WordPress has developed into a very popular Blog and CMS platform. We have hundreds of clients using it to power a wide variety of websites. However, WordPress is not without its faults. This article will attempt to provide some ideas for easing some WordPress' tendancies to overuse CPU and memory resources. We will update this over time, but to start we have a couple good ideas that we would recommend you adopt immediately to ensure your site runs more efficiently.
1. Ensure you're using a good cache plugin.
Our recommendation is for typical shared hosting is:
Our Shared hosting and WordPress hosting both support LiteSpeed Cache. Shared hosting uses the OpenLiteSpeed server, while the WordPress hosting uses LiteSpeed Commercial and a separate database layer much powerful then shared hosting plans.
2. Do not use WordPress' built in cron job feature.
(NOTE: these days our cPGuard security system will do this for you automatically, but it's always a good idea to verfiy.)
By default, WordPress will run cron jobs every so often. By default, it will do this whether you have specifically asked it to run a particular job, or not. Our MediaServe Pro panel, however, gives you access to native Linux cron, which is far better for task scheduling. Every WordPress user should completely disable the built in cron, because it will fire frequently when your site is accessed, or not at all if your site is not accessed, making it both a resource hog and unreliable.
To disable WordPress' built in cron, and this line to the WordPress wp-config.php file:
define('DISABLE_WP_CRON', true);
You can put it above this line towards the bottom of wp-config.php:
/* That's all, stop editing! Happy blogging. */
Once you've disabled the built-in cron, schedule a new cron job in MediaServe Pro panel at Advanced > Developer tools > Cron jobs, and have it execute once per hour at most if possible. The command line will need to look like this:
cd /var/www/[website id]/public_html;php -q wp-cron.php
Replace the [website id] portion of the above with your MediaServe Pro panel website id which is seen in the URL when you visit the left menu Websites in the panel and select the website to access. If Wordpress is installed somewhere other than the public_html folder, use the correct path to Wordpress. Doing this will ensure your Wordpress cron gets executed regularly, but at a frequency far less than if you let Wordpress determine when to run it, which will free up resources for better performance.
3. Disable AJAX/Heartbeat except for autosaving posts.
An even bigger problem than the built in cron is the frequency with which the WordPress administrative dashboard uses Ajax, which causes frequent POST requests back to the server--even if you're simply logged into the admin with a page open, doing nothing. This is particularly bad when someone logs in to edit something and then leaves it open for an extended period of time after finishing whatever work needed doing.
The easiest way to resolve this problem is to install, activate and configure the following free plugin:
https://wordpress.org/plugins/heartbeat-control/
After installation and activation, visit Settings > Heartbeat Control and configure with these suggested values:
- WordPress Dashboard > Modify Heartbeat > Interval 120
- Frontend > Disable Heartbeat
- Post Editor > Modify Heartbeat > Interval 120
4. Slow down crawlers/spiders
We block a lot of the abusive crawlers that hammer websites hard and/or do not honor robots.txt, but even still you may want to slow down the legitimate crawlers such as Google, Bing and Yahoo. A simple addition to robots.txt to slow them down (add to the top of robots.txt in your site root):
User-agent: *
Crawl-delay: 30
5. Require captcha or image verification for user submitted content
Nothing attracts comment spam bots like a comment form on a blog that has nothing to verify a human is posting. This is one of the worst situations you can put yourself in. Spam comment bots will swarm your site 24/7 if you don't have your comment forms protected. You can even have moderation enabled for comments so that they don't automatically show, and bots will still submit spam comments and consume your available resources, leaving your site unusable at times.
If you are reading this and don't have some sort of verification on your comment forms, go take care of this right now! Stop what you are doing and go install captcha or something similar to protect your comment forms!
One of our favorite plugins for this, while not free (but still very inexpensive) is:
https://wordpress.org/plugins/cleantalk-spam-protect/
The above plugin does a great job at protecting forms and comments from spam and abuse.
