17 min read

Speed matters when it comes to your website.

You’ve heard it time and time again but do you know why speed matters? Most don’t. Page load time is a significant factor for visitors when they attempt to go to a website. If it takes more than a few seconds to load, they won’t stick around no matter how good the content is. You want your site to exhibit what is known as a “Positive User Experience (UX.)” Here are some page load time statistics for you:

  • 1s to 3s load time: probability of a bounce increases 32%
  • 1s to 5s: probability of a bounce increases 90%
  • 1s to 6s: probability of a bounce increases 106%
  • 1s to 10s: probability of a bounce increases 123%

So, as you can see, that load time is crucial to keeping visitors not only coming to your site but staying there as well. Site speed is important.

It’s also important for SEO.

While Google is tight-lipped about their ranking algorithms, it’s no secret that site speed on both desktop and mobile platforms is critical to a better ranking. If you have a competitor with a similar page, you will rank higher if you’re site is faster and you’ve done all the correct SEO optimization. (That’s a topic for another day.)

The bottom line is that a vanilla build of WordPress is not going to be properly optimized out of the box. You’re going to have to put a little work in to make it blazing fast and get all those delicious Google brownie points.

Why use WordPress at all if it’s so much work?

This is a very good question. It does seem rather counter-productive to use a CMS to build a website that will require further tweaking when you have options our there like Wix, Weebly, Squarespace, or any of the other various website builders. So, why use WordPress at all?

Simple answer… you own it, control it, and you can move your hosting when you feel like it.

Something that very few people seem to understand, either due to ignorance of the platform or just not really caring at the moment, is that those proprietary website builders WILL NOT ALLOW YOU TO MIGRATE AWAY FROM THEIR SYSTEMS. In other words, if you don’t like their service after some period of time, I hope you’re ready to build a new version of your website on a whole new platform because their website builder isn’t moving with you. A self-hosted WordPress will allow you to stay in control and be the master of your own destiny.

Here are some other reasons to use WordPress as well:

  1. It’s flexible and adaptable. While being originally designed to build blogs, WordPress has matured over the years and is now used by individuals, small businesses, and major corporations as their website platform of choice. Why? Because it’s easy to make just about any kind of website you can think of on the platform.
  2. It’s user-friendly. While it does take a bit of work to get it optimized correctly, the WordPress platform gives you the capability to design an impressive site right out of the box.
  3. Themes offer you an unlimited amount of options. The themes offered for WordPress are many and you can and will find one that works well for you. Many of these are instantly available to a new site owner through the WordPress theme directory, and thousands more can be purchased through design marketplaces and third-party designers from around the world.
  4. Plugins give you great options for additional functionality. If your theme doesn’t offer the functionality you need, there’s a pretty good chance that there are numerous plugins out there that will.
  5. WordPress sites generally rank pretty high in search engine rankings. They tend to have constant content updates and they have a lot of options for controlling your SEO and improving it.
  6. It has a built-in blog. A lot of CMS offerings don’t include this feature. A blog will help you keep that search engine ranking pretty high as long as your regularly update the content.
  7. WordPress sites are mobile responsive. If you’re using a theme in today’s WordPress world that isn’t mobile ready then you need to update the theme.
  8. There’s a huge WordPress community out there for support. Are you experiencing some sort of issue while developing your site? It’s almost a gaurantee that someone else has had a similar issue. Remember this: when designing your site, a Google search is your best friend for troubleshooting issues that may pop up.

Self-hosted WordPress?

It’s important to remember that WordPress.com is the commercial side of WordPress. Much like those proprietary website builders, if you have your WordPress site on WordPress.com, you are limited by their systems. You can buy some really expensive managed hosting with them and have a bit more control but, in the end, you’re at their mercy as to what plugins and themes you can use. The positive side is that you have a lot of support with their system, so it’s good for beginners. At the end of the day, though, you’re locked into their system as they make it extremely hard to migrate away from them. In fact, you’d have to rebuild your WordPress site because all you can take is information like your specific posts, users, and basic settings via an XML file.

My advice… go the self-hosted route. Purchase a hosting plan, build your site, own your destiny.

What type of hosting plan should I get?

This depends, primarily, on two things in my mind:

Are you a business or a hobby?

There is a super easy way to determine if you’re a business or a hobby that one of my friends in the hosting industry once shared with me:

If you’re not spending more than what you spend on your cell phone bill every month, then you have a hobby.

Why? Because you’re not investing in your business, your idea. A business website requires a lot of work and maintenance to operate proficiently. It requires marketing. It requires regular updates. It requires you to pay attention to things like optimization, SEO, and user experience. If you’re not working towards improving all of that, all of the time, then you’re simply a hobbyist no matter how much you think otherwise. Harsh, but true.

Here is the breakdown on what type of hosting you need based on that criteria:

  • Shared Hosting: This is a type of web hosting that is usually fairly cheap because the cost of the server is spread among the number of people on the server. This also means you share resources with them and the things they do on their portion of the server can affect your performance. To use an analogy, shared hosting is like living in an apartment building. There is a reason it’s cheap. You shouldn’t expect a lot out of shared hosting in terms of performance if you’re getting a lot of traffic or you’re trying to run an e-commerce platform.
    • Shared hosting is recommended for: beginners, hobbyists, starter budgets
  • Business Hosting: This type of hosting isn’t offered everywhere but it’s an awesome step between shared hosting and a VPS/Dedicated server. It works the same as shared hosting but it has its own dedicated resources, like a VPS/Dedicated server. This means you won’t have to suffer the same sort of resource usage limitations you would on a shared server. This is definitely a more expensive option than shared hosting but it is well worth the price. Think of this as living in a swanky duplex with a badass cable/internet package. This type of hosting is a platform you can stay on for a long time before you grow out of it.
    • Business hosting is recommended for: small to medium business owners, industry professionals, people that have outgrown shared hosting platforms, bigger budgets
  • VPS: A Virtual Private Server is very similar to Business Hosting as far as the resources go but the main thing here is that you have more control of your server. With this hosting, you can get what is called “root access,” which means you get to control the way the server behaves, what is installed on it, etc. It also means you can completely destroy everything you’ve done if you haven’t a clue how to manage it. This type of hosting is perfect if you have very specific needs, like an application or code that won’t run on the more controlled hosting environments. Think of a VPS as a nice condo on the beach, with dedicated resources and a gated community to keep out the riff-raff.
    • A VPS is recommended for: established businesses, specialized applications, specific security needs, bigger budgets
  • Dedicated Server: This is the big papa of the hosting scene. A dedicated server is just that… a server dedicated all to you. You’re not sharing anything with anyone and you have complete control of the hosting environment. This type of hosting is not for the faint of heart. In fact, it’s rather rare that anyone needs this type of hosting unless they’re running a very successful business with a lot of customers and have very specific needs when it comes to hosting. This is the mansion of hosting. All yours, you have vicious guard dogs, and the pool in the back is awesome.
    • A Dedicated Server is recommended for: large companies, big budgets, special needs for hosting

My personal recommendation is the business hosting plans that we offer. That’s what I use and it hasn’t let me down yet. It’s robust and simple to use giving you the best of shared hosting and the resources of a VPS.

A word about Managed WordPress hosting options

Another option for your self-hosted WordPress site is to pick one of the many Managed WordPress platforms available. With the market share for WordPress covering over 30% of all websites on the internet, hosting companies saw an opportunity and lunged on it. They’ve all started creating Managed WordPress solutions for their customers, touting them as the easiest way to use WordPress and have a fast site. We even offer Managed WordPress options here. All that being said, I have a word of advice for anyone serious about their WordPress website…

Avoid them like the plague.

There are too many limitations, including the types of plugins and optimizations you can make. Hosting companies change your code and make it harder to migrate away from them. Often, hosting companies repurpose old tech in order to dedicate to their MWP solutions instead of buying more up to date server hardware. The list goes on and on. That is not to say they’re a bad option. They’re great for people that are starting out and don’t know what they’re doing.

The Tools of the Trade

Now we’re gonna get down to the real business: the tools you’ll need to accomplish this. I will preface this by stating that each of the products I’m about to recommend are also products for which I am an affiliate and I do make a tiny fraction of money off them if you buy them through my links. That being said, I don’t associate myself with products I don’t use or know work well. Every single product I’m about to recommend I currently use on my own site and for very good reasons. Namely, if you run my site through GTMetrix.com, you’ll find that I score very high on optimization. I accomplished this using my own know-how on the inner functioning of WordPress and using the following products.

  1. Theme: GeneratePress – This theme is the best. It comes optimized out of the box, built for speed, and has a ton of customization options. It has both a free and paid version but the paid version is cheap (under $50 per year) and comes with an unlimited license. Yes, you can use the paid theme on as many websites as you want. It’s not a heavy theme at all, clocking in at just under 30kb. Compare that to some of the bigger, all-in-one themes (cough, Avada, cough) which clock in at hundreds of megabytes when installing. There is zero bloat on this theme and it’s blazing fast.
  2. Website Builder: Beaver Builder – There are a ton of website builders out there and a lot of them are good. That being said, I will always go with Beaver Builder for a lot of reasons. It doesn’t eat up a lot of server resources. It’s super easy to use. The support you get if you have an issue is second to none. Finally, it just works.
  3. Caching/Optimization Plugin: WP Rocket – Without a doubt, the best caching plugin out there. Most of the work you’d need to do for speed optimization is done when you activate the plugin. You can tweak your settings even further to get the speed you want to see from your website. This plugin is irreplaceable. I’ve used every major caching plugin and they don’t compare.
  4. Malware Protection/CDN: Website Security powered by Sucuri – With that 30% market share that WordPress has, you also have a lot of hackers out there looking to compromise poorly maintained WP sites. You HAVE to protect yourself or you will, inevitably, be the victim of a malware attack and it’s a pain in the ass to clean up. Additionally, a content delivery network (CDN) is almost mandatory in today’s world to prevent brute force attacks and speed up the local delivery of your website to your visitors. Usually, you would purchase these two services separately and they’d cost you hundreds of dollars a piece. With Website Security powered by Sucuri, you get both. Malware protection/removal, protection against all sorts of web-based attack vectors, and a CDN to give your site a speedy delivery. That’s hard to beat.
  5. SSL (Secure Socket Layer): For those not in the know, an SSL is now required by all major web browsers on your site or, when someone attempts to go to your site, it will give them a warning saying the site is insecure. This will kill your conversion rate. Additionally, Google itself will not rank your website very high without an SSL. It’s the cheapest SEO boost you can buy.

There are other things you might consider, depending on your needs, but this is the base kit you need to succeed. You WILL build fast sites using these tools.

Let’s optimize!

While WP Rocket will do a lot of the heavy optimization lifting, there are still some other things that you’ll want to take into consideration. Keep in mind that EVERY WordPress installation is a little different, no matter what themes, plugins, or setup you may use. I want to repeat that for emphasis: I DON’T CARE HOW MANY TIMES YOU’VE BUILT THE SAME TYPE OF WEBSITE WITH THE SAME TOOLS, EACH AND EVERY WORDPRESS INSTALLATION IS DIFFERENT AND WILL ACT DIFFERENTLY IN SOME WAYS. There is no 100% guarantee that the same setup will work the same way in every installation. All that being said, here are some optimization tips that will help you out that is very generalized but, also, very powerful and they will make an impact on the performance of your website.

Add a CAPTCHA: CAPTCHAs help protect your site from spamming by bots and other malicious actors. They force people to identify themselves as humans by performing simple tests. Protecting yourself is as simple as installing the Google Captcha (reCAPTCHA) plugin and doing the setup. This will mitigate a lot of security concerns and keep random bots from infiltrating your website.

Use your own cronjob: The wp-cron.php file that installs with every WordPress installation can sometimes be problematic. Far too often it runs unnecessarily and causes resource issues that can slow your site down considerably, especially on sites that receive a lot of traffic. For a site that doesn’t receive a lot of traffic, it can be a significant amount of time before a visitor loads a page and trigger the cron task. This can cause missed schedules for publishing posts and other unintended effects.

To resolve these issues, you can disable the default wp-cron.php and configure a real cron job. To do this, take the following steps:

  1. Log in to your account using cPanel or SSH.
  2. Using the cPanel File Manager or the command line, open the wp-config.php file in a text editor.
  3. Add the following line to the wp-config.php file:
    define('DISABLE_WP_CRON', true);
  4. Save the changes to the wp-config.php file and then exit the text editor. The virtual WordPress cron job is now disabled.

After disabling the default cron job, you are ready to set up a real cron job that runs at fixed intervals regardless of the site traffic.

  1. Log in to cPanel.
  2. In the Advanced section of the cPanel home screen, click Cron jobs.
  3. Under Cron Email, type the e-mail address that you want to receive notifications, and then click Update Email. Every time the cron job runs, the e-mail account will receive a message.
    If you do not want to receive e-mail notifications for the cron job, you can append >/dev/null 2>&1 to the command, which redirects all output to /dev/null.
  4. Under Add New Cron Job, in the Common Settings list box, select Twice an hour.
  5. In the Command text box, type the following line. Replace username with your own cPanel account username:
    cd /home/username/public_html; /usr/local/bin/php -q wp-cron.php
    NOTE: This line assumes that you installed WordPress in the document root (public_html) directory. If you installed WordPress in another directory, modify the cd command to change to that directory instead.
  6. Click Add New Cron Job. The new cron job settings take effect immediately.

Disable the Heartbeat: The “heartbeat” feature enables WordPress to monitor user actions and sends periodic updates to the web server. The heartbeat is used to save drafts automatically, lock post edits, log out administrators after an idle period, and more.

However, in some scenarios, the heartbeat may send an excessive amount of requests to the server. When this occurs, site performance can suffer. For example, CPU loads may increase, or you may receive “The Connection Has Been Reset” messages in your browser.

By default, WordPress does not provide a way to disable or change the heartbeat settings. However, you can install the Heartbeat Control plugin to do this. If you’re the only one that works on your site, disable everything. If you have multiple authors, disable it on the frontend only.

Disable XML-RPC:  XML-RPC is a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. In human language, this means that you can post to your blog directly from email or any number of other services that are NOT your WordPress dashboard. If you want to access and publish to your blog remotely, then you need XML-RPC enabled.

In order to turn this off, you have a couple of options:

All you have to do is paste the following code in a site-specific plugin:

add_filter('xmlrpc_enabled', '__return_false');

Alternatively, you can just install the plugin called Disable XML-RPC. All you have to do is activate it. It does the exact same thing as the code above.
How to Disable WordPress XML-RPC with .htaccess

While the above solution is sufficient for many, it can still be resource intensive for sites that are getting attacked.

In those cases, you may want to disable all xmlrpc.php requests from the .htaccess file before the request is even passed onto WordPress.

Simply paste the following code in your .htaccess file:

# Block WordPress xmlrpc.php requests
<Files xmlrpc.php>
order deny,allow
deny from all
allow from

After completing all this, you should see a difference.

Please keep in mind that while this isn’t an exhaustive list of what needs to be done to make a blazing fast website, it is going to get you a lot further than just slapping a ton of plugins on your WordPress installation and hope for the best. Remember, you’re the one that has a stake in your website’s success. It’s your responsibility to do everything you can in order to help your chances.
If you’re having issues with these types of changes, you need to hire a developer. Here at joeforrest.com, we can help with that! Just check out our WP Dev Support, purchase a plan, and submit a ticket.



Leave a Comment