WordPress is an amazing CMS or Content Management System that makes creating and maintaining a website really easy. However at times it can cause high resource usage when not optimized properly. In this article, you’ll learn how to optimize WordPress. Many of these procedures and technologies are built into InMotion’s VPS for WordPress hosting plans.
Why you should optimize WordPress
Because WordPress makes it so easy to do a lot of things, this requires a lot of stuff going on in the background. Depending on the size and complexity of your website, as well as the traffic you receive, you’ll want to pay extra close attention to making sure your WordPress site is optimized to handle the type of traffic you get.
If you’ve viewed your account’s resource usage with the CPU graphs available in cPanel, and noticed your account has been going outside of your allotted usage, or if you’ve been contacted about your usage by our systems administration team, now is a great time to make sure WordPress isn’t the culprit of your usage.
Improve the performance and security of your WordPress website with our WordPress hosting plans.
Web Application Firewalls Free SSL Certificates Advanced Server Caching
Steps to ensure an optimized WordPress setup
Below I’ve compiled a list on what we recommend doing to optimize your WordPress website.
These are ordered by the typical resource usage reduction expected from each method, and not all are required.
For instance most customers just need WordPress caching and that’s enough to bring the resource usage down.
Implement WordPress caching
WordPress by default will dynamically create your pages and posts by pulling from your database.
If you have 100 people view one of your pages, by default this will cause 100 PHP executions.
Instead the first person to view your page should pull from the database, and create a cached page.
This cached page can be viewed, hundreds, if not thousands of times by others with minimal usage.
WP Super Cache (Basic and easy to setup)
W3 Total Cache (Offers more advanced caching options)
Be careful of known intensive WordPress plugins
WordPress plugins can vary greatly in how efficiently they were created, since anyone can make one.
You can try to find an alternative plugin, seeing if leaving one of these disabled brings your resource usage down enough, or if it’s really necessary to your site’s function you could upgrade to a VPS.
Below is a list of plugins we’ve seen customers have issues with before as they seem to utilize a large amount of resource usage compared to most plugins.
Disable default wp-cron.php behaviour
WordPress runs wp-cron.php on every visit to basically ask “do I have anything to do?”
When visitors start to roll in, checking multiple times the same hour is very inefficient.
By default your wp-cron.php script could be getting called hundreds of times an hour.
Setup a manual cron job to run this instead, at a more appropriate 4 or 6 hour interval.
Disable WordPress autosave and log out of dashboard
WordPress autosaves, and admin dashboard activity goes to the /wp-admin/admin-ajax.php script.
There can sometimes be hundreds, if not thousands of these requests and you can limit them by disabling the autosave feature in WordPress and staying logged out of the admin when not in use.
Limit or block search engine crawlers
By using a robots.txt rules file, you can deny access to certain search engines you don’t want crawling your website, or deny them to particular sections of your website.
Stop or slow search engine crawlers on your website with robots.txt
Block unwanted users from your site
You can outright deny access to your website from either certain IP addresses, or User-Agents.
For instance the following .htaccess code would block the Chinese Baidu.com spider, HTTrack which is a website copier, and the Russian Yandex.com search engine.
RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex).*$ [NC] RewriteRule .* - [R=403,L]Deal with WordPress comment spam
You should be using a CAPTCHA plugin to protect against comment spam like WP-reCAPTCHA.
If your WordPress site already has comment spam you can clean up WordPress comment spam.
Find out who is comment spamming you
If you already have comment spam you should remove it from your database, and then you can try to protect against further comment spam based off who is trying to spam you.
For instance, a WordPress site today had these unique IPs that were trying to spam them:
8 218.10.17.148 8 60.173.26.43 8 60.173.26.61 9 218.10.17.208 9 218.10.17.94 9 60.173.10.231 9 60.173.10.242 9 60.173.10.244 9 60.173.11.219 9 60.173.26.47 9 60.173.26.57
So we can see that there are a lot of unique IP addresses from the 60.173 range, and the 218.10 range that are trying to spam our comments at least 8 times each.
Now you can try to see where these IP addresses are from using a website like geoIPtool.com
In this case you’d end up looking at:
https://www.geoiptool.com/en/?IP=60.173 https://www.geoiptool.com/en/?IP=218.10
These ranges are all from China, so if that’s not your target audience, there probably shouldn’t be people from there commenting on your website.
Block IP ranges from accessing your website at all
You can outright deny these IP ranges in .htaccess with this:
Deny from 60.172 Deny from 218.10
Block IP ranges from commenting on your WordPress site
Or if you wanted to still allow people from these IP ranges to visit your site, but not comment on it, you could use these .htaccess rules:
ErrorDocument 503 "Commenting disabled" RewriteEngine On RewriteCond %{REMOTE_ADDR} ^60.173 [OR] RewriteCond %{REMOTE_ADDR} ^218.10 RewriteCond %{REQUEST_URI} ^/wp-comments-post.php$ RewriteRule .* - [R=503,L]Limit or disable WordPress revisions
Although not as intensive as preventing requests in the first place, you can also disable or limit WordPress revisions to improve database performance as well.
Update everything WordPress
To ensure everything is running optimally be sure to update regularly.
Request further help from support
If all of this fails to help your WordPress website run faster and use up less resources, then a deeper investigation probably needs to be done on your access logs to see what’s really being requested the most which could be causing problems for you.
Resource usage patterns typically come in waves, so it’s important to enable raw access logs in cPanel for your account, so that if you need to contact support for further help, we have a lot of data to work with to recommend you something as a possible culprit of your high usage.
Once you have at least a full day of logs, feel free to contact technical support for further help.
You should hopefully now have a better understanding on how you can optimize your WordPress website to reduce the resource usage required from the server in order to handle your account’s requests.
Learn more about increasing website performance with our WordPress Education Channel.
Most of the instruction links in this document are broken. Please update so we can use these as a Help tool.
I appreciate you bringing this to our attention. We’re trying to update any articles that have issues like this, so I’ll be sure this one gets worked on. Thanks!
Poorly written plugins and themes which don’t hook into the WordPress generated images often do this, where they just display the original image even though it might appear as a thumbnail.
Thanks for this information, but a note and a question. First the note: Better Delete Revision WordPress plugin referred to in this article has not been updated in three years. And the question: Does Woocommerce save revisions of products? If so, what can delete those revisions?
Revisions for products are not enabled by default, but it is possible to add revision support.
A blog that’s both educative and interesting, and without a doubt, you have hit the nail on the head. The problem is an issue that few folks are speaking intelligently about how to optimize wordpress. I am very happy that I have found this during my search.
Thanks for sharing with us.
Thanks for the post so how to do ‘first byte time’ on the hosting server? any advice
Hello DigitalBerg,
I’m not sure what you mean by “how to do TTFB (time to first byte)” – are you asking how to optimize? There are many approaches. You can improve TTFB by making your front page quick to load. You could also utilize CDN (content delivery networks) to bring website assets closer to your viewers – thereby making it faster to load up your site. Check out this Moz article: Improving TTFB.
Others, in this article – Cloudflare, say to not put too much emphasis on TTFB and instead focus on the entire web experience of your site.
I hope this helps to answer your question. If you have any further questions, please let us know.
Kindest regards,
Arnel C.
I found this post somewhere after i got a DDOS attack. if anyone can check the code for this, maybe it is good it could be added to the Optimize wordpress.
========== START Copy of the post i found=======
You are seeing this because your blog was recently used as part of a DDOS attack against Trilema.
The way this works is that the attacker sends pingbacks to a long list of blogs. The blogs in question then load the indicated url to try and verify if the pingback is legitimate (ie, if the url of the pinged blog actually appears on page), resulting in massive traffic spikes for the victim.
This works because WordPress pingbacks are poorly implemented. A more solid implementation would verify if the pingback originates from the same IP as the site that supposedly sent it, and discard the request if there’s a mismatch. The current implementation allows pingbacks to be sent by any arbitrary IP, and so allow a malicious user yet another DDOS vector.
Please do your part by fixing your pingbacks implementation. The easiest way would be to open the file xmlrpc.php found in the root directory of your blog installtion, and modify the part that says
To instead say
This checks that the IP of the domain you think you’ve been pinged by and the IP of the client informing you were pinged match, and dies if they don’t – rendering this particular DDoS avenue inoperable while maintaining all the pingback functionality you could possibily want.
Thanks for being part of the solution!
Hello Felipe,
Thanks for providing the information! Your post is valuable for our other readers. If you have any further questions or comments, please let us know.
Regards,
Arnel C.
Great post! One important aspect to mention is analysis, if you don’t know why your site is slow then optimizing your WordPress site will be based on guessing.
Usually a cursory analysis using something like GTmetrix.com (shameless plug) will give you some great tips on where the bottlenecks are. For more serious slow-downs that originate from the web application or server itself, you could analyze system logs or use the excellent (and free) New Relic.
Some WordPress plugins such as DebugBar does similar under the hood analysis for those who can’t install modules on their server.
Another area that we come across quite often is uncompressed images and scaled images, especially the latter where let’s say a 2000×2000 pixel image possibly straight from a digital camera gets uploaded and used its original size (even though it might be scaled down *visually* only).
Poorly written plugins and themes which don’t hook into the WordPress generated images often do this, where they just display the original image even though it might appear as a thumbnail.
End result? A 5 meg image, when it should be using the thumbnail version of 20k!
Besides that, of course there’s a wide spectrum as indicated in your post as to why any site can be slowed down.
Cheers!
One of the common method that can be employed to enhance the server performance would be to install a web accelerator such as “Apachebooster’. This will enhance the cache, thereby making the site load really faster for the end user.