=== BoltAudit AI: Speed and Performance Optimization for WordPress === Contributors: heymehedi, halalbrains Tags: performance, speed, optimization, page speed, woocommerce Requires at least: 6.0 Tested up to: 6.8 Stable tag: 0.3.0 Requires PHP: 7.4 License: GPL v3 or later License URI: https://www.gnu.org/licenses/gpl-3.0.html AI performance optimization for WordPress. BoltAudit finds why your site is slow and fixes it in one click. WooCommerce ready. == Description == **Speed up your WordPress site with AI.** BoltAudit looks at your site the way a senior performance engineer would, tells you exactly what is slowing it down, and offers one click fixes for the most common problems. Most speed plugins hand you a long checklist and ask you to figure it out. BoltAudit is different. It looks at your real site data, picks the single biggest reason your site is slow, and explains the fix in plain English. No theory, no guessing. = Why your site is slow = Slow WordPress sites usually fall into one of four areas: * **What visitors see and download** (images, fonts, scripts, page weight) * **What WordPress is doing on the server** (plugins, hooks, request time) * **What is in your database** (table size, old data, query load) * **Where your site is hosted** (hosting tier, caching, network) Most performance plugins try to do everything at once and fix nothing. BoltAudit looks at all four areas at the same time and tells you which one is actually hurting you the most. Then it gives you a ranked action plan to fix that area first. = One click fixes that you do not need to be a developer to apply = When you connect your site to BoltAudit, eligible findings come with a one click apply button. You see what is about to change, confirm it, and BoltAudit makes the change for you. Reversible fixes can be undone in one click for the next 30 days. This works with the cache plugin you already have installed. WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, WP Fastest Cache, and Autoptimize are all supported. If you do not have one, BoltAudit will tell you what is worth installing. = How AI Audit is different = * **One verdict, not a checklist.** Every audit picks the single biggest reason your site is slow. The fixes for that area are ranked first. * **Plain English explanations.** Every finding tells you what it is, why it matters, and what to do, in language anyone can act on. * **Evidence behind every finding.** Numbers, plugin names, and concrete measurements. No "consider optimizing your assets" non advice. * **Honest about confidence.** When a security plugin or firewall blocks a measurement, BoltAudit says so and lowers the report confidence instead of guessing. * **Mobile aware.** On Pro plans, BoltAudit translates Core Web Vitals into estimated mobile bounce and conversion impact. = Faster site, better SEO, more conversions = Google ranks faster sites higher. Visitors leave slow sites. A faster WordPress site means: * Better Core Web Vitals scores (LCP, INP, CLS) * Higher Google search ranking * Lower bounce rate * More mobile conversions * Less abandoned WooCommerce carts * Lower hosting costs (servers do less work) = Built for WooCommerce stores = If you run a WooCommerce store, you probably already know slow checkout costs money. BoltAudit understands stores. It looks at the things that actually matter for an online store: how long checkout takes, what your payment and shipping plugins are doing on every page, how your product pages render on mobile, and whether your background jobs are stuck. The fixes are sized for store owners, not just developers. = Run a free local audit, no account needed = The Local Audit runs entirely inside your WordPress admin. No data leaves your site. No account. No setup. You see a full report of what is happening on your site within seconds. Use it to decide whether you want the deeper AI Audit before connecting anything. When you do want AI Audit, connecting takes one click. You get unlimited audits on the Pro plan and a 14 day money back guarantee. = How it works = 1. Install and activate the plugin from the WordPress plugin directory. 2. Open **Tools and then BoltAudit** in your WordPress admin. 3. Run a Local Audit. See your site report in seconds. 4. To get the deeper AI Audit and one click fixes, click the AI Audit tab and connect your site to your free BoltAudit account. 5. Start an AI Audit from your dashboard. Review the verdict, apply the ranked fixes one click at a time. = Plans = * **Free.** Local Audit, one connected site, three AI audits a month, basic findings. No credit card. * **Pro.** Twenty nine dollars a month. Unlimited audits, three sites, mobile visitor loss score, one click apply fix, branded reports. * **Agency.** Ninety nine dollars a month. Twenty five sites, five team seats, white label, public report URLs, API access. Every paid plan has a 14 day money back guarantee. = Privacy and safety = * **Read only by default.** The plugin never deletes anything on your site on its own. * **Local audits stay local.** Your data never leaves WordPress unless you explicitly connect the site for AI Audit. * **Every change asks for your consent.** One click fixes show you exactly what is about to change and let you confirm before anything happens. * **Deep scan is optional.** A deeper diagnostic pass is available but only when you turn it on. * **No frontend overhead.** Audits run on demand, never on every page load. Your visitors never wait for BoltAudit. = Useful links = * Website: [boltaudit.com](https://boltaudit.com) * Dashboard: [app.boltaudit.com](https://app.boltaudit.com) * Sample report: [boltaudit.com/report](https://boltaudit.com/report) * Blog: [boltaudit.com/blog](https://boltaudit.com/blog) == Installation == 1. Search for "BoltAudit" in **Plugins and then Add New** in your WordPress admin, or upload the plugin folder to `/wp-content/plugins/` manually. 2. Activate the plugin from the Plugins screen. 3. Open **Tools and then BoltAudit** to run a free Local Audit. No account needed. 4. To unlock the AI Audit and one click fixes, click the AI Audit tab and follow the connect site flow at [app.boltaudit.com](https://app.boltaudit.com). == Frequently Asked Questions == = Will BoltAudit slow my site down? = No. The plugin only does work when you ask it to. There is nothing running on the public side of your site, so your visitors never wait for BoltAudit. = Will BoltAudit change or delete anything without asking? = No. The plugin is read only by default. The optional one click fixes are the only way anything gets changed, and every fix shows you exactly what is about to happen before you confirm. = What does BoltAudit actually do? = It looks at your real WordPress site, identifies the biggest single reason your site is slow, and gives you a ranked plan to fix it. For common problems, you can apply the fix in one click without touching code or the database. = Does it work with WooCommerce? = Yes. WooCommerce stores are one of the main reasons BoltAudit exists. It understands store specific problems like slow checkout, stuck background jobs, oversized product images, and heavy shipping or payment plugins. = Does it work with my cache plugin? = Yes. BoltAudit supports WP Rocket, LiteSpeed Cache, W3 Total Cache, WP Super Cache, WP Fastest Cache, and Autoptimize. One click fixes detect which one you have installed and configure it for you. If you do not have a cache plugin, BoltAudit will tell you whether installing one would actually help your site. = Do I need an account to use the plugin? = No. The Local Audit runs without an account. You only need a free BoltAudit account to use the deeper AI Audit and one click fixes. = Can the one click fixes be undone? = Most can. Reversible fixes are snapshotted before the change and can be reverted in one click within 30 days. A small number of cleanup actions are permanent, and BoltAudit tells you that clearly before you confirm, with a recommendation to take a database backup first. = Will it work on multisite? = Yes. The Local Audit collectors are multisite aware. = What data leaves my site? = Nothing leaves your site for Local Audits. When you connect the site for AI Audit, only the diagnostic signals listed in the AI Audit tab are sent. No content, no customer data, no orders. The exact list is shown to you before you connect. = What happens if a firewall or security plugin blocks a check? = BoltAudit tells you which checks were blocked, lowers the report confidence, and recommends what to verify by hand. It never fills in fake data. = Will BoltAudit fix my Core Web Vitals? = It will show you exactly which Core Web Vitals are failing (LCP, INP, CLS), explain why in plain English, and rank the fixes that will move the score the most. For many common problems you can apply the fix in one click. == Changelog == = 0.3.0 – 2026-05-11 = * New: Three destructive cleanup auto-fix actions for the cloud's guided-fix pipeline * `delete_post_revisions` — sweeps existing `wp_posts` revision rows in batches * `cleanup_failed_action_scheduler_records` — removes failed WooCommerce / AS jobs older than 30 days (and their logs) * `truncate_debug_log` — empties the WordPress `debug.log` file in place * New: Partial-completion model on the three destructive actions — each REST call processes up to a bounded chunk (5k–10k rows) within a 25-second wall-clock budget, so it never overruns PHP's `max_execution_time` on shared hosting; the cloud surfaces the remaining work via a Continue button * New: Backend collector signal `action_scheduler_failed_old_count` (failed AS rows older than 30 days), used by the new cloud-side skill that drives the cleanup recommendation * Hardened: `cleanup_expired_transients` switched from per-row `delete_transient()` to batched bulk SQL, eliminating the per-call cost spike on sites with tens of thousands of expired transients * Hardened: Strict end-state verification (`count === 0`) on every destructive cleanup so callers using `verify` as the completion gate never see a false pass on a partial run * Hardened: Path-traversal guard on `truncate_debug_log` refuses any `WP_DEBUG_LOG` outside the WordPress install tree, preventing accidental truncation of system log files * Hardened: Action Scheduler table-existence guard now validates both `wp_actionscheduler_actions` AND `wp_actionscheduler_logs` before attempting cleanup, so a partial / corrupted schema no-ops cleanly = 0.2.0 – 2026-05-08 = * New: Public `/v2/manifest` REST endpoint exposing the plugin's capability list for dashboard discovery * New: Local Audit summary redesigned as five detail-area previews (frontend, backend, database, infrastructure, environment) * New: Backend layer collectors expanded to cover wave 1–4 data paths, giving AI Audit richer evidence * Improved: Check collectors are multisite-aware and no longer pre-cap administrator enumeration * Improved: TTFB performance endpoint now respects an optional `?url` query parameter for single-page audits * Fixed: Namespaced collector edge cases surfaced during PR #37 review = 0.1.0 – 2026-05-02 = * New: Plugin-side guided fix endpoints covering all 10 guided action keys * New: Batch data collectors for the backend check registry * New: Active plugin summaries exposed in baseline * Improved: Local Audit and AI Audit admin screens redesigned * Improved: HS256 JWT replaces HMAC on backend-authenticated endpoints (WAF-friendly) * Improved: Audit request/response logging for easier diagnostics * Fixed: WP_Site_Health class lookup in namespaced collector * Fixed: Local Audit status pills now reflect actual state * Fixed: Performance-budget target labels and hardened HTTPS check * Fixed: Relative asset URL resolution and lazy-load behavior via MU plugin = 0.0.9 – 2026-04-23 = * New: AI Audit workflow inside BoltAudit * New: Bottleneck-focused report model with evidence-backed findings * New: Connection and Deep Scan controls for AI Audit setup * New: Confidence-aware reporting and continuation workflow = 0.0.8 – 2025-09-05 = * Introduced Database Details page * Introduced WooCommerce Details page * Fixed uncaught error = 0.0.7 – 2025-08-08 = * Introduced Post Details page with orphaned metadata and orphaned post record reports * Fixed environment "get user ID" issue to ensure accurate username = 0.0.6 – 2025-07-30 = * Introduced WooCommerce Performance Insights section * Added "Settings" link in the plugin page area for quicker navigation * Fixed plugin fetch error = 0.0.5 – 2025-07-25 = * Added asset impact metrics: script/style file size and load duration * Enhanced SinglePluginRepository caching for faster repeated audits * UI improvements for metrics breakdown * Bug fixes and performance optimizations = 0.0.4 – 2025-07-16 = * Added Site Details section * Fixed Plugin Audit for too many plugins * Improved table UI = 0.0.3 – 2025-07-13 = * Added full Plugin Audit section to detect inactive, outdated, or abandoned plugins * Warnings for unused or risky plugins * Improved environment and database reporting * UI refinements and performance improvements = 0.0.2 – 2025-07-05 = * Introduced Database Overview: table sizes, row counts, autoloaded options, transients, and bloat detection * Improved post type detection and metadata analysis * Minor UI tweaks and wording fixes = 0.0.1 – 2025-07-03 = * Initial beta release: post-type analyzer and environment report == Upgrade Notice == = 0.3.0 = Adds three destructive cleanup auto-fix actions (post revisions, failed Action Scheduler records, debug.log) with a partial-completion model that stays under PHP's max_execution_time on shared hosting. = 0.2.0 = Adds a public capability manifest, a redesigned Local Audit summary, and broader backend evidence coverage for AI Audit. = 0.1.0 = Adds guided fix endpoints, redesigned Local Audit and AI Audit screens, and a more WAF-friendly JWT-based authentication scheme. = 0.0.9 = Introduces the new AI Audit workflow with root-cause analysis and action-focused reporting.