Updates

PDowney · web-flow · commit b16aa7bae8f9 · 2025-08-23T02:01:26.000-04:00
diff --git a/GEMINI.md b/GEMINI.md
@@ -0,0 +1,181 @@
+# Project-specific instructions for Gemini AI
+# This file provides context about the Simple WP Optimizer WordPress plugin
+# to help Gemini understand the codebase and provide better analysis
+
+# Simple WP Optimizer - WordPress Plugin
+
+## Project Overview
+This is a WordPress performance optimization plugin that removes unnecessary features and scripts to improve site performance. Designed for WordPress administrators who want to optimize their site's speed by disabling unused functionality and reducing resource overhead.
+
+## Plugin Details
+- **Name:** Simple WP Optimizer
+- **Version:** 1.7.0
+- **WordPress Compatibility:** 6.5+
+- **PHP Compatibility:** 7.4+
+- **License:** GPL-3.0-or-later
+- **Text Domain:** simple-wp-optimizer
+
+## Architecture & Design Patterns
+
+### Single-File Plugin Architecture
+The plugin follows a single-file architecture pattern for simplicity:
+```php
+// All functionality contained in simple-wp-optimizer.php
+// Functions prefixed with 'es_optimizer_' for namespace consistency
+function es_optimizer_function_name() {
+    // Implementation
+}
+```
+
+### Plugin Initialization
+The plugin uses proper WordPress initialization patterns with plugins_loaded hook:
+```php
+function es_optimizer_init() {
+    // Hook admin menu creation
+    add_action( 'admin_menu', 'es_optimizer_admin_page' );
+    // Hook optimization features
+    add_action( 'init', 'es_optimizer_apply_optimizations' );
+    // Other initialization code
+}
+add_action( 'plugins_loaded', 'es_optimizer_init' );
+```
+
+### File Structure
+- `simple-wp-optimizer.php` - Main plugin file (all functionality)
+- `languages/` - Translation files (.pot file included)
+- `CHANGELOG.md` - Developer changelog
+- `README.md` - Developer documentation
+- `readme.txt` - WordPress.org plugin directory readme
+- `.github/workflows/` - CI/CD automation with AI-powered analysis
+
+## WordPress Coding Standards
+
+### Naming Conventions
+- **Functions:** `es_optimizer_snake_case` (WordPress standard with plugin prefix)
+- **Variables:** `$snake_case`
+- **Constants:** `ES_WP_OPTIMIZER_UPPER_SNAKE_CASE`
+- **Text Domain:** Always use `'simple-wp-optimizer'`
+
+### Security Requirements
+- Always use `esc_html()`, `esc_attr()`, `esc_url()` for output
+- Sanitize input with `sanitize_text_field()`, `wp_unslash()`, etc.
+- Use `current_user_can( 'manage_options' )` for capability checks
+- Implement proper nonce verification for all forms and actions
+- Validate and sanitize all user-provided URLs and domains
+- Use WordPress Options API for settings storage
+
+### WordPress Integration
+- **Hooks:** Proper use of actions and filters with appropriate priorities
+- **Performance Features:** Integration with WordPress caching and optimization APIs
+- **Settings API:** WordPress Settings API for admin interface
+- **Internationalization:** All strings use `esc_html__()` or `esc_html_e()`
+- **Admin Interface:** Proper admin page integration with WordPress UI standards
+
+## Plugin-Specific Context
+
+### Core Functionality
+
+#### Performance Optimization Features
+- **XML-RPC Disabling:** Remove XML-RPC functionality for security and performance
+- **JSON REST API Control:** Disable REST API for non-logged users
+- **jQuery Migrate Removal:** Remove unnecessary jQuery Migrate script
+- **Header Meta Cleanup:** Remove unnecessary WordPress meta tags from head
+- **Auto-Embeds Disabling:** Disable WordPress auto-embed functionality
+- **Emoji Support Removal:** Remove emoji scripts and styles
+- **Gutenberg CSS Removal:** Remove unused Gutenberg block styles
+- **DNS Prefetch Management:** User-configurable DNS prefetch for external domains
+
+#### Settings Management
+- **Options Caching:** Static caching system to reduce database queries
+- **Conditional Admin Loading:** Admin assets only load on plugin settings page
+- **User-Friendly Interface:** Toggle-based settings for easy optimization control
+- **Input Validation:** Comprehensive validation for all user inputs
+
+#### Security Features
+- **Domain Validation:** DNS prefetch domains validated to prevent injection
+- **Input Sanitization:** All user inputs properly sanitized and escaped
+- **Capability Checks:** Admin-only access with proper permission verification
+- **Nonce Protection:** CSRF protection on all form submissions
+
+### Performance Optimization Focus
+- **Frontend Performance:** Reduces HTTP requests and removes unused resources
+- **Admin Performance:** Conditional loading of admin assets
+- **Database Optimization:** Option caching to minimize database queries
+- **Script Optimization:** Selective removal of unnecessary WordPress scripts
+
+### DNS Prefetch Security
+- **Domain Validation:** All DNS prefetch domains validated to prevent injection
+- **Clean Domain Enforcement:** Only clean domains without paths/parameters allowed
+- **Input Sanitization:** URL validation prevents malicious domain injection
+- **Output Escaping:** All domain outputs properly escaped for security
+
+### WordPress Hook Management
+- **Priority Handling:** High-priority hooks (PHP_INT_MAX) to ensure optimization execution
+- **Hook Timing:** Proper use of init, wp_head, and other WordPress lifecycle hooks
+- **Filter Override Protection:** Prevents other plugins from disabling optimizations
+- **Action Consolidation:** Organized hook management for better performance
+
+### Option Caching System
+- **Static Caching:** `es_optimizer_get_options()` function with static cache
+- **Database Query Reduction:** Minimizes repeated option retrieval
+- **Memory Efficiency:** Efficient caching without memory overhead
+- **Cache Invalidation:** Proper cache clearing when options change
+
+## Development Standards
+
+### Error Handling
+- **WP_Error Usage:** Consistent error object returns throughout
+- **Comprehensive Logging:** Structured logging with severity levels
+- **Security Logging:** Detailed logs for security events
+- **User Feedback:** Clear error messages without information disclosure
+
+### Documentation
+- **PHPDoc Compliance:** Complete documentation for all functions
+- **Security Comments:** Detailed security justifications
+- **Code Examples:** Clear usage examples in documentation
+- **Version Control:** Comprehensive changelog maintenance
+
+### Testing & Quality Assurance
+- **PHPStan Level 5:** Static analysis compliance
+- **PHPCS WordPress Standards:** Full coding standards compliance
+- **PHPMD Compliance:** Code quality and complexity management
+- **Security Analysis:** Regular vulnerability assessments
+
+## When Reviewing Code
+
+### Critical Issues to Flag
+1. **Performance Impact** (optimization conflicts, excessive resource usage)
+2. **WordPress Compatibility** (plugin/theme conflicts, hook interference)
+3. **Security Vulnerabilities** (input validation, output escaping)
+4. **WordPress Standard Violations** (coding standards, API misuse)
+5. **Option Management Issues** (database performance, caching problems)
+
+### Plugin-Specific Security Concerns
+1. **DNS Prefetch Validation:** Ensure domain inputs are properly validated
+2. **Settings Security:** Verify admin-only access and nonce verification
+3. **Hook Priority Conflicts:** Check for potential conflicts with other plugins
+4. **Input Sanitization:** Validate all user-provided domains and settings
+5. **Output Escaping:** Ensure all dynamic content is properly escaped
+
+### Performance Focus Areas
+1. **Frontend Optimization:** Script and style removal effectiveness
+2. **Admin Performance:** Conditional asset loading efficiency
+3. **Database Optimization:** Option caching and query reduction
+4. **Hook Performance:** Efficient hook management and execution
+5. **Memory Usage:** Optimization without excessive memory consumption
+
+### Positive Patterns to Recognize
+1. **WordPress API Compliance:** Proper use of WordPress hooks and functions
+2. **Performance-First Design:** Optimizations that genuinely improve site speed
+3. **User Experience:** Clear interface for managing optimizations
+4. **Compatibility Focus:** Safe optimizations that don't break functionality
+5. **Documentation Quality:** Clear documentation of optimization effects
+
+### Suggestions to Provide
+1. **WordPress-Specific Solutions:** Prefer WordPress APIs over generic PHP
+2. **Performance Enhancements:** Additional optimization opportunities
+3. **Compatibility Improvements:** Better plugin/theme compatibility
+4. **User Experience:** Interface and workflow improvements
+5. **Documentation Updates:** Clear explanation of optimization benefits
+
+Remember: This plugin prioritizes WordPress performance optimization, security through input validation, and compatibility with the WordPress ecosystem. All optimizations must maintain site functionality while improving performance.
diff --git a/phpcs.xml b/phpcs.xml
@@ -26,30 +26,35 @@
         <exclude name="WordPress.DB.DirectDatabaseQuery"/>
     </rule>
 
-    <!-- ENFORCE SPACES INSTEAD OF TABS - NO TABS ALLOWED -->
+    <!-- COMMENTED OUT: These rules enforce spaces instead of tabs, which conflicts with WordPress standards -->
+    <!-- WordPress standards actually require TABS for indentation, not spaces -->
+    <!-- 
     <rule ref="Generic.WhiteSpace.DisallowTabIndent">
     </rule>
     <rule ref="Generic.WhiteSpace.ScopeIndent">
         <properties>
-            <!-- Use 4 spaces for indentation (WordPress standard) -->
             <property name="indent" value="4"/>
             <property name="tabIndent" value="false"/>
         </properties>
     </rule>
+    -->
 
-    <!-- Disallow Rule Flagging Space Indents -->
+    <!-- COMMENTED OUT: Disallow Rule Flagging Space Indents - not needed with tab indentation -->
+    <!--
     <rule ref="Generic.WhiteSpace.DisallowSpaceIndent">
         <exclude name="Generic.WhiteSpace.DisallowSpaceIndent"/>
     </rule>
 
-        <!-- Disallow Rule Flagging Space Indents -->
     <rule ref="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed">
         <exclude name="Generic.WhiteSpace.DisallowSpaceIndent.SpacesUsed"/>
     </rule>
+    -->
 
-    <!-- Disallow inline tabs -->
+    <!-- COMMENTED OUT: Disallow inline tabs - WordPress allows tabs for indentation -->
+    <!--
     <rule ref="Universal.WhiteSpace.DisallowInlineTabs">
     </rule>
+    -->
 
     <!-- Additional WordPress-specific spacing rules -->
     <rule ref="WordPress.WhiteSpace.ControlStructureSpacing"/>
diff --git a/simple-wp-optimizer.php b/simple-wp-optimizer.php
