Your WordPress engineer for superior site maintenance and optimization
Scotty is the all-in-one solution for controlling, cleaning, and optimizing your WordPress site. With a modern React-based dashboard and a powerful feature suite, Scotty empowers you to analyze and maintain your database, manage cron jobs, fine-tune security, and control dozens of hidden WordPress settings — all from a single, intuitive interface.
Cleaning
- Trash Management — Delete post revisions, auto-drafts, trashed posts, unapproved/spam/trashed comments, orphaned metadata, and transient options in bulk or one by one.
- Duplicates Detection — Identify and remove duplicate entries across post meta, comment meta, user meta, and term meta tables.
- Orphan Cleanup — Find and delete orphaned records in postmeta, commentmeta, usermeta, termmeta, and term relationships.
Optimization
- Database — View all database tables with engine, auto-increment, collation, and overhead info. Optimize tables and reset auto-increment values individually or in bulk.
- Disk Usage — Overview of WordPress installation size breakdown: core, themes, plugins, uploads, and database.
System
- Cron Manager — View all scheduled cron jobs with next run time, schedule, interval, and arguments. Run, delete, search, sort, and bulk-manage cron jobs. Color-coded schedule badges and time-relative status indicators.
- Shortcode Registry — Browse all registered shortcodes with their callback functions and callable status.
WordPress Settings
Control dozens of WordPress settings organized in 6 tabs:
General
* Enable/disable REST API and XML-RPC
* Hide WordPress version from source code
* Hide detailed login error messages
* Disable email authentication
* Disable the built-in file editor
* Disable author archives (prevents user enumeration)
* Disable Application Passwords
Admin
* Show/hide admin footer credit and version
* Show/hide the Welcome panel
* Toggle visibility of Dashboard, Posts, Media, Pages, Comments, and Tools menu items
* Disable update nags for non-admin users
* Disable the periodic admin email verification prompt
Writing
* Limit the number of post revisions
* Disable self-pings
* Configure auto-empty trash interval
Reading
* Set custom excerpt length
* Hide admin bar on frontend
* Disable emoji scripts and styles
* Disable embed scripts (wp-embed.js)
* Disable jQuery Migrate on frontend
* Disable RSS and Atom feeds
Performance
* Disable Heartbeat API on frontend
* Set custom Heartbeat interval
* Remove Dashicons CSS from frontend for non-admin users
Media
* Disable big image scaling (WordPress 5.3+)
* Set custom JPEG compression quality
Dashboard Widget
A compact dashboard widget showing key site health notifications at a glance.
Coming Soon
- Multisite support
- Database rename, truncate, drop, export, import
- Database search and replace
- Database backup
- Scheduled auto-cleaning
- Spotlight search (CMD+K)
- And more…
Screenshots
Overview Dashboard
Trash Management
Duplicates Detection
Database Optimization
Cron Manager
Shortcode Registry
WordPress General Settings
WordPress Admin Settings
WordPress Performance Settings
WordPress Media Settings
1. What is Scotty?
Scotty is a WordPress maintenance and optimization plugin with a modern React-based dashboard. It helps you clean your database, manage cron jobs, control security settings, and optimize your site performance.
2. Do I have to back up before cleaning?
Yes, we strongly recommend backing up your database before performing any cleanup operation.
3. Can I undo a cleanup operation?
No, cleanup operations are permanent. Always back up first.
4. Will disabling the REST API break my site?
Disabling the REST API will prevent unauthenticated access. Logged-in users will still have access. Some plugins may require the REST API to function — test after disabling.
5. Can I request a new feature?
Yes! Please submit feature requests at the support forum.
6. Can I report a bug?
Yes! Please report bugs at the support forum.
ChangeLog
2.0.0
Major release with security hardening, modernized stack, UI improvements, and new features.
New Features
- WordPress Settings: new Security options — disable file editor, author archives, Application Passwords
- WordPress Settings: new Admin Menu options — toggle Media, Pages, Comments, Tools visibility
- WordPress Settings: new Admin Notices options — disable update nags, admin email verification
- WordPress Settings: new Writing options — disable self-pings, auto-empty trash with configurable days
- WordPress Settings: new Reading options — disable emoji scripts, embed scripts, jQuery Migrate, RSS feeds
- WordPress Settings: new Performance tab — Heartbeat control, Dashicons removal on frontend
- WordPress Settings: new Media tab — disable big image scaling, custom JPEG quality
- WordPress Settings: unified OptionsProvider with single fetch and shared Reset button
- Cron: delete individual cron jobs with confirmation modal
- Cron: bulk delete selected cron jobs
- Cron: search/filter by hook name
- Cron: sortable columns (hook name, next run, schedule)
- Cron: row expansion showing signature, interval, and arguments
- Cron: right-click context menu with Run and Delete actions
- Cron: colored schedule badges (hourly, daily, weekly, one-time)
- Cron: time-relative status indicators (overdue, soon, upcoming)
- Overview: new Database Size quick card with link to Database section
- Overview: new Scheduled Cron Jobs quick card with link to Cron section
- Overview: clickable cards navigate to their corresponding section
- Overview: refresh button to reload all overview data
- Trash: bulk delete for unapproved, spam, and trashed comments
- Trash: orphan term relationships listing, single and bulk delete
- Duplicates: single and bulk delete for duplicate user meta and comment meta
Security
- Fixed SQL injection in database optimize and auto-increment reset (table name whitelist)
- Added schema validation and recursive sanitization for preferences update
- Added esc_html() to all meta/option/comment values in JSON responses
- Fixed hardcoded wp_posts table prefix in SQL subqueries
- Added $wpdb->prepare() to all orphan detection queries
- Sanitized cron hook_name and signature inputs
- Fixed transient query missing prepared statement
- Fixed XML-RPC error handler using PHP Error class instead of WP_Error
- Standardized LIKE clause syntax across all queries
- Fixed hardcoded commentmeta table prefix in orphan deletion
Bug Fixes
- Fixed Disk overview showing NaN for timed-out directory calculations
- Fixed Disk overview crash when WordPress size data contains error strings
- Fixed division by zero in Options overview when option count is zero
- Fixed OverviewCard pulsing indicator on arbitrary >50% values
- Fixed admin bar removal running too early (before scripts are registered)
- Fixed Reset to default not actually resetting options to defaults
- Fixed each WordPress Settings tab creating a separate OptionsProvider (4 redundant fetches)
- Fixed SWR mutate() not revalidating after bulk operations across all views
- Fixed broken Refresh button in empty Trash/Duplicates view
- Fixed Terms crash when excluded term IDs array is empty
- Fixed translated strings interpolated in SQL (comments)
- Fixed duplicate term meta deletion keeping wrong entry
- Fixed Features popover Overview link not working
- Fixed “Database Sneak Peak” typo (now “Sneak Peek”)
- Fixed getOptions crash on undefined path segments when new options are not yet in database
Improvements
- Migrated from npm to Yarn
- Updated @wordpress/scripts from 27.9.0 to 31.7.0
- Updated Mantine from 7.14.0 to 8.3.18
- Updated all dependencies to latest compatible versions
- Migrated to React 18 createRoot API (replaced deprecated wp.element.render)
- Modernized tsconfig.json (es2020, react-jsx, bundler resolution)
- Removed all unnecessary
import * as React statements (30 files)
- Removed deprecated MantineProvider withStaticClasses prop
- Fixed Mantine 8 Image component rendering in header logo
- Performance: replaced N+1 user queries with single count_users() call
- Performance: removed repeated COUNT(*) subqueries in post/comment stats
- Performance: added LIMIT 1000 to orphan detection queries
- Removed esc_sql() mixing with prepare() in term relationships
- Cleaned up dead code and unused imports across Cron, Shortcode, and Options components
- Added error handling to Options/Preferences provider
- Improved AJAX error throwing with structured status/statusText
1.1.0
- Refactored code in TypeScript
- Added internationalization support
- Added total item count in Cron and Shortcode views
- Added links in the left sidebar
- Disabled admin notices for the Scotty view
- Fixed unused terms view to enable deletion of unused terms
1.0.0
