SpeedSpark – Cache, Page Speed & Core Web Vitals Optimizer
SpeedSpark bundles four performance domains into one lightweight, modular plugin:
- Page caching — full-page HTML cache for anonymous visitors with smart invalidation.
- Asset optimization — minify/combine CSS & JS, defer non-critical JavaScript, preload key assets.
- Media — lazy-load images & iframes, add missing dimensions to reduce layout shift.
- Bloat removal — disable emojis/embeds, throttle Heartbeat, limit revisions, tidy the database.
Every module is independently toggleable and ships off or in its safest mode. Disabled
modules attach zero hooks, so they add zero overhead. Anything that touches wp-config.php
or drop-ins is disclosed, idempotent, and reversible.
External services
SpeedSpark makes no external requests by default. Two optional, opt-in features connect to a third-party service, and only from your server — never from your visitors’ browsers.
Cloudflare API
- What it is / why: if you enable CDN purging and choose the Cloudflare provider, the plugin asks Cloudflare to invalidate its CDN cache when your page cache is purged.
- What is sent and when: on every cache purge — the Zone ID and API token you entered (for authentication) and, for targeted purges, the list of your own page URLs to invalidate. No visitor data is ever sent.
- Terms of service: https://www.cloudflare.com/terms/
- Privacy policy: https://www.cloudflare.com/privacypolicy/
Google Fonts
- What it is / why: if you enable local Google Fonts hosting, your server downloads the font CSS and font files your theme already uses from fonts.googleapis.com and fonts.gstatic.com, once, and serves them from your own site from then on.
- What is sent and when: only the font URLs your theme already references, at localization time. No visitor data is sent — and after localization your visitors’ browsers stop contacting Google entirely.
- Terms of service: https://policies.google.com/terms
- Privacy policy: https://policies.google.com/privacy
Every other request the plugin makes (cache warming, sitemap reading, critical CSS generation) goes to your own site’s URLs. Domain names that appear in the delay-JavaScript preset list (e.g. googletagmanager.com, connect.facebook.net) are local string patterns used to match scripts already on your pages — SpeedSpark never connects to them.
Privacy & data handling
The optional Analytics module is self-hosted and cookieless by design:
- What is stored: aggregated daily counters only — pageviews per path, referrer domains, and device class (desktop/mobile/tablet) — in a table on your own site. There are no per-visitor rows.
- What is never stored: no cookies, no IP addresses, no user agents, no fingerprints, and no third-party service is involved.
- Do Not Track: visitors with DNT or Global Privacy Control enabled are not counted (enforced in the browser and again on the server; on by default).
- Uninstalling: system-level changes (drop-ins,
WP_CACHE, the.htaccessblock, scheduled events) are always reversed on uninstall. Settings, cached files, and the analytics table are deleted only if you tick «Delete all data on uninstall» first.
