- Don't add scripts directly to the page header. Use
wp_enqueue_scriptandwp_enqueue_styleinstead (See wordpress docs) - Remove Emoji script
- Remove Embeded script
- Load jQuery from CDN (See enqueue.php#59)
- Prevent blocking scripts using
defer(See enqueue.php#27) - Use automation tools (such as gulp.js) to compress and minify scripts and stylesheets (See gulpfile.js, gulpconfig.json and package.json)
- Minify CSS removes whitespace and comments to reduce the file size.
- Combining Google Fonts will reduce the number of HTTP requests.
- Use native post thumbnails for responsive utilities:
add_theme_support( 'post-thumbnails' ); - Use LazyLoad
- Remove wordpress version from html and RSS (See security.php#9)
- Disable XML-RPC (See security.php#26)
- Disable Pingbacks (See security.php#31)