Speed up any WordPress site in 6 easy steps

WordPress is an amazing tool that has powered millions of websites worldwide for years.

When building a WordPress website for yourself or a client, it’s important to understand that WordPress was initially created for blogging! Everything else that adds extra features to the WordPress core comes in the format of “plugins” - small collections of PHP, CSS, and JavaScript files that integrate into your website. But if you’re a bit of a geek, you probably already know all this, so let’s move forward on how you can optimize your WordPress website using 6 essential techniques.

Contents

1 — Cloudflare 🚒

The first step everyone should be using is Cloudflare! Cloudflare is a DNS manager and CDN that brings many useful features that people aren’t aware of. When creating websites for clients or myself, I always make sure Cloudflare is a requirement!

Here we’ll introduce some basic settings you should enable and configure on the Cloudflare website to improve your WordPress website.

Cloudflare offers 3 different ways of SSL configuration. You should always make sure your hosting/VPS provider gives you at least LetsEncrypt free SSL certificates (if not, you should switch ASAP! Laravel Forge might be a good choice to provision your VPS).

We’ll provide screenshots of our standard configuration for WordPress setups:

1.1 — HTTPS / SSL ✅

In this step, make sure a certificate is already installed on your VPS/hosting. If you’re unable to generate a certificate, temporarily turn off Cloudflare SSL and try again.

You can now move forward to the next tab:

1.2 — Firewall Rules 🔥

The second step on Cloudflare is to set up some basic firewall rules. This will keep most automated bots and brute-force attackers away from your website, ensuring these attacks don’t affect your server’s performance. The great advantage over using plugins like iTheme Security or Wordfence is that Cloudflare acts at the DNS level, so these attacks will never reach you because they’re blocked at a higher level. Keep in mind that the rules we’ll show here are basic - some websites may require more or fewer tweaks based on your needs.

At this point, you can also add more rules based on User Agent, URL, and so on. Some of the most common rules to keep attackers away:

• User Agent contains: masscan/1.0, python-requests, WPScan
• URL contains: backups, .bak, backup, .env, setup.php, phpmyadmin

Hit Save and you’re ready to go! This will ensure that anyone (yes, even yourself) will need to solve a captcha when accessing any page that contains wp-admin or wp-login in the URL.

Why is this so effective? Because hackers often try to brute force those standard pages by default, so you’ll save a lot of CPU and RAM by keeping them away!

2 — WP Rocket 🚀

I’ve tried many different plugins for WordPress caching, minification, and other performance optimizations - W3 Total Cache, WP Super Cache, and so on. But I always found trouble at some point: some required extensive configuration, breaking styles, JavaScript, and more.

I’m a big fan of “keep it simple,” so here’s where WP Rocket shines! With a few clicks and toggles, you can get your website optimized without much technical knowledge, while being compatible with most themes without any issues. Some nice features we use in WP Rocket:

• Cache / Separated mobile cache
• Heartbeat Control (this really has a huge impact on CPU)
• Lazy Load & Image Optimization
• Merge / Minify JavaScript

Keep in mind that if you’re using Cloudflare to minify your CSS/HTML/JavaScript, you don’t really need to toggle the minify options - otherwise, you’ll be doing the same optimization twice. At this point, I prefer to let Cloudflare handle it. You also need to be careful and add URLs you want to exclude from caching. By default, WooCommerce URLs are ignored, but others such as wish lists should be excluded manually.

3 — Redis, Redis & Redis! 🚤

Yes! You might think it’s overkill, and yes it could be if your site doesn’t have major traffic. But if your website runs WooCommerce and has a lot of products or heavy traffic, a nice add-on is Redis Object Cache.

Redis Object Cache also has an enterprise version that claims to add even more performance (I haven’t tried it myself). If you don’t know what Redis is, you can read more on Google. I won’t go into detail here, but basically Redis is a fast object cache available for many languages and platforms. The port for PHP is called predis or phpredis, which should be available as a PHP extension on your hosting provider or via Composer.

When installed on WordPress through the WP Redis addon, it ensures that repeated queries and objects will be blazing fast as they’re cached in memory, so you’ll save some heavy queries to your MySQL database.

If all goes well, after some time you should see metrics like the following screenshot:

4 — Picking the Right Theme 🎨

There’s no doubt that there are tons of themes available on the WordPress market. But this is a decision you should take very seriously - don’t rush into picking the first theme that looks good to you. A bad theme (in terms of programming) can ruin not only your server but your user experience.

Often programmers take shortcuts and don’t really look at their code quality. Most users don’t understand how to evaluate a good theme when purchasing, so here we’ll give you a few tips to find out if the theme is well-made and fast!

• Look at HTML markup organization: Often bad markup and styling means the developer didn’t put in much time, which likely means they don’t care about what’s under the hood.

• Check CSS and JavaScript load: Inspect the code to see how much CSS and JavaScript are being included. The more JavaScript and CSS loaded, the more bloat and slower your site will be. Keep it clean with fewer dependencies.

• Test responsive design: Try the theme in responsive mode or on your phone before you buy it. Often developers make themes look good on desktop, but the mobile experience could be really bad. It’s always good to check how it looks on mobile - if you find little issues here and there, the developer might not be the best and didn’t put much effort into the mobile-first concept. This means you should probably avoid it.

• Check reviews: This is really important! If you visit ThemeForest, you can look at comments and reviews to see if other people who purchased the theme are having issues. If there are many comments/questions/problems, it usually means the theme is buggy - otherwise people wouldn’t complain or call out the developer/agency so much.

• Give preference to Elementor Page Builder: Why? Because it’s the modern page editor for WordPress. WP Bakery is outdated (not officially, but in my opinion), while Elementor is a lightweight editor that provides flexibility when customizing your pages in the future. Visual Composer (formerly WP Bakery) gave me some really bad memories, so I don’t recommend it personally.

5 — Find Good Hosting & Prefer a VPS 🏗️

With more bloat every day in WordPress Core and plugins around it, WordPress websites tend to be CPU-heavy. Often customers on shared hosting will struggle with very slow response times. The reason is that most shared hosting providers cap your CPU usage because the actual CPU is being used by thousands of other customers. For this reason, I’d avoid using WordPress (especially if paired with WooCommerce) on shared hosting if you want to keep your website blazing fast.

My recommendation goes for a small/medium VPS. You don’t need to be a sysadmin to set up a VPS - you can use services like Laravel Forge or Ploi.io to provision your VPS in a few minutes with very little effort. Keep in mind that VPS won’t include any cPanel (unless you pay for it).

There are also some nice solutions for managed hosting dedicated to WordPress, such as:

• WP Engine
• Kinsta
• SiteGround

6 — Battle with the Unknown & Debug 👻

Sometimes you may have done everything but you still don’t know why your site is buggy or slow! This could be happening for many reasons that we’ll describe below. Of course, we can’t cover everything, but these tools will be really handy when it comes to debugging and tracking what could possibly be making your WordPress website slow!

• Disable plugins one by one (Standard engineer fix! 😃) - keep testing if you notice any difference after disabling a certain plugin.

• Query Monitor: This is one of the best plugins when it comes to debugging. It will tell you about queries running, slow queries, requests going out, and a lot of useful info. For instance, you can check what plugins are hitting your database really hard, causing your website to be slow. The Swiss Army knife for WordPress owners & maintainers.

• Snitch: What I love personally about this plugin is you can keep track of what’s going OUT from your WordPress website and block certain files/URLs. This is pretty nice because you can block constant plugins from slowing down your website by sending requests for updates every minute, blocking URLs if they’re taking too long to respond, and block & track analytics being sent without your knowledge.

• Verify file integrity with plugins like Wordfence. This is really handy if you believe some of your WordPress core files were changed. Sometimes hackers hide deep in WordPress core files, so it’s always good to run a quick check every few weeks.

• Keep your plugins up-to-date. Often plugins bring performance improvements, so it’s always good to keep them updated - just make sure it won’t break anything and always perform a backup first!

• Disable WP_CRON: The WordPress cron is triggered every time a user hits a page (when necessary). It’s good practice to disable WP_CRON whenever possible and instead use Crontab available on most servers running cPanel or Linux. This ensures no extra workload is being called unnecessarily.

I hope you enjoyed this article - leave your comment and clap on! 👏