Fine Tuning Your WordPress Install
We offer WordPress as a one-click install, and there is a reason for that. Right out of the box, WordPress is a highly efficient, easy-to-use blogging platform. However, just like any other piece of web software, things happen and it can run wild on a server. To help prevent issues, we have a few plugins we suggest that customers try out. We have listed these below along and have included a few other hints to boot.
Keep in mind that following these suggestions is great if you're running into issues — but actually implementing some of these suggestions is the best way to prevent problems to begin with.
- 1 Upgrades
- 2 Spam
- 3 Caching
- 4 FastCGI
- 5 Plugins
- 6 Widgets
- 7 Database
- 8 Revisions
- 9 Stats Plugins
- 10 XML-RPC
- 11 Missing Files
- 13 Upgrading to A Private Server
- 14 Tools
- 15 Handy Links
- 16 Further Reading
Staying on top of both plugins and core WordPress upgrades is the single best thing you can do. Not only will it keep your site less prone to hack attempts, but almost every new version of the software has tweaks that offer speed increases. Granted, some of these performance tweaks may be tiny and barely noticeable to most folks — but they are there.
If you use our one-click installer, you can request upgrade notifications by clicking on "Email me when upgrade available" next to at least one of your WordPress installs under the advanced upgrade section. That way, whenever we update the packages in the installer, you're among the first to know.
In WordPress 3.0, they've been nice enough to include a section in the admin Dashboard called "Updates". From there, you can update your core WordPress install, plugins and themes. Check it regularly and stay on top of the updates and you should keep your install nice and happy.
The first thing to do while checking out an overloaded blog is to see if it's being spammed. It is one of the top reason why blogs go crazy on CPU usage. Check the "Comments" link on your WordPress install. If you're seeing the same sort of comments as the mail you see in your mail account's Inbox from spammers, you'll need to install a plugin to help deal with the incoming flow of spam.
There are a lot of anti-spam plugins that are available for WordPress, but we're just going to list a few of the ones that work the best on the servers here:
- Pros: Spam checking happens off server, low impact on server overhead.
- Cons: Needs an API Key in order to run.
- TypePad AntiSpam
- Pros: Remote spam checking keeps the server load nice and low. Supports the Akismet API.
- Cons: The plugin hasn't seen a lot of updates since its initial release, but still works in newer versions of WordPress.
- Pros: Checking of comments is run on a remote server, so the server impact is quite low. It's basically a solid Akismet alternative.
- Cons: Usage is allegedly not as widespread as Akismet. Plugins like this benefit from a larger user base.
- Pros: Blocks all comments/trackback/pingback spam, compatible with Akismet.
- Pros: CAPTCHAs keep bots from submitting comments.
- Cons: Spam isn't always done by bots, meaning manual spam will still get through. Not always readable/accessible.
You can choose only one of these plugins to help curb spammers, but using a combination of them (i.e. Akismet + WP-Hashcash or Defensio + reCAPTCHA) works best.
- While forcing a user to log in can cut down on spam, it is best to not use the OpenID plugin on a shared server.
- As described in a blog post, this plugin can be misused and you may become a target of an interesting breed of spam. Your server will be instructed to initiate numerous (and continuous) PHP instances to adult/3rd-party websites, in order to extract the fake OpenID user's name & email information, which will unnecessarily consume CPU minutes and slow your site down considerably.
If spam isn't your problem, then the server is probably hitting your MySQL database more than it should. Since WordPress depends a lot on the database, it can make quite a few requests while trying to get the information needed to render your pages. This can be really inefficient and cause astronomical loads when sites like Digg, Slashdot and BoingBoing link to you.
Web Caching Plugins
There are several caching plugins available which promise to improve your loading times and decrease server load, allowing your site to handle large spikes in traffic like the Digg effect. Note that most of them will make it so that changes to your site aren't seen by anonymous users for a period of time, maybe five minutes to an hour.
There are plenty of plugins that cache MySQL requests by building static content to load instead of hitting the database for every request. These are just the ones that work the best on our servers:
- WP Super Cache
- Picking up where WP-Cache left off, this plugin has included advanced features as well as a plugin and hooks system. It should be included with all new one-click installs of WordPress done by DreamHost.
- Hyper Cache
- This is probably one of the most user-friendly caching plugins out there. If you take one look at WP Super Cache and can't make heads or tails of it, HyperCache is an outstanding alternative for most end users.
- W3 Total Cache
- This plugin is also excellent, and gaining a lot of traction in the community, in part due to its inclusion of CDN features.
Other Caching Plugins
These plugins work well hand-in-hand with the ones above, to make your site faster.
- DB Cache Reloaded
- For WordPress 2.8-3.0.9
- Instead of saving your final HTML output, DB Cache Reloaded caches your database queries. This means that it can help with bots and crawlers as well as normal users. A combination of DB Cache Reloaded and one of the plugins above can be used together to great effect.
- DB Cache Reloaded Fix
- For WordPress 2.8-3.1.1
- At least until the above plugin is updated, this will do the same, but also works with newer versions of WordPress.
- WP Widget Cache
- Works together with Web Caching plugins above to further speed up your site -- in particular if you're using many widgets.
You can activate Dreamhost's PHP FastCGI options which should improve your php code execution. If you are on a PS server, you will be also able to activate XCache support which will further improve your PHP times.
Firstly, it's extremely important to make sure your plugins are compatible with the version of WordPress you're using.
This is something you can verify at WordPress' Plugin Directory.
If you are experiencing slowness, and you want to see if it's resource usage related (and not something on DreamHost`s end), simply disable all your plugins, and switch to the default theme.
If your WordPress installation is suddenly much much faster, then it can help to go through your plugins and enable them one-by-one, to see if one of them uses more resources than the rest.
For a more scientific approach, you can see how many queries and CPU time a page took. Enter the following into your footer.php:
<?php echo get_num_queries(); ?> queries in <?php timer_stop(1); ?> seconds
By reloading this page each time you activate one plugin, you can check which of them increases your queries and CPU time considerably. You will need to have any caching plugins disabled for this to work.
Be suspicious of all widgets (or sidebar content) that will force the user to poll other DNS servers. del.icio.us for example will link to various sites, which might delay the loading until information is passed to the user.
Also, check if your theme is using custom widgets do draw recent comments of posts. If this is not handled correctly, it will poll the database every time, considerably increasing your load.
If you're using a lot of Widgets, a good idea would be to use the WP Widget Cache plugin (in addition to standard caching) to reduce the processing time for their output
You should take care to optimize your MySQL databse to avoid a "fragmentation" effect. The easiest way to do this is to use the WP-DBManager which includes a function to optimize your database as well as the capability to schedule this optimization to run at an appropriate timeframe (recommended once per month at least)
If you want to do this separate from WordPress, you can also do it manually (or through a cronjob) per these instructions:
WordPress 2.6 introduced a new feature that has proven rather handy for some folks: post revisions. While these are totally sweet to have, some databases can balloon a bit if you're prone to making a lot of changes or spending a lot of time cooking up a post. To help keep your database size down — which keeps your install speedy — you might want to fine tune the amount of revisions your site saves.
So far, we've only been able to find one plugin that's flexible enough and worth mentioning:
If you don't want to add another plug in to your WordPress installation then you can run a simple SQL query to remove revisions.
First of it all, login to your phpMyAdmin and select your WordPress database. Once done, click on the SQL button to open the SQL command window.
Paste the following SQL command in the SQL window:
DELETE FROM wp_posts WHERE post_type = "revision";
This will remove all revisions currently stored in the database.
To prevent revisions from being created and stored in the first place, add this line to your wp-config.php file after the database info:
If you still want to save some revisions, you can use the following code in place of the one above:
define('AUTOSAVE_INTERVAL', 120 ); // Default value is 60 seconds. define('WP_POST_REVISIONS', 3); // Number of revisions to save.
That will limit the number of revisions that WordPress holds onto to 3 and changes the auto-save value to every 2 minutes. You can change those values to something a bit higher (or lower), but be aware that this article (and the person writing it) encourages you to keep your database as lean and mean as possible.
The leaner a WordPress database is, the happier the WordPress install is. While having a plugin that handles your stats (and displays them in your admin interface) is nice, they can actually inflate the database almost as quickly as unchecked spam can. This means you should be cautious of using them, and pay special attention to your database if you do so.
Optimally, you'd use something that doesn't depend on your server environment like Google Analytics — but if you prefer a server side solution, Piwik is available in our one-click installer and works rather nicely.
If you received a notice about spam being sent from your account, there is a definite possibility that one of WordPress' default files was used by a hacker to send spam from your website. By default, WordPress installs a file called xmlrpc.php. This file is sometimes used for some administration tasks. If you do not know how to use it, or do not use it at all, you can safely remove the file. If you do use the file though, you should probably make sure you have the latest version for each WordPress blog running under your account. The most recent version should always be available from here.
Sometimes, due to upgrades or some poorly coded pre-packaged themes, your WordPress install might have some missing files. Missing files make the server expend a little extra effort and can drive up load considerably on a popular site. One of the most common missing files is the favicon (favicon.ico). If you've recently used the one-click installer, a favicon should be generated for you — but it never hurts to make sure one exists in the main directory for your site.
Adding a favicon if one doesn't already exist is easy. It does require SSH access however. In the root directory of your site (i.e. /home/username/example.com/), type:
That will mean that your favicon will be blank — but a blank icon is far better than one that is missing.
To check for any other missing files, it's suggested you run your site thru Pingdom Tools. A single pass thru their site will point out any missing files that could be causing your site to come up slow. Just look for filenames in red and either replace them or remove references to them in your themes or posts.
And if all of that sounds like a lot of work to trim a second or two of load time off of your page, several customers have had success with the Scripts Gzip plugin.
Upgrading to A Private Server
If you've tried the plug-ins and suggestions but are still seeing a high load on the server, then it could be that you have launched an awesome blog that has outgrown shared hosting. At this point you may wish to consider adding a Private Server to your hosting package, which starts at only $15 per month. Should you have any questions about adding the Private Server to your account, please contact DreamHost support for more info.
Some tools to help you troubleshoot performance issues
- Firebug: A very handy toold that will display what is loading and how long it takes
- YSlow: A companion to Firebug that might give you some pointers on what to fix and how.
- Web Inspector: Built into Chrome and Safari, it gives you much of the same information as Firebug
For Sites on a Virtual Private Server or Dedicated Only - Do Not Run if you're using Shared Hosting:
- Load Impact: a load testing service that hits your server with many simultaneous users. A free version does a 50 user test.
Be sure that you have caching enabled before running -- during this, you can watch the CPU load with 'top', and RAM levels with 'free -m'.