How to speed up your website to improve user experience and top Google search results as well as reduce hosting costs by decreasing CPU usage
Slow websites cause two big problems: 1) Increased hosting costs and 2) Slow websites or pages will be penalized in Google’s search rankings because website performance measured by page load speed is a big factor in Google’s search ranking.
I discovered the cost of hosting when your website starts to receive some real traffic. I received the dreaded e-mail that so many people receive from their hosting service, that my website is receiving substantial traffic causing excessive CPU usage and I have to upgrade my account. Site5.com wanted to increase my hosting fee to $123 per month (VPS4) and gave me three days to upgrade my account or move it elsewhere. The e-mail stated, “We are having an emergency issue involving your account.” “Your average usage CPU time is 10.03% while the average CPU usage is 0.48% across our fleet.”
I looked around and found that $123 per month at Site5.com was a good price for what they offer (but see Hosting below for much faster hosting for half the price). I didn’t want to spend that money if it wasn’t necessary. Fortunately, Site5.com was patient and gave me more time to work on reducing my CPU usage. I worked on various ways to reduce CPU usage for three weeks and was successful in making a big difference. Site5.com “Server Health Department” wrote, “I pulled up your stats again and they are still a small amount over, but close enough that we can let it slide. As such we are marking this issue resolved now.”
On my hosting account, I run websites with plain HTML; PHP scripts; and some with WordPress. WordPress is a great content management system to build a website and/or blog but it is a heavy database user and can hog CPU time. I decided to implement several methods to optimize my websites, improve security, and reduce CPU usage instead of paying $123 per month.
Want Someone Else To Do It For You?
I wanted to speed up my NY personal injury law firm website newyorkseriousinjuryattorneys.com.
I used THE DIY SPEEDWORKS plan at wpspeedguru.com This plan is Alexei’s most expensive plan at only $299. This plan is more expensive because he tells you (via Skype) what to do and you do it yourself. That takes a lot more time than if he does it himself. The total time to make the changes to substantially speed up my website was approx. 2 1/2 hours.
After doing what I could on my own over a long period of time, mostly doing the things I wrote about in this article, I was able to triple the speed of my website. Then I contacted Alexei at wpspeedguru.com. Alexei was able to again triple the speed of my website and gave me a recommendation to speed it up even more with a small website design change.
This plan is good if you want to learn how to do it on other websites. I have several websites I want to speed up but I took this plan just to see what he was doing and to know what not to do to undo what was done. I will let him speed up my other websites himself with THE SPEEDWORKS plan.
THE SPEEDWORKS plan is his complete done-for-you WP site optimization service with FREE diagnostics ($49 value) designed for smaller to medium size sites is only $199.
If you want to spend less and do it yourself but want instruction, Get the WordPress Speed Secrets videos. Simply follow them step by step to speed up your site.
Website Speed Analysis Tools
Fast or Slow – GLOBAL WEBSITE SPEED PROFILER by Wordfence
Google PageSpeed Insights tests both mobile and desktop versions of your website. Google tells you what is slowing down your website, giving it a score of up to 100, and tells you how to fix it. More important than this test is the actual page speed. You can also use the Page Speed FireFox Addon or Chrome extension from Google.
Webpagetest.org Run a free website speed test from multiple locations using IE; Chrome; and Firefox browsers at your chosen real consumer connection speed. You can choose from many different locations; different devices; and connection speeds. This test gives you very detailed information about what is slowing down your website.
How to run the speed test:
- Choose the test location you want to test from
- Choose the browser you want to test for
- Click on the “Advanced Settings” arrow drop down and increase the number of tests to 5 or more up to 9 (since each test will always vary depending upon many factors such as internet connections and server demand, choosing 5 will give you an average speed.)
Pingdom Speed Test – popular, quick, and easy to use website page speed test.
GTmetrix – GTmetrix uses Google Page Speed and Yahoo! YSlow to grade your site’s performance and provides actionable recommendations to fix these issues.
keycdn website page speed test – Select from 14 test locations.
Check to see if you are using GZIP compression check.
After going through everything here to speed up my largest web site, which uses WordPress Multisite, I added this section on hosting because it made a huge difference.
Top10GoogleResults.com was on shared hosting at Site5.com which had good support (but not since they were bought). Shared hosting is generally faster than VPS because they give you more resources but if you use too much, they’ll kick you out.
Site5 finally kicked out my WordPress Multisite and I took their VPS2 but it was really slow! Then they wanted me to go to VPS4 which is expensive. After a long search, I found WiredTree.com (now LiquidWeb) where I bought their least expensive pure SSD server. My site seemed about 5 times faster and was half the cost of Site5! They even have 24-hour telephone support. My sites were moved to LiquidWeb (when they bought WiredTree) which was even faster and has good support. Finally, while Top10GoogleResults.com is still hosted at LiquidWeb, my WordPress Multisite is now at WPEngine which is much faster.
Godaddy Premium DNS – promises faster performance and better reliability for your domain names at a low monthly price for an unlimited number of domain names. Easy to set up and comes with 24/7 tech support.
Amazon Route 53 – Amazon provides great services but is more complicated.
The two options I considered are WP-Super Cache and W3 Total Cache. I chose WP-Super Cache because it appeared easier to set up and some people were stating that it was better for a shared hosting environment although I suspect that was because W3 Total Cache was not set up properly. WP-Super Cache works well on my stand-alone WordPress sites but was causing numerous and serious headaches on my multisite installation. On WPMUDEV, I found Mark de Scande of www.bloglines.co.za and asked him to look at my problems. Mark removed Super Cache and installed Quick Cache which is working well without headaches.
WP Widget Cache for WordPress will cache the output of your widgets and works with WP Super Cache.
Compression and Minifying
I tried using a performance speed booster for WordPress which will optimize and minify JS, CSS, and HTML. WP Performance Score Booster increased the website scores for Top10GoogleResults.com slightly and substantially on another website. WP Performance Score says it will speed-up page load times and improve website scores in website speed tests like PageSpeed, YSlow, Pingdom, and GTmetrix.
CDN (Content Delivery Network)
For WordPress, the plugin Use Google Libraries allows your WordPress site to use the content distribution network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly (Thanks to Bill Wood www.r3now.com for suggesting this plug-in.)
Your SEO efforts can be compromised and your website can lose rank in Google if it gets hacked or your domain gets on an email blacklist. If your IP or domain is listed on a blacklist there is a high likelihood your customers may not be able to get your email. Knowing immediately when your website gets blacklisted is of critical importance to your website and business. Get free blacklist monitoring for your domain from MXToolbox.
Attempted botnet attacks against WordPress sites use substantial server resources and have frequently crashed my sites. The only botnet stopping plugin I found to work is a free plugin Botnet Attack Blocker which will lock out all admin login attempts from all IPs except whitelisted IPs when an attack starts and then automatically unlocks after the attack. Botnet Attack Blocker now works with WordPress Multisite, just change the default values and the same values will be set for all subsites. Read the reviews.
Other plugins like Limit Login Attempts state that it will “Limit the number of retry attempts when logging in (for each IP). (emphasis added)”. The problem is that botnet attacks can come from multiple IP addresses at the same time. If 5,000 computers each with a different IP address try to brute-force your admin password and are locked out after 5 incorrect attempts then 25,000 attempts were allowed and your server will crash. The Botnet Attack Blocker plugin ignores the different IP addresses and locks out all admin login attempts so those 1,000 different computers will only have a total between them of 5 incorrect attempts. The plugin can easily be configured to your likes in the settings. I used the default settings and whitelisted my IP so I can get in even during a botnet attack.
Captcha, a WordPress plugin says it allows you to implement a super security captcha form into your login and other areas you select using math logic. This may also help keeps bots from using CPU resources with login attempts.
and protects your website from spam by means of
Really good articles written to tell you how to prevent a successful attack and attempts:
- WordPress Security: The Ultimate 32-Step Checklist
- Secure Your WordPress, Playing With Your .htaccess File
- Is there any way to rename or hide wp-login.php?
- Ongoing WordPress Security Attacks, The Details and Solutions.
Also, Cloudflare now detects the signature of botnet attacks and stops them (but only one IP at a time). I’m now using the premium version of Wordfence on my multisite which is a good deal because you only need one API key license for all of the sites on multisite. But Wordfence also only blocks botnet attacks from only one IP at a time.
Passwords: Use a different complicated password for every site you log into, whether it’s your own website or not. For my own web sites, I use passwords that are 17-18 characters long. I use www.LastPass.com to remember my user names and passwords and automatically log me into web sites. This is a good article about password security.
Usernames: Do not use the default login username such as Admin which is the default login username for WordPress. Just change it to something else. The username doesn’t have to be complicated like a password, just not the default and preferably not something common like Phil. Phil2006 is good.
wp-config Security Keys (only for WordPress): Make sure you are using all 8 unique keys and Salts in your wp-config file. These are a random array of letters, numbers, and special characters. WordPress has a tool to create keys and Salts. Just copy the keys and Salts from the tool page and paste in wp-config where you see (then upload wp-config with an FTP client like Filezilla):
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
Image Hot Linking — Prevent Bandwidth Theft
Decreasing the file size of images by optimizing your images is a must. You should optimize images before uploading them to your website. Read everything you could want to know about image optimization at Google. There are plugins for WordPress which can optimize images automatically, but I don’t want to add another plugin that will further bloat and slow the database. I was using ImageOptimizer a free download and did a great job of substantially reducing images without any noticeable reduction in quality but I can’t get it to run in Win 7. Other stand-alone image optimization applications are: ImageOptim; RIOT; JPEGmini; ImageAlpha; pngquant; and TinyPNG. I use RIOT.
ImageOptim says “How does ImageOptim compare to TinyPNG and JPEGmini?” Tools like ImageAlpha/pngquant/TinyPNG and JPEGmini can make files much smaller using lossy compression which (slightly) lowers image quality. ImageOptim is lossless — it compresses image files without affecting quality. For best results, you should first compress images using a lossy tool and then apply ImageOptim for even better compression.” You can also use the online Smush.it™ from Yahoo which is lossless.
Optimizing the Database
This guide will show you how to easily optimize the database using phpMyAdmin. For a WordPress database, there are a couple of popular plug-ins. WP-Optimize will automatically clean up your WordPress database and optimize it without phpMyAdmin and will also remove page revisions. WP-DBManager is another plugin to optimize, repair, backup and restore your database. This article provides two other plug-ins and information about optimizing or repairing a WordPress database. Another article about optimizing a WordPress database and 3 plugins. I do it manually using phpMyAdmin.
Blocking Foreign IP Addresses
A substantial amount of traffic comes from foreign countries. Some of that traffic is legitimate visitors but much of it consists of spammers. I have no need for foreign visitors or spam so I was interested in blocking all foreign visitors. Not only does this substantially decrease usage but it substantially decreases spam comments and other types of spam submissions.
With WordPress, I use a free plug-in called iQ Block Countries. For non-WordPress sites, I found Power Redirector 2 which I have not tried. I’m now using the premium version of Wordfence on my multisite (see Security above) which allows you to easily block all the countries you want.
You can also block visitors by country using the server firewall.
Another method of reducing CPU usage and speeding up your website is to offload the work for commenting. I decided to go with IntenseDebate but stopped because I received 9 thousand spam comments and it still works and can be downloaded but doesn’t seem to be supported anymore.
I looked at Disqus but there are a lot of articles about Disqus slowing down websites and selling data. I have a lot of websites and Disqus is not inexpensive, so I decided not to use Disqus.
I found Hyvor Talk which is only $5 per month for an unlimited number of websites. Hyvor says they do not sell your data. Best of all, Hyvor Talk claims it will not slow down your website. I just paid a second person to speed up my law firm website. I then checked the site speed using GTmetrix and PageSpeed Insights after activating Hyvor Talk and it did not slow down my website at all.
Reducing comment spam will reduce server load. A substantial amount of comment spam results from pingback and trackback notifications which occur when a spam site links back to your content. I turn off pingback and trackback notifications. You should turn these off now but if you already have content, you will have to go to each post or page which was already created. In WordPress, go to Settings >Discussion and uncheck “Allow link notifications from other blogs (pingbacks and trackbacks). While here, uncheck “Attempt to notify any blogs linked to from the article”.
Stopping spam bots from submitting automatic comments will have a significant impact on reducing CPU usage. There are a few interesting plugins for WordPress but the free ones are not updated frequently or at all. For instance, Growmap Anti Spambot Plugin (free) now shows: This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. A captcha plugin that was recommended by my hosting company, Spam Captcha also hasn’t been updated.
If you have a personal blog, you can use Akismet for free but if it’s not a strictly personal site, it’s fairly expensive starting at $5 per month per site.
By far, the best comment spam solution for non-personal sites is CleanTalk.org. CleanTalk spam protection is in the cloud and has “No Captcha, no questions, no counting animals, no puzzles, no math.” Not only does CleanTalk stop comment spam but it also stops spam registrations and contact form submissions. CleanTalk claims they provide 99.998% protection from spambots. I tested a one-week trial of CleanTalk and after 327 spam submissions, only one got through, that’s 99.7% stopped, so I would say their claim is accurate. At the end of the trial, I paid for their service for several websites and now allow comments here. There is a WordPress plugin but the service is available for any website or blog.
At a fraction of the cost of Akismet, CleanTalk is a bargain. CleanTalk is currently only $8 per year (not per month) for one website but several discount plans are available for multiple websites. For instance, 3 websites for only $16; 5 websites for only $25 annually; and 10 websites for $46 annually. Plans are also available for 20, 30, 40, and unlimited websites for $15 per month. There is also a hosting plan which includes unlimited websites on the same IP for only $5 per month. One of the things I like about CleanTalk is the fact that it is not free. This ensures that it is constantly updated, won’t be discontinued, and works well. In fact, during the one week I tested it, it was updated once.
WordPress Page & Post Revisions
If you’re using WordPress, you may not know it but WordPress is constantly saving versions of your pages and posts when you are working on them. I just looked on a friend’s WordPress site and found that he had in the neighborhood of 50 revisions saved on his pages and posts and I found 505 revisions on a page on one of my websites. This will increase the size of your database. Revision Control is a really nice free plug-in that allows you to control how many of these revisions you want to be saved. After installing the plug-in, the default setting is set to unlimited revisions for both pages and posts, so you need to go into the settings and change it. I set mine to “Do not store Revisions”. Better Delete Revision is another free plugin.
WordPress Cron Control
Even after doing a lot of the optimization listed here, my websites continue to receive a lot of traffic which resulted in another e-mail from my hosting company stating, “Unfortunately upon checking the usage we are still seeing it too high for a shared hosting environment. Checking the logs further it is due to the wp-cron execution.” I installed WP-Cron Control (free) which seems to have made a big difference. After installing WP-Cron Control and optimizing the database, I received another e-mail from my hosting company stating that my CPU usage had gone down significantly.
WordPress, Multisite, BuddyPress, and bbPress Registration Forms
Spam users use your server resources for their benefit at your expense. WangGuard (free for sites earning under $200 per month) stops most spam user registrations and cleans your database from existing spam user registrations.
Google bot and other search engine bots have been constantly indexing wp-signup.php for every subsite on my Multisite which crashed the server. This can also help single WordPress sites. I uploaded a robots.txt file to the public_html directory on the server to stop this. Just create a .txt and name it robots.txt. Copy and paste in the file, the following:
User-agent: * Disallow: /wp-signup.php User-Agent: * Disallow: /wp-content/plugins/
One of my websites is using WordPress Multisite to create websites for lawyers. This site was responsible for the majority of my CPU usage although it was only running 291 subsites and most of those had only two pages. The more websites running off of WordPress Multisite, the larger the database. So, I got rid of splogs and split the database.
Database: I installed the Multi-DB plugin from WPMUDEV to split the database into 16 separate databases. Multi-DB substantially reduced CPU usage and also sped up the websites. I decided to pay someone to install Multi-DB for me because I did not want to spend the time to learn how to install it or the time to actually do it. If you want someone to do it for you, let me know and I can recommend someone who I found to be very reliable, knowledgeable and inexpensive. Multi-DB is a WordPress plug-in available with a paid membership from WPMUDEV but it’s well worth it to save on hosting fees and speed up the websites.
A free plug-in, called shardb, to accomplish the same thing but in a different manner was designed by Ron Rennick. Ron and his wife Andrea are well-known in the WordPress community and I have used Andrea to help me with LawFirm911.com™. I highly recommend them and I am sure that shardb works well but I went with Multi-DB because the person I used to install it was only familiar with Multi-DB. It’s apparently easy to switch from Multi-DB to shardb at any time so I have that option but Multi-DB is working very well and I like the idea of a paid plug-in because I know it will continue to be well supported.
If you have even a small WordPress Multisite installation or are planning a new installation, I recommend using Multi-DB or shardb which will very quickly save you a substantial amount every month on hosting fees. The side benefit of speeding up your websites will help to keep the websites in the top Google results. One caveat is that I was previously using BackupBuddy to back up the entire multisite installation and cannot do that any longer. BackupBuddy says that they will support Multi-DB soon but I don’t know when. In the meantime, I have been manually downloading 16 databases which is a pain in the neck. Until I find a backup solution, I would prefer one database with higher hosting costs.
Deleting Plugins: I have a lot of plugins installed and some of them are duplicative or not necessary. Plugins utilize the database and CPU usage, so eliminating plug-ins will reduce CPU usage. The problem is that I don’t know which plug-ins are not being used. These plugins are useful for checking to see which plugins are not being used at all so that you can deactivate those as needed or determine plugin popularity: Multisite Plugin Stats (now shows which plugins are installed on each subsite in Multisite); WPMU Plugin Stats; Network Plugin Auditor. Read How To Clean Up Unused Plugins in WordPress Multisite.
How to get Nginx and WordPress Multisite running on a VPS for less than $10 per month.
WordPress Optimization Resources
WordPress site speed optimization case studies – by Mark de Scande. Mark is a great guy who I use for work that’s beyond my capability on my WordPress multisite.
How to scale WordPress for high traffic – WP engine
WordPress Speed Analysis Tools
P3 (Plugin Performance Profiler) – See which plugins are slowing down your site. This plugin creates a report for your site’s plugins’ performance by measuring their impact on your site’s load time. WordPress sites often load slowly because of poorly configured plugins or because there are so many of them. By using the P3 plugin, you can narrow down the plugins causing your site to run slow. I was surprised to find two plugins that are CPU hogs, Formidable Pro, and AddThis.
WPDB Profiling plugin analyzes each individual database query.
TPC! Memory Usage plugin allows WordPress administrators to view the current and peak memory usage of the application.
After spending some time to optimize my websites for faster loading and decreased CPU usage, I received an e-mail from my hosting company stating that I am now ok. The added benefit of speeding up your website is helping to keep it in the top Google results.