Over the years, I have set up a lot of WordPress sites for my self as well as some of my clients. Down the road, I have discovered some good-to-follow setups for a secure and high performance WordPress site.
For me, a high performance WordPress site must be:
- Secure and Spam Free
- Fast Loading
- Minimum Resource consuming
- High Availability
- Search Engine Optimized
To meet these goals, you must optimize on both your software and hardware. It might require a little technical knowledge on the server optimization, but why stop yourself from being adventurous and learn it from trial and error?
I will recommend Amazon AWS Ubuntu Nginx instance for the performance. If you are already using other server OS other than Ubuntu Nginx, you can still proceed to read this guide for optimizing WordPress performance.
I have once have my website with 3 – 5 millions pageviews a month on Lunux and Windoes server. Windows server general consume more resources than Linux. I have tried apache on Centos but it create a lot zombies (idle processes) when you get a lot of traffic. I have then adventure to use Nginx on Centos as reverse proxy. Performance dramatically improved but the server still become slow and ends up reboot when traffic spike.
Eventually I’ve move to Nginx on Ubuntu. This setup so far has the best performance but you have to sacrifice some graphic user interfaces such as Cpanel and WHM.
Installing Wordpres on Nginx can be a little different compared with what you have experienced using GUI such as Cpanel. You need to SSH to your server and type some commands to install WordPress.
My goals for the optimization are simple: fast loading, secure and Search Engine optimized. You can do it by using some trusted plugins or fine tuning some WordPress settings if you are a technical person.
Step 4: Enable HTTPS and HTTP/2
A lot of people took a step back when it comes to enabling https. Other than the SEO concerns, website with https will load slower than http in general.
But if you have also enabled HTTP/2 with https, the trade-off of the speed will become very little. Follow this guide to enable HTTPS for free.
Step 5: Install Cloudflare
You need Cloudflare to boost your WordPress performance for a few reason:
- Security – Cloudflare able to blocks most of the bots traffic and attack attempts.
- Performance – Cloudflare will serve the cached version of your WordPress content to the user without hitting your server.
- A Free Cloudflare Account would be sufficient to get you all these basic protections and speed optimizations.
However, you need to configure the Cloudflare settings right in order to get the things work. Follow this guide to setup and configure your Cloudflare.
This is my ultimate WordPress setup to fully utilize the server and internet resources. It covered the security, performance, high availability and scalability. Feel free to give it a try and leave your feedback here.