We love WordPress at NSDesign, and build many websites using this as the Content Management System. Out the box, it works just fine, but to get the best performance from it (benefitting you, your site visitors, and your web host), then consider these 4 WordPress optimisation tips to help ensure ongoing smooth running!
1) Beef up the overall security
We recommend a great free plugin called iThemes security (formerly called “Better WP security”)
Install this, and go through the various settings (you’ll find it under “Security” in the left hand menu of WordPress admin).
You can probably leave most things as default, but at a minimum, make sure you “Hide Login Area” (from settings tab), and choose a unique back-end URL (so it’s not accessible via the default /wp-admin). This will massively reduce your chances of a hacker trying to crack your login details, since they won’t be able to find the login page itself! This type of attack (a dictionary attack on your login page) is one of the most common that your WordPress site WILL experience at some point, so make sure you protect youself with this, and of course some strong passwords in the first place. Another tip is never to create a user called “admin”.
2) Use a Caching Plugin
Without caching, every visit to your website requests a PHP file, which in turn queries the mySQL database, and then returns an HTML page. On a busy site with many visitors, that’s a lot of work for a web server to process, and often completely pointless.
If you install a good caching plugin, most of your site visitors get served static HTML files (with no accessing of the database or running PHP). This process speeds up the page response time and reduces the server resources needed for creating and serving a web page. Unless your WordPress content is changing every few minutes, then we tend to always recommend utilising caching.
Two of the most popular caching plugins are W3 Total Cache and W3 Super Cache. There’s a load of options and things you could tweak, but even just the default setting will work well for most site owners.
3) Reduce load by limiting the wp-cron frequency
WordPress uses a file called wp-cron.php in order to automate things like publishing scheduled posts, checking for plugin or theme updates, sending email notifications and more.
By default WordPress is setup to run wp-cron.php everytime someone visits your WordPress website when a scheduled task is present, to basically ask “is it time to do anything yet?”.
On low traffic sites this should never cause any real issues, but with a busy website, checking multiple times for scheduled tasks can prove very inefficient and lead to resource usage problems for your server, plus it can make your website load slower.
To help improve things, and reduce the impact from wp-cron.php:
1) Edit wp-config.php >> Add the following line UNDER this line: define(‘DB_COLLATE’, ”);
2) Create a Cron Job in Cpanel – The example below sets the cron to run every 2 hours, but we’d recommend setting it LESS Frequently if possible. Make sure also that your username, and path to WordPress is set correctly (we’ve assumed your wp-cron.php file is in your public_html folder).
0 */2 * * * cd /home/USERNAME/public_html; php -q wp-cron.php
If you’re not sure how to setup a cron job, or you’re not sure it’s working, get help from your web host.
4) Reduce load by limiting frequency of the admin-ajax.php
The WordPress Heartbeat API uses /wp-admin/admin-ajax.php to run AJAX calls from the web-browser to help with a number of things. However – it can also cause high CPU usage on the web server with a high volume of PHP calls. For example if you leave your dashboard open (as many people do when updating a Wprdpress site regularly) it will keep sending POST requests to this file on a regular interval. It’s also been known for hackers to try and DOS (Denial of Service) a server by posting directly to this file.
If you (or your webhost) notice that you are having an excessive amount of admin-ajax.php requests (check your web stats), then you can disable the WordPress Heartbeat API to prevent this type of activity, and improve performance.
There is a free WordPress plugin called ‘heartbeat control’ which can help you fix this problem. Follow the steps below to configure.
Install Heartbeat control
Go to WordPress Settings and click into “Heartbeat Control.”
Under “Control heartbeat locations” you have a few options:
Disable on dashboard page
Allow only on post edit pages (this is the recommended setting)
You can disable it altogether but remember this feature controls things like auto-saving and if you are working on a multi-author blog with multiple sessions this is something to take into consideration. Also the heartbeat API is used by a variety of plugins and disabling it could cause them to stop functioning.
Set the heartbeat polling frequency. 60 seconds should suffice.
Let us Help!
We hope that the above 4 WordPress Optimisation tips helps improve things for you. Trust us when we say your web host will thank you too! If you’d like any help with any of the above, or are looking for more support to help keep your WordPress website secure and up to date, then please get in touch. We offer a variety of support packages to match your needs, and we’d be happy to discuss how we can help you.