We've built a number of websites over the years. From websites for nonprofits, to over 250 professional athlete sites, and everything in between, and if there's one thing we have learned, it's how important website speed, security and performance are.
Website performance has a profound effect on how your website ranks in search results for better SEO, as well as how your visitors engage with your site and your brand. Slower page load times lead to increases in abandonment - according to Kissmetrics, 40% of people abandon a website that takes more than 3 seconds to load, and 47% of consumers expect a web page to load in 2 seconds or less.
Yes, there are a seemingly endless number of plugins that you can download or install with a quick click of a few buttons, but will they really give you the speed boost and security you need? Maybe, but what if I told you that some times they can actually cause more damage than good. Don't believe me - just check out this article from Smashing Magazine that gives some specifics on Wordpress performance improvements that can go wrong.
Don't worry though, we are going to cover how to get the most out of your wordpress website without having to edit a ton of files, or download a bunch of plugins. You won't need to worry about compatibility or updating issues, or any of the other problems that might arise. A quick word of caution, make sure to make a backup of your site and database before making ANY changes, including the one's outlined below.
NOTE: This article assumes you have access to your webserver, and is written more specifically for those running Apache.
To boost performance and speed of your wordpress website:
define('AUTOSAVE_INTERVAL', 120); // the 120 is the number of seconds to wait to autosave
define('WP_POST_REVISIONS', 5); // the 5 is the number of posts to save
define('EMPTY_TRASH_DAYS', 7 ); // the 7 is the number of days something remains in the trash
# BEGIN Expire headers
ExpiresDefault "access plus 5 seconds"
ExpiresByType image/x-icon "access plus 2500000 seconds"
ExpiresByType image/jpeg "access plus 2500000 seconds"
ExpiresByType image/png "access plus 2500000 seconds"
ExpiresByType image/gif "access plus 2500000 seconds"
ExpiresByType application/x-shockwave-flash "access plus 2500000 seconds"
ExpiresByType text/css "access plus 600000 seconds"
ExpiresByType text/html "access plus 600 seconds"
ExpiresByType application/xhtml+xml "access plus 600 seconds"
# END Expire headers
# BEGIN Cache-Control Headers
Header set Cache-Control "public"
Header set Cache-Control "public"
Header set Cache-Control "private"
Header set Cache-Control "private, must-revalidate"
# END Cache-Control Headers
To add an extra layer of security for your wordpress website, try the following:
* Remove the WordPress version
* Disable HTML in WordPress comments
add_filter( 'pre_comment_content', 'esc_html' );
* Disable WordPress Login Hints
return 'Please try the right user/pass combination';
add_filter( 'login_errors', 'no_wordpress_errors' );
This list, of course, is not exhaustive, but it's a pretty quick and easy way to combat a number of the common issues that may arise when you're creating or maintaing wordpress whether for you or a client. Your hosting provider can often offer host specific information on performance and security enhancements, but we are ALWAYS here to assist and offer expertise. Just contact us and we will be in touch to get you on the right path.