Optimising Wordpress & Reducing Usage

All Valcato Hosting accounts are located on powerful servers shared between a number of customers and are great for running Wordpress. However sometimes Wordpress can use a lot of computing power - particularly when plugins are added - when this happens visitors may encounter a 508 Resource Limit Is Reached message.

These are some techniques that can be used to optimise and harden Wordpress so that fewer resources are used:

Install a Caching Plugin

A caching plugin reduces the amount of PHP and database processing required to load each Wordpress page on your website, replacing it with a static HTML file, which doesn't count towards the resource usage.

We recommend the WP Super Cache plugin; it's created by the team behind Wordpress.com

It can be downloaded from: https://en-gb.wordpress.org/plugins/wp-super-cache/

Installation instructions are here.

Register for Cloudflare

Cloudflare provides a free service which can automatically help protect your website from malicious visitors who might try and gain unauthorised access to your website via Wordpress, it also protects against bots who might flood your website and take it offline (known as a DDoS attack).

  1. Login to cPanel
  2. Click the Cloudflare icon
  3. Cloudflare Icon
  4. Click the Create your Free Account button
  5. Follow the on-screen instructions to create an a free Cloudflare account and get set up

Cloudflare is now protecting and optimising your website.

Disable xmlrpc.php file

The xmlrpc.php file is part of Wordpress used by external systems to login to your Wordpress admin area (for example the Wordpress iPhone app), but is often a target for bots to flood your website with failed login requests (known as a DDoS attack). If you don't need this functionality, then access to it can be blocked.

It's not sufficient to simply delete the file, as it will be restored next time Wordpress is updated. Instead it can be blocked:

  1. Login to cPanel
  2. Click the File Manager icon (or use SFTP)
  3. Navigate to the directory in which Wordpress is installed
  4. Edit the file called .htaccess
  5. Add the following code to the bottom of the file:
    # Block WordPress xmlrpc.php requests
    order deny,allow
    deny from all
    
  6. Save the file to the server

Access to this file is now permanently blocked and cannot be targeted.

Protect the Administration Area

The administration area of Wordpress is a common target for bots trying to guess the password of the Wordpress administration area and also flooding a website (known as a DDoS attack). Adding an additional protection to the administration area can prevent this:

  1. Login to cPanel
  2. Click the Directory Privacy icon
  3. Directory Privacy Icon
  4. Navigate to the directory in which Wordpress is installed
  5. Click the Edit button next to the wp-admin directory
  6. Tick the Password protect this directory checkbox
  7. Optionally enter a name to be displayed on the login prompt
  8. Click Save
  9. Directory Privacy Settings
  10. Next you'll be asked to specify a username and password. This can be any value, we recommend is be different from your Wordpress admin logins.
  11. Click Save

Now access to your Wordpress Admin login page is protected by an additional username and password prompt.

Schedule a Cron Job to perform housekeeping tasks

Each time a Wordpress page is loaded, it checks to see whether any housekeeping tasks need to be performed, and if necessary starts doing them in the background. This includes core features such as checking for updates, publishing scheduled posts and generating backups. So by logging into the Wordpress admin area, the intensive tasks are triggered in the background, using up the resources available for other tasks such as serving and processing PHP webpages. As a result your updates might be competing with these housekeeping tasks.

There is a solution; trigger the housekeeping checks every 15 minutes via a Cron Job instead of waiting for visitors to do it. This is a little more advanced:

  1. Login to cPanel
  2. Click the File Manager icon (or use SFTP)
  3. Navigate to the directory in which Wordpress is installed
  4. Edit the wp-config.php file
  5. Add the following code to the file:
    define('DISABLE_WP_CRON', true);
  6. Save the file to the server
  7. In cPanel click the Cron Jobs icon
  8. Cron Jobs Icon
  9. Use the dropdown menu to select the Twice Per Hour option
  10. In the Command text box, enter code like this:
    wget --delete-after http://YOUR_SITE_URL/wp-cron.php
  11. Replace YOUR_SITE_URL with the actual address of your website's Wordpress installation eg. example.com:
  12. Click the Add New Cron Job button

The regular Wordpress housekeeping tasks will now be triggered by the cron job. This should mean that when you or visitors go to the website, the background tasks have already been performed, leaving more resources for your editorial tasks.
For reference here is the section of the Wordpress documentation which covers these changes: https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/

 

Completing these steps will help harden and optimise the Wordpress app on your website, allowing more visitors to access it and reducing the resource usage.

  • wordpress, optimising, usage, 508, resource
  • 1 Users Found This Useful
Was this answer helpful?

Related Articles

Your PHP installation appears to be missing the MySQL extension which is required by WordPress

The following error may occur when visiting your website using Wordpress: Your PHP...

How to check the Wordpress version

Keeping the Wordpress software up to date is important to maintaining the security of your...

Excluding folders from Wordpress Permalinks

Permalinks are the permanent URLs to your individual Wordpress blog posts, as well as categories...

Powered by WHMCompleteSolution