How to speed up your website to improve user experience and top Google search results as well as reduce hosting costs by decreasing CPU usage
Slow websites cause two big problems: 1) Increased hosting costs and 2) Slow websites or pages will be penalized in Google’s search rankings because website performance measured by page load speed is now a big factor in Google’s search ranking.
I discovered the cost of hosting when your website starts to receive some real traffic. I received the dreaded e-mail that so many people receive from their hosting service that substantial traffic my websites receive cause tremendous CPU usage and I would have to upgrade my account. Site5.com wanted to increase my hosting fee to $123 per month (VPS4) and gave me three days to upgrade my account or move it elsewhere. The e-mail stated “We are having an emergency issue involving your account.” “Your average usage CPU time is 10.03% while the average CPU usage is 0.48% across our fleet.”
I looked around and found that $123 per month at Site5.com is a good price for what they offer (but see Hosting below for much faster hosting for half the price). I didn’t want to spend that money if it wasn’t necessary. Fortunately, Site5.com was patient and gave me more time to work on reducing my CPU usage. I worked on various ways to reduce CPU usage for three weeks and was successful in making a big difference. Site5.com “Server Health Department” wrote, “I pulled up your stats again and they are still a small amount over, but close enough that we can let it slide. As such we are marking this issue resolved now.”
On my hosting account, I run websites with plain HTML; PHP scripts; and some with WordPress. WordPress is a great content management system to build a website and/or blog but it is a heavy database user and can hog CPU time. I decided to implement several methods to optimize my websites, improve security and reduce CPU usage instead of paying $123 per month.
Website Speed Analysis Tools:
Google PageSpeed Insights tests both mobile and desktop versions of your website. Google tells you what is slowing down your website, giving it a score of up to 100 and tells you how to fix it. More important than this test is the actual page speed. You can also use the Page Speed FireFox Addon or Chrome extension from Google.
Webpagetest.org Run a free website speed test from multiple locations using IE; Chrome; and Firefox browsers at your chosen real consumer connection speed. You can choose from many different locations; different devices; and connection speeds. This test gives you very detailed information about what is slowing down your website.
How to run the speed test:
- Choose the test location you want to test from
- Choose the browser you want to test for
- Click on the “Advanced Settings” arrow drop down and increase the number of tests to 5 or more up to 9 (since each test will always vary depending upon many factors such as internet connections and server demand, choosing 5 will give you an average speed.)
Pingdom Speed Test – popular, quick and easy to use website page speed test.
GTmetrix – GTmetrix uses Google Page Speed and Yahoo! YSlow to grade your site’s performance and provides actionable recommendations to fix these issues.
keycdn website page speed test – Select from 14 test locations.
Check to see if you are using GZIP compression check.
After going through everything here to speed up my largest web site, which uses WordPress Multisite, I added hosting because it made a huge difference. Top10GoogleResults.com is on shared hosting at Site5.com which has good support and their shared hosting is fast but their VPS account was slower (shared accounts are usually faster because they give you more resources but if you use too much, they’ll kick you out.) They kicked out my WordPress Multisite and I took their VPS2 but it was real slow! Then they wanted me to go to VPS4 which is expensive. After a long search, I found WiredTree.com (now LiquidWeb) where I bought their least expensive pure SSD server. My site now seems about 5 times faster and it’s half the cost of Site5! They even have 24 hour telephone support. Update, my sites were moved to LiquidWeb which is even faster and has even better support.
Godaddy Premium DNS – promises faster performance and better reliability for your domain names at a low monthly price for an unlimited number of domain names. Easy to set up and comes with 24/7 tech support.
Amazon Route 53 – Amazon provides great services but is more complicated.
The two options I considered are WP-Super Cache and W3 Total Cache. I chose WP-Super Cache because it appeared easier to set up and some people were stating that it was better for a shared hosting environment although I suspect that was because W3 Total Cache was not set up properly. WP-Super Cache works well on my stand-alone WordPress sites but was causing numerous and serious headaches on my multisite installation. On WPMUDEV, I found Mark de Scande of www.bloglines.co.za and asked him to look at my problems. Mark removed Super Cache and installed Quick Cache which is working well without headaches.
WP Widget Cache for WordPress will cache the output of your widgets and works with WP Super Cache.
Compression and Minifying
I tried using a performance speed booster for WordPress which will optimize and minify JS, CSS, and HTML. WP Performance Score Booster increased the website scores for Top10GoogleResults.com slightly and substantially on another website. WP Performance Score says it will speed-up page load times and improve website scores in website speed tests like PageSpeed, YSlow, Pingdom and GTmetrix.
CDN (Content Delivery Network)
For WordPress, the plugin Use Google Libraries allows your WordPress site to use the content distribution network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly (Thanks to Bill Wood www.r3now.com for suggesting this plug-in.)
Your SEO efforts can be compromised and your website can lose rank in Google if it gets hacked or your domain gets on an email blacklist. If your IP or domain is listed on a blacklist there is a high likelihood your customers may not be able to get your email. Knowing immediately when your website gets blacklisted is of critical importance to your website and business. Get free blacklist monitoring for your domain from MXToolbox.
Attempted botnet attacks against WordPress sites use substantial server resources and have frequently crashed my sites. The only botnet stopping plugin I found to work is a free plugin Botnet Attack Blocker which will lock out all admin login attempts from all IPs except white listed IPs when an attack starts and then automatically unlocks after the attack. Botnet Attack Blocker now works with WordPress Multisite, just change the default values and the same values will be set for all subsites. Read the reviews.
Other plugins like Limit Login Attempts state that it will “Limit the number of retry attempts when logging in (for each IP). (emphasis added)”. The problem is that botnet attacks can come from multiple IP addresses at the same time. If 5,000 computers each with a different IP address try to brute-force your admin password and are locked out after 5 incorrect attempts then 25,000 attempts were allowed and your server will crash. The Botnet Attack Blocker plugin ignores the different IP addresses and locks out all admin login attempts so those 1,000 different computers will only have a total between them of 5 incorrect attempts. The plugin can easily be configured to your likes in the settings. I used the default settings and white listed my IP so I can get in even during a bot net attack.
Captcha, a WordPress plugin says it allows you to implement a super security captcha form into your login and other areas you select using math logic. This may also help keeps bots from using CPU resources with login attempts.
and protects your website from spam by means of
Really good articles written to tell you how to prevent a successful attack and attempts:
- WordPress Security: The Ultimate 32-Step Checklist
- Secure Your WordPress, Playing With Your .htaccess File
- Is there any way to rename or hide wp-login.php?
- Ongoing WordPress Security Attacks, The Details and Solutions.
Also, Cloudflare now detects the signature of bot net attacks and stops it (but only one IP at a time). I’m now using the premium version of Wordfence on my multisite which is a good deal because you only need one API key license for all of the sites on multisite. But Wordfence also only blocks bot net attacks from only one IP at a time.
Passwords: Use a different complicated password for every site you log into, whether it’s your own website or not. For my own web sites, I use passwords that are 17-18 characters long. I use www.LastPass.com to remember my user names and passwords and automatically log me into web sites. This is a good article about password security.
Usernames: Do not use the default login username such as Admin which is the default login username for WordPress. Just change it to something else. The username doesn’t have to be complicated like a password, just not the default and preferably not something common like Phil. Phil2006 is good.
wp-config Security Keys (only for WordPress): Make sure you are using all 8 unique keys and Salts in your wp-config file. These are a random array of letters, numbers and special characters. WordPress has a tool to create the keys and Salts. Just copy the keys and Salts from the tool page and paste in wp-config where you see (then upload wp-config with an FTP client like Filezilla):
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
Image Hot Linking — Prevent Bandwidth Theft
Decreasing the file size of images by optimizing your images is a must. You should optimize images before uploading to your website. Read everything you could want to know about image optimization at Google. There are plugins for WordPress which can optimize images automatically, but I don’t want to add another plugin which will further bloat and slow the database. I was using ImageOptimizer a free download and did a great job of substantially reducing images without any noticeable reduction in quality but I can’t get it to run in Win 7. Other stand-alone image optimization applications are: ImageOptim; RIOT; JPEGMini; ImageAlpha; pngquant; and TinyPNG. I use RIOT.
ImageOptim says “How does ImageOptim compare to TinyPNG and JPEGMini?” Tools like ImageAlpha/pngquant/TinyPNG and JPEGMini can make files much smaller using lossy compression which (slightly) lowers image quality. ImageOptim is lossless — it compresses image files without affecting quality. For best results you should first compress images using a lossy tool and then apply ImageOptim for even better compression.” You can also use online Smush.it™ from Yahoo which is lossless.
Optimizing the Database
This guide will show you how to easily optimize the database using phpMyAdmin. For a WordPress database, there are a couple of popular plug-ins. WP-Optimize will automatically clean up your WordPress database and optimize it without phpMyAdmin and will also remove page revisions. WP-DBManager is another plugin to optimize, repair, backup and restore your database. This article provides two other plug-ins and information about optimizing or repairing a WordPress database. Another article about optimizing a WordPress database and 3 plugins. I do it manually using phpMyAdmin.
Blocking Foreign IP Addresses
A substantial amount of traffic comes from foreign countries. Some of that traffic are legitimate visitors but much of it consists of spammers. I have no need for foreign visitors or spam so I was interested in blocking all foreign visitors. Not only does this substantially decrease usage but it substantially decreases spam comments and other types of spam submissions.
With WordPress, I use a free plug-in called iQ Block Countries. For non-WordPress sites, I found Power Redirector 2 which I have not tried. I’m now using the premium version of Wordfence on my multisite (see Security above) which allows you to easily block all the countries you want.
You can also block visitors by country using the server firewall.
Reducing comment spam will reduce server load. A substantial amount of comment spam results from pingback and trackback notifications which occur when a spam site links back to your content. I turn off pingback and trackback notifications. You should turn of these off now but if you already have content, you will have to go to each post or page which was already created. In WordPress, go to Settings >Discussion and uncheck “Allow link notifications from other blogs (pingbacks and trackbacks). While here, uncheck “Attempt to notify any blogs linked to from the article”.
Stopping spam bots from submitting automatic comments will have a significant impact upon reducing CPU usage. There are a few interesting plugins for WordPress but the free ones are not updated frequently or at all. For instance, Growmap Anti Spambot Plugin (free) now shows: This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress. A captcha plugin which was recommended by my hosting company, Spam Captcha also hasn’t been updated.
If you have a personal blog, you can use Akismet for free but if it’s not a strictly personal site, it’s fairly expensive starting at $5 per month per site.
By far, the best comment spam solution for non-personal sites is CleanTalk.org. CleanTalk spam protection is in the cloud and has “No Captcha, no questions, no counting animals, no puzzles, no math.” Not only does CleanTalk stop comment spam but it also stops spam registrations and contact form submissions. CleanTalk claims they provide 99.998% protection from spam bots. I tested a one-week trial of CleanTalk and after 327 spam submissions, only one got through, that’s 99.7% stopped, so I would say their claim is accurate. At the end of the trial, I paid for their service for several websites and now allow comments here. There is a wordpress plugin but the service is available for any website or blog.
At a fraction of the cost of Akismet, CleanTalk is a bargain. CleanTalk is currently only $8 per year (not per month) for one website but several discount plans are available for multiple websites. For instance, 3 websites for only $16; 5 websites for only $25 annually; and 10 websites for $46 annually. Plans are also available for 20, 30, 40 and unlimited websites for $15 per month. There is also a hosting plan which includes unlimited websites on the same IP for only $5 per month. One of the things I like about CleanTalk is the fact that it is not free. This ensures that it is constantly updated, won’t be discontinued, and works well. In fact, during the one week I tested it, it was updated once.
Another method of reducing CPU usage and speeding up your website is to offload the work for commenting. After doing a lot of reading, I decided to go with IntenseDebate but stopped because I received 9 thousand spam comments and thought I would try anti-spam plugins. Try it out below and leave your comment about Intense Debate, other commenting systems or any other server resource saving ideas you have. You can read more about Intense Debate here.
WordPress Page & Post Revisions
If you’re using WordPress, you may not know it but WordPress is constantly saving versions of your pages and posts when you are working on them. I just looked on a friend’s WordPress site and found that he had in the neighborhood of 50 revisions saved on his pages and posts and I found 505 revisions on a page on one of my websites. This will increase the size of your database. Revision Control is a really nice free plug-in that allows you to control how many of these revisions you want saved. After installing the plug-in, the default setting is set to unlimited revisions for both pages and posts, so you need to go into the settings and change it. I set mine to “Do not store Revisions”. Better Delete Revision is another free plugin.
WordPress Cron Control
Even after doing a lot of the optimization listed here, my websites continue to receive a lot of traffic which resulted in another e-mail from my hosting company stating ” Unfortunately upon checking the usage we are still seeing it too high for a shared hosting environment. Checking the logs further it is do to the wp-cron execution.” I installed WP-Cron Control (free) which seems to have made a big difference. After installing WP-Cron Control and optimizing the database, I received another e-mail from my hosting company stating that my CPU usage had gone down significantly.
WordPress, Multisite, BuddyPress and bbPress Registration Forms
Spam users use your server resources for their benefit at your expense. WangGuard (free for sites earning under $200 per month) stops most spam user registrations and cleans your database from existing spam user registrations.
Google bot and other search engine bots have been constantly indexing wp-signup.php for every subsite on my Multisite which crashed the server. This can also help single WordPress sites. I uploaded a robots.txt file to the public_html directory on the server to stop this. Just create a .txt and name it robots.txt. Copy and paste in the file, the following:
User-agent: * Disallow: /wp-signup.php User-Agent: * Disallow: /wp-content/plugins/
One of my websites is using WordPress Multisite to create websites for lawyers. This site was responsible for the majority of my CPU usage although it was only running 291 subsites and most of those had only two pages. The more websites running off of WordPress Multisite, the larger the database. So, I got rid of splogs and split the database.
Database: I installed the Multi-DB plugin from WPMUDEV to split the database into 16 separate databases. Multi-DB substantially reduced CPU usage and also sped up the websites. I decided to pay someone to install Multi-DB for me because I did not want to spend the time to learn how to install it or the time to actually do it. If you want someone to do it for you, let me know and I can recommend someone who I found to be very reliable, knowledgeable and inexpensive. Multi-DB is a WordPress plug-in available with a paid membership from WPMUDEV but it’s well worth it to save on hosting fees and speed up the websites.
A free plug-in, called shardb, to accomplish the same thing but in a different manner was designed by Ron Rennick. Ron and his wife Andrea are well-known in the WordPress community and I have used Andrea to help me with LawFirm911.com™. I highly recommend them and I am sure that shardb works well but I went with Multi-DB because the person I used to install it was only familiar with Multi-DB. It’s apparently easy to switch from Multi-DB to shardb at any time so I have that option but Multi-DB is working very well and I like the idea of a paid plug-in because I know it will continue to be well supported.
If you have even a small WordPress Multisite installation or are planning a new installation, I recommend using Multi-DB or shardb which will very quickly save you a substantial amount every month on hosting fees. The side benefit of speeding up your websites will help to keep the websites in the top Google results. One caveat is that I was previously using BackupBuddy to back up the entire multisite installation and cannot do that any longer. BackupBuddy says that they will support Multi-DB soon but I don’t know when. In the meantime, I have been manually downloading 16 databases which is a pain in the neck. Until I find a backup solution, I would prefer one database with higher hosting costs.
Deleting Plugins: I have a lot of plugins installed and some of them are duplicative or not necessary. Plugins utilize the database and CPU usage, so eliminating plug-ins will reduce CPU usage. The problem is that I don’t know which plug-ins are not being used. These plugins are useful for checking to see which plugins are not being used at all so that you can deactivate those as needed or determine plugin popularity: Multisite Plugin Stats (now shows which plugins are installed on each subsite in Multisite); WPMU Plugin Stats; Network Plugin Auditor. Read How To Clean Up Unused Plugins in WordPress Multisite.
How to get Nginx and WordPress Multisite running on a VPS for less than $10 per month.
WordPress Optimization Resources
WordPress site speed optimization case studies – by Mark de Scande. Mark is a great guy who I use for work that’s beyond my capability on my WordPress multisite.
How to scale WordPress for high traffic – WP engine
WordPress Speed Analysis Tools:
P3 (Plugin Performance Profiler) – See which plugins are slowing down your site. This plugin creates a report for your site’s plugins’ performance by measuring their impact on your site’s load time. WordPress sites often load slowly because of poorly configured plugins or because there are so many of them. By using the P3 plugin, you can narrow down the plugins causing your site to run slow. I was surprised to find two plugins that are CPU hogs, Formidable Pro and AddThis.
WPDB Profiling plugin analyzes each individual database query.
TPC! Memory Usage plugin allows WordPress administrators to view the current and peak memory usage of the application.
After spending some time to optimize my websites for faster loading and decreased CPU usage, I received an e-mail from my hosting company stating that I am now ok. The added benefit of speeding up your website is helping to keep it in the top Google results.