Documentation
Everything you need to go from install to fully configured in under five minutes. No code, no config files, no terminal.
Getting started
OvKit works like any WordPress plugin. Install, activate, configure from one dashboard.
Step 1 — Install
Go to Plugins → Add New and search for “OvKit.” Click Install, then Activate. No API keys, no account signup, no external connections needed for the free version.
Step 2 — Run the site scan
Navigate to Tools → OvKit. Hit Run Scan. OvKit analyses your WordPress install and flags which features are safe for your specific setup. This takes about 3 seconds.
Step 3 — Enable features
Each feature shows a risk label so you know exactly what you are enabling. Toggle on what you need. Changes take effect immediately — no page reload required.
Step 4 — Done
Seriously. There is no step 4. Your site is now cleaner, lighter, and harder to attack. The whole process takes less time than configuring a single security plugin.
Understanding risk labels
Every feature in OvKit shows one of four risk labels. These are based on testing across hundreds of WordPress configurations including WooCommerce, Elementor, Jetpack, WPML, and other popular plugins.
| Label | What it means | Should you enable it? |
|---|---|---|
| Safe | No known conflicts on any tested configuration. | Yes — enable without hesitation. |
| Recommended | Safe on 95%+ of sites. Minor edge cases possible. | Yes — check the note if you run uncommon setups. |
| Advanced | Useful but may conflict with specific plugins. | Yes, after reading the compatibility note. |
| Risky | Can break functionality on certain site types. | Only if you understand what it does and have tested. |
Feature categories
Performance (8 features)
Remove emoji scripts, disable embeds, clean wp_head output, defer scripts, remove query strings from static resources, disable self-pingbacks, limit post revisions, and disable heartbeat on non-essential pages. Together these typically save 6–12 HTTP requests and 80–200KB on every page load.
Security (10 features)
Hide login error hints, block author enumeration, disable XML-RPC, remove WP version meta, disable application passwords, disable file editor, restrict REST API to authenticated users, add security headers, disable directory browsing, and force logout on idle sessions.
Cleanup (12 features)
Remove dashboard widgets, disable admin email verification nag, clean admin bar, remove Welcome panel, disable comments site-wide, remove shortlink tags, disable RSS feeds (if unused), remove RSD/WLW links, remove adjacent post links, clean plugin action links, simplify image filenames on upload, and auto-trash spam comments.
Admin UI (9 features)
Custom admin footer text, custom login page styling, role-based admin menu visibility, role-based admin notice filtering, admin colour scheme override, reorder admin menu items, rename menu labels, add custom CSS to admin, and white-label branding (Agency plan).
Rollback (Pro)
Every change you make in OvKit is logged with a timestamp and before/after state. If something goes wrong — or a client accidentally flips a switch — open the Activity Log and revert any feature to its previous state in one click. No database edits, no FTP, no panic.
Export / Import (Pro)
Configure OvKit once, export your settings as a JSON file, and import on every new site. Perfect for agencies deploying the same baseline across all client projects.
Still have questions? Visit Support — free users get community help, Pro users get direct email access.