends on your server setup).
Add both configuration blocks inside your server { ... } block.
Test your configuration by running:
sudo nginx -t
If the test passes, reload Nginx:
sudo systemctl reload nginx

⚠️ IMPORTANT
If you're not comfortable editing Nginx configuration files, please contact your hosting provider or system administrator for assistance. Incorrect Nginx configuration can cause your site to become inaccessible.

Always backup your configuration file before making changes.

✅ Verification

After applying the configuration, you can verify it's working by:

Browser Caching: Open your browser's Developer Tools (F12), go to the Network tab, and reload your site. Check the response headers for static files - you should see Cache-Control and Expires headers.
Directory Security: Try accessing https://yoursite.com/wp-content/uploads/optistate-settings/ - you should get a 403 Forbidden error.

🏗️ 7.4. Feature: WordPress Core Optimizations (A-Z)

This is a list of toggles and dropdowns to disable or modify non-essential WordPress features that can slow down your site. These are all safe to use even with other caching plugins.

📝 Post Revisions Limit: Controls how many old versions of a post are saved.
- 💡 Recommendation: "Limit to 5 Revisions."
- (Note: If this setting is defined in your wp-config.php file, this control will be disabled.)
🗑️ Automatic Trash Emptying: Sets how long items stay in the trash before being permanently deleted.
- 💡 Recommendation: "WordPress Default (30 days)" or "14 Days."
- (Note: If this setting is defined in your wp-config.php file, this control will be disabled.)
🔌 XML-RPC Interface: Disables a legacy API (xmlrpc.php) that is no longer needed by most sites and is a common target for brute-force attacks.
- 💡 Recommendation: Activate (set to "✔ Active").
💓 Heartbeat API Control: The Heartbeat API creates frequent server requests to handle auto-saving and post-locking. This can cause high server CPU load.
- 💡 Recommendation: "Slow Down (Every 2 minutes)."
😀 Emoji Scripts: Disables the wp-emoji-release.min.js script. All modern browsers render emojis natively.
- 💡 Recommendation: Activate (set to "✔ Active").
🔗 Self Pingbacks: Prevents your site from sending itself a "pingback" notification when you link to one of your own posts.
- 💡 Recommendation: Activate (set to "✔ Active").
🔗 REST API Link Tag: Removes the <link rel="https://api.w.org/" ...> tag from your site's header. (Safe to activate).
🔗 Shortlink Tag: Removes the <link rel='shortlink' ...> tag. (Safe to activate).
🔗 RSD (Really Simple Discovery) Link: Removes the RSD link tag, which is only used by old desktop blogging clients. (Safe to activate).
🔗 Windows Live Writer Manifest: Removes the wlwmanifest.xml link tag, used by a discontinued Microsoft product. (Safe to activate).
🏷️ WordPress Version Meta Tag: Removes the <meta name="generator" ...> tag. This is a minor security improvement, as it hides your WP version from simple scanners. (Safe to activate).

🎯 8. Optimization Strategies: Putting It All Together

Here are a few "recipes" for common scenarios.

🚀 8.1. Strategy 1: The First-Time Setup (5-Minute Tune-Up)

💾 Backup: Go to Section 1 -> Click Create Backup Now.
🔍 Diagnose: Go to Section 3 -> Click Refresh Analysis to see your starting Health Score.
✨ Optimize: Go to Section 2 -> Click 🚀 Optimize Now.
⏰ Automate: Go to Section 7 -> Set "Run Tasks" to 7 days and your preferred time. Check 📧 Email Notifications. Click Save Settings.
🛡️ Harden: Go to Section 8 -> Activate all the "WordPress Core Optimizations" (Emoji Scripts, XML-RPC, etc.). Click Save Performance Settings.
✅ Done. Your database is now clean and will stay clean automatically.

🆘 8.2. Strategy 2: The "My Site is Slow" Emergency Plan

💾 Backup: Go to Section 1 -> Click Create Backup Now.
🔍 Diagnose: Go to Section 4. Look at Autoload Data Size. If this is high (e.g., > 1 MB), this is your problem.
🔧 Fix Autoload: Go to Section 6 -> Click ⚙️ Optimize Autoloaded Options.
🔧 Fix Overhead: Go to Section 6 -> Click ⚡ Optimize All Tables.
💨 Enable Caching: (If you have no other cache plugin) Go to Section 8.
- Enable Server-Side Page Caching. Use the "Include Safe" query mode.
- Enable Browser Caching (.htaccess).
- Click Save Performance Settings.
🗑️ Purge & Preload: Go to Section 8 -> Click 🗑️ Purge All Cache. If you enabled "Automatic Preload," this will start the cache warming process.
✅ Done. Your site should now be significantly faster.

📅 8.3. Strategy 3: The Monthly Maintenance Tune-Up

(Assuming you already have the automatic schedule running).

🔍 Check Backups: Go to Section 1. Make sure your automated backups are being created.
❤️ Review Health: Go to Section 3. Check your Health Score.
🔪 Manual Cleanup: Go to Section 5. Manually clean the "unsafe" items if you wish:
- Click "Clean Now" for 🗑️ Trashed Posts.
- Click "Clean Now" for ⏳ Unapproved Comments (if you've already moderated them).

📥 9. Settings Export & Import (Section 9)

This utility allows you to save all your plugin configurations (from Section 1, 7, 8) to a single .json file. You can use this to create a backup of your settings or to quickly migrate your exact setup to another website.

🚨 IMPORTANT: What is NOT Exported
This feature ONLY exports the plugin's settings, such as your configurations for scheduled tasks and performance features. It does NOT export your database backups, cached pages, or activity logs. Always download your .sql backups separately from Section 1.

📤 9.1. Exporting Settings

Navigate to Section 9: Settings Export & Import in the plugin dashboard and expand it.
Click the "Export Settings" button.
Your browser will download a file named optistate-settings-YYYY-MM-DD-His.json.
Keep this file in a safe place.

📥 9.2. Importing Settings

This will completely overwrite all your current plugin settings. This is useful for restoring your configuration after an update (as described in Section 2.7) or for setting up a new site.

Click the "Choose JSON File" button and select the json file you previously exported.
The plugin validates the file. It must be a valid .json file, under 1MB, and contain the "WP Optimal State" signature.
Once validated, click the "Import Settings" button.
A confirmation pop-up will appear warning you that your current settings will be overwritten. Click "OK" to proceed.
After a successful import, you will be prompted to reload the page to see the new settings take effect.

🔧 10. Troubleshooting & Advanced FAQ

🚧 Q: I'm stuck in maintenance mode!
- A: This is a very rare but possible scenario in which the server crashes during the final stage of the recovery process (Phase 4).
  1. ⏳ Wait a couple of hours. The system is designed to remove maintenance mode automatically approximately every 2 hours.
  2. 🔧 Manually delete the maintenance option. Go to your WordPress database via a tool like phpMyAdmin.
    1. Open the wp_options table.
    2. Find the row where option_name is optistate_maintenance_mode_active.
    3. Delete that single row. Your site will be live again.
🔄 Q: My restore failed, and the rollback also failed! What do I do?
- A: This is a critical but recoverable error. Your site is likely broken and showing a database error.
  1. Find the 💾 Safety Backup file. Use FTP or your host's File Manager to navigate to wp-content/uploads/optistate/db-backups/.
  1. Find the file named SAFETY-RESTORE-....sql that was just created. Download it.
  1. Go to phpMyAdmin (or your database tool).
  1. Select your WordPress database.
  1. Click the "Import" tab.
  1. Choose the SAFETY-RESTORE-....sql file you just downloaded and run the import.
  1. This will manually complete the rollback and fix your site.
🎨 Q: I enabled caching, but my site looks broken (e.g., CSS is missing).
- A: This is a common issue and is almost always caused by a conflict with another plugin's "minification" or "combination" feature (e.g., from an optimization plugin or a page builder).
- ✅ Solution: 1. Purge all caches: Click 🗑️ Purge All Cache in Section 8. 2. Purge your page builder's cache (e.g., Elementor -> Tools -> Regenerate Files). 3. Purge your CDN cache (e.g., Cloudflare). 4. Clear your browser cache.
🌐 Q: I enabled "Browser Caching" and now my site is broken.
- A: This is very rare, but if it happens, you need to manually edit your .htaccess file.
- ✅ Solution: 1. Use FTP or your host's File Manager. 2. Find the .htaccess file in the root of your WordPress site. 3. Open and edit the file. 4. Find the block of text that starts with # BEGIN WP Optimal State Caching and ends with # END WP Optimal State Caching. 5. Delete that entire block of text and save the file. Your site will be back to normal.
⏳ Q: The "Automatic Preload" gets stuck or times out.
- A: This is common on shared hosting or on sites with thousands of pages. Preloading is a "nice to have," not a "must-have." The cache will still build "organically" as visitors hit your pages. You can safely click "Stop" and ignore the preload feature.
❌ Q: The plugin shows a "Critical Error: Cannot initialize WP_Filesystem."
- A: This is a server configuration problem, not a plugin bug. It means your wp-content/uploads/ directory is not writable by WordPress. You must contact your hosting provider and ask them to fix the file/directory permissions for your uploads folder.
☁️ Q: I'm using a CDN (like Cloudflare). Will this work?
- A: Yes! The Caching features work perfectly with CDNs.
  - 💨 Server-Side Caching (Section 7.2): This makes your server (origin) fast.
  - 🌐 Browser Caching (Section 7.3): This tells the CDN (e.g., Cloudflare) how long to cache your static files, in addition to telling the user's browser.
  - They are a perfect combination. Just remember: if you make a change, you may need to purge both the WP Optimal State cache and your CDN cache.
🖥 Q: Does this plugin work on Nginx servers?
- A: Yes, absolutely. All core features—including database backup, restore, cleanup, optimization, and server-side page caching—work perfectly on Nginx servers right out of the box.
- However, for features that rely on the Apache .htaccess file, manual configuration is required:
  - 🚨 Directory Protection: This is essential for security and prevents direct, public access to your database backups and other plugin data. You must configure this manually.
  - 💨 Browser Caching: This is optional and is a performance enhancement that speeds up asset loading for repeat visitors. It does not affect the security of the plugin.
- The manual provides the Nginx configuration needed for security and caching, ready to copy and paste. Please see Section 7.3.1 for the required instructions.

🏗️ 11. Technical Architecture

🔒 11.1. Security-First Principles
- 🔐 Data Integrity: All backups are verified with SHA-256 checksums. Restores are aborted if validation fails.
- 📁 Filesystem Protection: All plugin-created data directories (db-backups, page-cache, etc.) are secured with .htaccess and index.php files to block all direct web access and script execution.
- 📤 Secure Uploads: Uploaded .sql files are aggressively scanned for file type, MIME type, and malicious content (PHP, eval(), system()) before being processed.
- 🛡️ Secure Operations: All AJAX actions are protected by WordPress Nonces (CSRF protection) and User Capability checks (manage_options).
- ⏱️ Rate Limiting: Critical, high-load actions (Restore, Backup) are rate-limited on both the client (JavaScript) and server-side (Transients) to prevent abuse.
🧩 11.2. Key PHP Classes & JavaScript Objects
- OPTISTATE (PHP): The main plugin controller. It handles all hooks, AJAX routing, admin page display, and the Performance Manager logic.
- OPTISTATE_Backup_Manager (PHP): A dedicated class that handles all backup, restore, upload, download, and verification logic.
- RateLimiter (JS): A client-side JavaScript object that uses localStorage to prevent users from clicking buttons like "Restore" multiple times in a row.
- jQuery AJAX Handlers (JS): The admin.js file contains all the fetch/post logic for communicating with the PHP backend to run tasks and get stats.

📝 12. Disclaimer

This plugin provides powerful, low-level access to your WordPress database and server configuration. It is designed to be safe, secure, and effective. However, all servers and WordPress installations are different.

By using WP Optimal State PRO, you agree that you are doing so at your own risk. The author is not responsible for any data loss, site downtime, or other issues that may arise from the use or misuse of this software.

💾 Always create a backup before performing any optimization.

🆘 13. Technical Support

As a lifetime licence holder, you are entitled to priority support.

Before using the support form, please get your license key and be sure to include it in your request along with your website URL.

Also, check the FAQs, as you may find the answer to your question there.