Optimize WordPress

Wordpress is an amazing CMS or Content Management System that makes creating and maintaining a website really easy. However at times it can cause high resource usage when not optimized properly.

Why you should optimize WordPress

Because WordPress makes it so easy to do a lot of things, this requires a lot of stuff going on in the background. Depending on the size and complexity of your website, as well as the traffic you receive, you'll want to pay extra close attention to making sure your WordPress site is optimized to handle the type of traffic you get.

If you've viewed your account's resource usage with the CPU graphs available in cPanel, and noticed your account has been going outside of your alloted usage, or if you've been contacted about your usage by our systems administration team, now is a great time to make sure WordPress isn't the culprit of your usage.

Steps to ensure an optimized WordPress setup

Below I've compiled a list on what we recommend doing to optimize your WordPress website.

These are ordered by the typical resource usage reduction expected from each method, and not all are required.

For instance most customers just need WordPress caching and that's enough to bring the resource usage down.

  1. Implement WordPress caching

    WordPress by default will dynamically create your pages and posts by pulling from your database.

    If you have 100 people view one of your pages, by default this will cause 100 PHP executions.

    Instead the first person to view your page should pull from the database, and create a cached page.

    This cached page can be viewed, hundreds, if not thousands of times by others with minimal usage.

    WP Super Cache (Basic and easy to setup)

    W3 Total Cache (Offers more advanced caching options)

  2. Be careful of known intensive WordPress plugins

    WordPress plugins can vary greatly in how efficiently they were created, since anyone can make one.

    You can try to find an alternative plugin, seeing if leaving one of these disabled brings your resource usage down enough, or if it's really necessary to your site's function you could upgrade to a VPS.

    You could also use the P3 Plugin Performance Plugin to try to figure out which WordPress plugins are the most intensive.

    Below is a list of plugins we've seen customers have issues with before as they seem to utilize a large amount of resource usage compared to most plugins.

    CMS Tree Page View Constant Contact WordPress Widget Digi Auto Links
    Disqus Comment System FireStats WordPress Geo Mashup
    Google Talk Widget NextGEN Gallery PHP Code for Posts
    Quotes Collection Reveal IDs Simple Post Thumbnails
    Skype Status VaultPress WassUp Real Time Analytics
    Wordgento wpCloaker WordPress Facebook
    WP Forum Server WP Live Stream Online Backup for WordPress
    WP Autoresponder and News Plugin WP Super Heatmap WP Symposium
    Yet Another Related Posts Plugin
  3. Disable default wp-cron.php behaviour

    WordPress runs wp-cron.php on every visit to basically ask "do I have anything to do?"

    When visitors start to roll in, checking multiple times the same hour is very inefficient.

    By default your wp-cron.php script could be getting called hundreds of times an hour.

    Setup a manual cron job to run this instead, at a more appropriate 4 or 6 hour interval.

    Disable the default wp-cron.php method in WordPress

  4. Disable WordPress autosave and log out of dashboard

    WordPress autosaves, and admin dashboard activity goes to the /wp-admin/admin-ajax.php script.

    There can sometimes be hundreds, if not thousands of these requests and you can limit them by disabling the autosave feature in WordPress and staying logged out of the admin when not in use.

    Disable WordPress autosave

    Log out of WordPress admin dashboard when not in use

  5. Limit or block search engine crawlers

    By using a robots.txt rules file, you can deny access to certain search engines you don't want crawling your website, or deny them to particular sections of your website.

    Stop or slow search engine crawlers on your website with robots.txt

  6. Block unwanted users from your site

    You can outright deny access to your website from either certain IP addresses, or User-Agents.

    For instance the following .htaccess code would block the Chinese Baidu.com spider, HTTrack which is a website copier, and the Russian Yandex.com search engine.

    RewriteEngine On
    RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex).*$ [NC]
    RewriteRule .* - [R=403,L]

    Block unwanted users from your website using .htaccess

  7. Deal with WordPress comment spam

    You should be using a CAPTCHA plugin to protect against comment spam like WP-reCAPTCHA.

    If your WordPress site already has comment spam you can clean up WordPress comment spam.

    Find out who is comment spamming you

    If you alread have comment spam you should remove it from your database, and then you can try to protect against further comment spam based off who is trying to spam you.

    For instance, a WordPress site today had these unique IPs that were trying to spam them:

    8 218.10.17.148
    8 60.173.26.43
    8 60.173.26.61
    9 218.10.17.208
    9 218.10.17.94
    9 60.173.10.231
    9 60.173.10.242
    9 60.173.10.244
    9 60.173.11.219
    9 60.173.26.47
    9 60.173.26.57

    So we can see that there are a lot of unique IP addresses from the 60.173 range, and the 218.10 range that are trying to spam our comments at least 8 times each.

    Now you can try to see where these IP addresses are from using a website like geoIPtool.com

    In this case you'd end up looking at:

    http://www.geoiptool.com/en/?IP=60.173
    http://www.geoiptool.com/en/?IP=218.10

    These ranges are all from China, so if that's not your target audience, there probably shouldn't be people from there commenting on your website.

    Block IP ranges from accessing your website at all

    You can outright deny these IP ranges in .htaccess with this:

    Deny from 60.172
    Deny from 218.10

    Block IP ranges from commenting on your WordPress site

    Or if you wanted to still allow people from these IP ranges to visit your site, but not comment on it, you could use these .htaccess rules:

    ErrorDocument 503 "Commenting disabled"
    RewriteEngine On
    RewriteCond %{REMOTE_ADDR} ^60.173 [OR]
    RewriteCond %{REMOTE_ADDR} ^218.10
    RewriteCond %{REQUEST_URI} ^/wp-comments-post.php$
    RewriteRule .* - [R=503,L]
  8. Limit or disable WordPress revisions

    Although not as intensive as preventing requests in the first place, you can also disable or limit WordPress revisions to improve database performance as well.

    Limit or disable WordPress revisions

    Install and use the Better Delete Revision WordPress plugin

  9. Update everything WordPress

    To ensure everything is running optimally be sure to update regularly.

    Update WordPress from admin dashboard

    Update WordPress theme

    Update WordPress plugin

  10. Request further help from support

    If all of this fails to help your WordPress website run faster and use up less resources, then a deeper investigation probably needs to be done on your access logs to see what's really being requested the most which could be causing problems for you.

    Resource usage patterns typically come in waves, so it's important to enable raw access logs in cPanel for your account, so that if you need to contact support for further help, we have a lot of data to work with to recommend you something as a possible culprit of your high usage.

    Once you have at least a full day of logs, feel free to contact techinal support for further help.

You should hopefully now have a better understanding on how you can optimize your WordPress website to reduce the resource usage required from the server in order to handle your account's requests.

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 201633

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!