Optimize a Wordpress Site (July/2022)

Wordpress is a very comfortable framework to create a site on.

You automatically inherit a slew of amazing plugins which enable you to create many sorts of dynamic sites with statistics, admin site and many other benefits.

But unfortunately, you also inherit many problems which come with the Wordpress installation.

Just to name a few

  • Wordpress is a heavy framework, instead of having a lean HTML/PHP site, you now have this monster you need to reign in. - I am talking optimization/speed wise
  • Wordpress is very popular (it powers more than 30% of the internet sites as of today), so it is a target to many a hacker.
  • Wordpress has lots of security issues as each plugin is created by a different developer and you won't know where the security breach came from.
  • Wordpress is slow as it does lots of tasks behind the scenes (as it has lots of not-so-needed functionalities).

So what are the initial steps one should do when creating a fresh wordpress site ?

General Guidelines

  • Make sure you have a SSL certificate
  • Use a fast DNS (Cloudflare)
  • Consider the web server in use, Apache WWW has the worst performance while nginx is much better but might be complicated to configure. (OpenLiteServer seems like the best fit)
  • Take care of the www redirect
  • Have a backup plugin (Updraft, or maybe a server backup [not controlled in WP])

Security

  • Use CloudLinux for much better security
  • Block all not used ports on your server
  • Your server should have a good firewall (waf?), putting in jail all of those knocking on the ftp/ssh/mail ports.
  • Use a CDN (cloudflare?) with a DDOS attack protection service.
  • Wordpress security Plugins
    • Blackhole (J. Karr)
    • Remove all unneeded parts from wordpress - this also helps against attackers (Machete/Unbloater, Block XML-RPC, Block Rest-API)
    • Plugin with a firewall, plugin/theme integrity check, login protection, virus scan (Wordfence, consider offloading protection to the server instead of WP)

Optimization

  • Browser side caching (wprocket/htaccess editing) - so browsers will not even ask for some of the site's assets
  • DB caching - Object caching (Redis)
  • CDN (Cloudflare with proxied DNS)
  • Server Brotly compression (better than GZIP)
  • HTTP3/2
  • Server side caching (Opcache)
  • Remove all unneeded parts from wordpress  (Machete/Unbloater)
  • Wordpress caching plugin (WPRocket/LSCWP)
Hold a minimal amount of plugins, those that you hold should always be updated and from a casually maintained source.

These are the basics - A good starting point.


Additional points to consider

  • Convert all DB tables to InnoDB instead of MyIsam
  • Disable WP cron jobs (using wpconfig.php) and enable Linux cron jobs every 15m
  • Disable pingbacks or even all comments sitewide
  • Enable (Cloudflare?) image hotlinking protection
  • For large sites, enable more memory: define( 'WP_MEMORY_LIMIT', '256M' );
  • Consider eliminating automatic updates
  • Define PHP workers smartly (heavy sites can use 4 static workers per CPU) while small sites might use dynamic workers

Comments

Post a Comment

Popular posts from this blog

Profiling Java @ 2019

A good profiler can really help you in your work while coding Java (I assume while coding any coding language but I am referring to Java here) It can find memory leaks (Which object and how many of it takes the most of your limited memory?), CPU bottlenecks and other surprising data like the time consumed by each network call / DB query etc. Thus it is not so surprising to find many different java profilers around. I will try to map here the Java profiling tools lying around My short list of requirements will include the following: Profiler Requirements Constantly updated profiler (how a profiler built to profile Java6 will behave with Java11?) Clear GUI - As I will want to dive into the profiling data - it will be much simpler using UI Free (With a big advantage to the open sourced ones) (Optional) Remote profiling List of Profilers Dead Profilers (At least 5 years without an update) JIP - Java Interactive Profiler  - Last update 2010 Profiler4J - Last Updat
Read more

Shared/Pro/Managed Hosting for your site - which to choose ? (NO AFFILIATE LINKS!)

 You buy a domain and want to start your site running, time to find your perfect hosting. This is one of our first steps, and might be your most crucial one. I won't tell you which hosting company to choose, I will attempt just to clarify the picture. What are your Hosting options ? Shared Hosting You can choose shared hosting - obviously this one will be the cheapest option. In this category you might even find free hosting options, with or without ads on your site. Although this option sounds great for beginners as it is cheap and is comes with many promises from the hosting company (unlimited bandwidth, unlimited disk space etc.), there are no free meals, and as you are not alone on this server ( shared hosting), you don't really know who your neighbors are. So nothing is guaranteed, you might have a neighbor which takes lots of bandwidth, so you will actually have less to use etc. You might have a malicious neighbor which will attempt to hack your site using the common host
Read more

ZVR converter

Yesterday, a friend asked me to find him a ZVR sound file converter. What's the problem? I asked... Give me 5 minutes and i'll google it out. Well, I was wrong, finding a decent converter isn't an easy task, it took me at least 7 minutes (kidding). What's a ZVR file? It's a dictation recorder output file, used by the korean SAFA company, their recording machine is used mainly to capture sound files using its microphone during class lessons or whenever one wants. I just don't get it, why each company comes up with its own sound format?  grab a good and free existing audio format and stick to it! The ZVR files are very small hence their low quality... Anyway, a nice ZVR to WAV file converter was found. It's an incredibly small file (140kb). Download ZVR sound file converter  Enjoy, Avi.
Read more