Fine Tuning Your WordPress Install
From DreamHost
We offer WordPress as a one-click install, and there is a reason for that. Right out of the box, WordPress is a highly efficient, easy-to-use blogging platform. However, just like any other piece of software, things happen and it can run out of control. To help prevent issues, we have a few plugins we suggest that customers try out. We have listed these below along and have included a few other hints to boot.
Keep in mind that following these suggestions is great if you're running into issues — but actually implementing some of these suggestions is the best way to prevent problems to begin with.
Contents |
Upgrades
Staying on top of both plugins and core WordPress upgrades is the single best thing you can do. Not only will it keep your site less prone to hack attempts, but almost every new version of the software has tweaks that offer speed increases. Granted, some of these performance tweaks may be tiny and barely noticeable to most folks — but they are there.
If you use our one-click installer, you can request upgrade notifications by clicking on "Email me when upgrade available" next to at least one of your WordPress installs under the advanced upgrade section. That way, whenever we update the packages in the installer, you're among the first to know.
Spam
The first thing to do while checking out an overloaded blog is to see if it's being spammed. It's the top reason why blogs go crazy on CPU usage. Check the "Comments" link on your WordPress install. You might need to check under "Manage" in older installs of WordPress — so don't feel lost if you're not seeing the "Comments" link in your dashboard. If you're seeing the same sort of comments as the mail you see in your mail account's Inbox from spammers, you'll need to install a plugin to help deal with the incoming flow of spam.
Anti-Spam Plugins
There are a lot of anti-spam plugins that are available for WordPress, but we're just going to list a few of the ones that work the best on the servers here:
- Akismet
- Pros: Spam checking happens off server, low impact on server overhead.
- Cons: Needs an API Key in order to run.
- Defensio
- Pros: Checking of comments is run on a remote server, so the server impact is quite low. It's basically a solid Akismet alternative.
- Cons: Usage is allegedly not as widespread as Akismet. Plugins like this benefit from a larger user base.
- WP-Hashcash
- Pros: Blocks all comments/trackback/pingback spam, compatible with Akismet
- Cons: In order to validate a comment, the browser needs to be able to have Javascript enabled
- reCAPTCHA
- Pros: CAPTCHAs keep bots from submitting comments.
- Cons: Spam isn't always done by bots, meaning manual spam will still get through. Not always readable/accessible.
- SpamKarma
- Pros: Solid plugin, works with Akismet via an extra plugin.
- Cons: Checks spam comments on the server. Large comment storms can still cause decent overhead. Discontinued and open sourced by its developer.
You can chose only one of these plugins to help curb spammers, but using a combination of them (i.e. Akismet + WP-Hashcash or Defensio + reCAPTCHA) works best.
Notes
- It is best to not use the OpenID plugin on a shared server.
- As described in a blog-post, this plugin can be misused and you will be a target of an interesting breed of spam. Your server will be instructed to initiate numerous (and continuous) PHP instances to adult/3rd-party websites, in order to extract the fake OpenID user's name & email information, which will unnecessarily consume CPU minutes and slow your site down considerably.
Caching
If spam isn't your problem, then the server is probably hitting your MySQL database a lot trying to get the information needed to render your pages. This can be really inefficient and cause astronomical loads when sites like Digg, Slashdot and BoingBoing link to you.
Caching Plugins
There are plenty of plugins that cache MySQL requests by building static content to load instead of hitting the database for every request. These are just the ones that work the best on our servers:
- WP Super Cache
- Picking up where WP-Cache (not recommended!) left off, this plugin has included advanced features as well as a plugin and hooks system. It should be included with new one-click installs of WordPress.
- Note: If your account is on a Private Server, there is a known bug where setting the plugin to "On" can drive up the amount of resources you are using. The best workaround for this is to visit your domain's settings and turn on "Use FastCGI for all PHP?". Doing so seems to keep the CPU and memory from spiking uncontrollably.
- Hyper Cache - Adding features like separate caching for mobile plugins as well as caching 404 and redirects, HyperCache is an outstanding alternative to our usual suggestion of WP Super Cache.
- DB Cache: instead of saving your final html output, DB Cache caches your database queries which means that it can help with bots and crawlers as well as normal users. Hyper Cache and DB Cache can be used together to great effect.
- 1 Blog Cacher - Tested with every version of WordPress from 1.5 and up, this offers a set of features similar to WP Super Cache minus the plugin and hook system.
Revisions
WordPress 2.6 introduced a new feature that has proven rather handy for some folks: post revisions. While these are totally sweet to have, some databases can balloon a bit if you're prone to making a lot of changes or spending a lot of time cooking up a post. To help keep your database size down — which keeps your install speedy — you might want to fine tune the amount of revisions your site saves.
Revision Plugins
So far, we've only been able to find one plugin that's flexible enough and worth mentioning:
If we find more, you can be sure we'll flesh this section out further.
MySQL Query
If you don't want to add another plug in to your WordPress installation then you can run a simple SQL query to remove revisions.
First of it all, login to your phpmyadmin and select your WordPress database. Once done, click on the SQL button to open the SQL command window.
Paste the following SQL command in the SQL window:
DELETE FROM wp_posts WHERE post_type = "revision";
This will remove all revisions currently stored in the database.
Disabling Revisions
To prevent revisions from being created and stored in the first place, add this line to your wp-config.php file:
define('WP_POST_REVISIONS', false);
Stats Plugins
The leaner a WordPress database is, the happier the WordPress install is. While having a plugin that handles your stats (and displays them in your admin interface) is nice, they can actually inflate the database almost as quickly as unchecked spam can. Optimally, you'd use something that doesn't depend on your server environment like Google Analytics — but if you prefer a server side solution, Piwik works rather nicely.
It should also be noted that versions of the StatPress plugin can cause additional issues due to the its lack of indexes on the table it utilizes. Until the developer comes out with a fix, it is suggested that you deactivate this plugin.
XML-RPC
If you received a notice about spam being sent from your account, there is a definite possibility that one of WordPress' default files was used by a hacker to send spam from your website. By default, WordPress installs a file called xmlrpc.php. This file is sometimes used for some administration tasks. If you do not know how to use it, or do not use it at all, you can safely remove the file. If you do use the file though, you should probably make sure you have the latest version for each WordPress blog running under your account. The most recent version should always be available from here.
Missing Files
Sometimes, due to upgrades or some poorly coded pre-packaged themes, your WordPress install might have some missing files. Missing files make the server expend a little extra effort and can drive up load considerably on a popular site. One of the most common missing files is the favicon (favicon.ico). If you've recently used the one-click installer, a favicon should be generated for you — but it never hurts to make sure one exists in the main directory for your site.
Adding a favicon if one doesn't already exist is easy. It does require SSH access however. In the root directory of your site (i.e. /home/username/example.com/), type:
touch favicon.ico
That will mean that your favicon will be blank — but a blank icon is far better than one that is missing.
To check for any other missing files, it's suggested you run your site thru Pingdom Tools. A single pass thru their site will point out any missing files that could be causing your site to come up slow. Just look for filenames in red and either replace them or remove references to them in your themes or posts.
JavaScript
JavaScript can add a lot of interactivity and interesting remote content to a site — but when it is used liberally, it can also cause pages to load slower. There are a few things you can do to your JavaScript in order to speed up page load time however.
Remote JavaScript
Instead of inserting remote JavaScript towards the top of your page — as plenty of instructions for insertion suggest — it is totally acceptable to add it right before the </body> tag in your theme. Due to the way page load order is handled in the browser, this will allow your content to start rendering and display before having to wait for remote files (which would load first were they in the header) on possibly problematic servers.
If you'd like to save yourself from tweaking your themes manually, the JavaScript to Footer should help quite a bit.
Local JavaScript
Pushing local JavaScript to the bottom of the page will also give the appearance of speeding up load time, so you might want to throw a little edit on your theme to migrate any local JavaScript from header.php to footer.php.
Also, while mod_deflate should compress JavaScript, you can cut a little bit of overhead off by pre-caching the compression. All you need to do is save gzipped copies of your theme's JavaScript in the same directory as your current files. Again, you'll need to SSH in to do this — but don't let that scare you.
The location of JavaScript varies from theme to theme, but for the theme itself can always be found in the "wp-content/themes/" directory. Once you have found the JavaScript for your site, simply run:
gzip javascript.js
So long as you replace "javascript.js" with the actual filename you wish to compress and repeat the process for all of your files, a compressed version of your .js files will be created. The benefit to this is that once it's done, you don't have to do anything else. Well, so long as the JavaScript libraries don't get updated in a future revision of your theme. Still, that's pretty straightforward, right?
It should be noted that some themes attempt to compress JavaScript and CSS by adding a ".php" to the end of the file name. This actually processes the file thru PHP unnecessarily and can cause a significant amount of overhead. So if you notice your theme doing that, please modify your theme and use the gzip method above.
Upgrading to A Private Server
If you've tried the plug-ins and suggestions but are still seeing a high load on the server, then it could be that you have launched an awesome blog that has outgrown shared hosting. At this point you may wish to consider adding a Private Server to your hosting package, which starts at only $15 per month. Should you have any questions about adding the Private Server to your account, please contact DreamHost support for more info.
