This is a revised talk from the May 2015 presentation I gave to WordCamp Hamilton. At the end of this presentation you should have some ideas on how to speed up your WordPress site from within (plugins, code / theme optimizations) to environmental changes.
8. Profile your application
Analyze your application with a PHP profiler such as BlackFire.io or xdebug/
cachegrind
Look for high number of apply_filters, mysql calls, and wp_cache_get
10. Database
Check your slow query log
Debug: log your database queries
Try to “explain” your query
Trim un-needed data (comments,
deleted posts, etc…)
11. Have you been hacked?
Hacked instances are typically slower because of additional JS/PHP
payload
Check your installation / hosting environment
Some command line tools: wp-cli, findbot.pl
Online tools: https://sitecheck.sucuri.net/ and Google Webmaster Tools
13. You get what you pay for
There is no such thing as
“unlimited” hosting or space
Ensure you are paying for the
level of performance you expect
given the traffic estimates
Diminishing returns on
performance when buying more
resources
14. Database
MySQL versions and variations
(MariaDB, Percona, Community)
DB Engine: Convert tables from
MyISAM to InnoDB
Some* my.cnf tuning
InnoDB buffer size, Query Caching
HyperDB for database splitting*
Some performance references:
http://www.liquidweb.com/kb/mysql-5-1-vs-5-5-vs-5-6-performance-comparison/
https://www.percona.com/blog/2011/10/10/mysql-versions-shootout/
http://vbtechsupport.com/657/
15. Web Server Technology
Web server technologies:
nginx vs Apache
PHP process management in Apache
php-fpm vs mod_php vs hhvm
prefork, vs worker/event
mod_pagespeed, php-opcache
When does it matter?
More food for thought:
http://blog.bitnami.com/2014/06/performance-enhacements-for-apache-and.html
https://www.digitalocean.com/community/tutorials/apache-vs-nginx-practical-considerations
http://hhvm.com/blog/9293/lockdown-results-and-hhvm-performance
Credit: Digital Ocean
16. HTTP changes
Content compression
Expiry headers for content type
Cache directive
References:
https://tools.ietf.org/html/rfc7234
http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html
https://developers.google.com/web/fundamentals/performance/optimizing-content-efficiency/http-caching?hl=en
17. Content Delivery
Reducing number of access to
your web server will reduce your
costs (bandwidth and CPU needs)
Consider using public CDN for
shared JS/CSS
Pay for a cheap CDN and use a
plugin to rewrite your assets to
the CDN
18. Web Application Protection*
SaaS: Sucuri / CloudFlare /
Incapsula / Akamai
Plugins: WordFence / Better WP
Security
Spam Protection: Akismet
PHP: suhosin
Server: mod_security
*not an exhaustive list or endorsement
19. Monitor your site
Application Performance
Monitor (eg. New Relic,
AppDynamics)
Server Monitoring (eg.
LongView, CloudWatch,
DataDog)
Last mile / Page Health
(eg. Pingdom, New Relic
Synthetics, Gomez)
You should care about speeding up your site:
bounce rate and conversions can be positively influenced by a speedier page. Users are expecting things to appear instantly (say under 3 seconds). Anyway you can make the perceived response as quick to 1 second is very important.
Google ranks a site based on response time. This is a known fact since 2010.
Your wallet goes two ways: if your site takes a lot of computation resource to generate a page, you will be paying a lot of money to service your audience. A even more important factor - remember how I said conversion rates can be boosted with a faster site? Walmart grew incremental revenue by 1% for each 100ms improvement.
Lastly, don’t you hate your site being down because you maxed out on resources or had a badly configured LAMP stack?
Really, you can gain performance in any layer. Some are easier than others. Do what you can in each layer.
There are simple stuff to make your site better
Update your plugins. More often than not, when the author release a new plugin, it addresses issues that are security or performance related. Even if it doesn’t make the site faster, it will prevent bad things from happening.
Of course, this also leads to the second point of removing unused themes and plugins. You know those twenty-fifteen themes and other good stuff? Remove them. The 15th plugin you tried that you didn’t like and have deactivated? Remove them. Keeping these files on the server, while deactivated, still exposes you to attacks. Not really a performance gain but it will protect you from further performance loss.
404 Errors are performance killers. Many users decide to install these 404 redirection plugins so that they can display pretty error pages. For legitimate purposes this is a great tool. However if you have assets that are missing, each of these pages will bring up the WP framework in order to show this pretty error page (that are likely not shown to the user as they are requesting an image). Worse, some 404 plugins won’t report 404 to the user, causing further issues.
What do these plugins accomplish?
Object cache
DB cache
Page cache
CDN rewrite
Do they work? Depends on your hosting provider, setup and dynamic nature of your site. Some providers such as WPEngine asks that you not to install these plugins.
Lower number of HTTP requests
If you can reduce the number of requests, it give the server more headroom to serve more traffic. TCP slowstart contributes to the slower nature of serving initial bytes, but it gets faster very quickly.
Optimize your images, CSS, CSS sprites, JS minify, HTML comment removal. Every little bit counts. Lots of ways to optimize your images - from using lossless compression toolboxes like ImageOptim that combines a bunch of image optimizers into a GUI tool, CSS clean-up/optimize tools, JS minify, and also removing HTML comments. Saving bytes is big business. This also means serving images that are sized right for your audience, not the 4MB image you uploaded form your DSLR to the website that will be displayed in a postage stamp (and could have been resized to 21k)
Personalize with AJAX is a good idea. This means the base page can be cached while dynamic portions of the page be updated just for you.
Reduce:
Lower number of HTTP requests
Combine CSS/JS files or inline them
Data URI
CSS sprites
Lower size of response
HTML/JS/CSS minification
Image optimization (eg. ImageOptim)
Reuse
Reuse JS and CSS file for whole site where possible
Analyze your application with a PHP profiler. If you are not doing this regularly, you should be! No one says this is easy. Lots of free tools out there - xdebug with cachegrind client is a good first choice to see the number of calls and time taken. However I understand how it can be difficult to read at times. You can try Blackfire which has a good web tool, tree view, rudimentary analysis and profile deltas so you can see if your optimization has made an impact. Paid tools exists in the form of application performance management (APMs) such as New Relic.
Some hints on profiling an app: memory usage, overall CPU time, number of external IO requests. Looking into the CPU time, look for calls that are highly used or calls that occupy high CPU cycles. Some quick ones to look through will be apply_filters, mysql calls and wp_cache_get.
Checking your database calls are important. Profiler and general log can be used to see how many access are being done to generate a page. If you wrote the plugin or theme and accessing database, please be responsible and use as little database call as possible (or cache with transient).
Note that transient are database calls too so use it wisely.
Lastly, explain your queries if you are interacting with the database directly with various tables. Your custom tables may have been optimized at one point, but you might have been asked to do something that made the request unoptimized. Lack of indices or pulling too much data can cause the database to churn or send excess data.
Signs of hacking, whether it is visible or not, can cause slowdowns. Checking for integrity of the site is not just good practice, but can keep the performance of the site up. Some hacks can cause high number of file operations that slow down the site, others can be making outbound traffic. Once a site is hacked, it has the potential of being harvested into a bot net that turn against other WordPress site (and increasing load).
This is a public service announcement so that us site owners can do our part to prevent or close down these loopholes if or when it happens.
Watch for pharma and other injected links, as well as increased file operations / abnormal network activities
Please do everyone a favour and stop paying $2.99/month for an unlimited domain hosting account. There is no such thing as unlimited as you will quickly understand the performance penalty you are paying on this oversubscribed hosting box that has 3000 other clients on it. Also they will likely throttle you to number of PHP-related page responses.
Conversely, do not buy a Ferrari just so you can drop your kids to school that is 300m away. There are diminishing returns where the users don’t feel it and you can’t get any faster.
Public CDNs: Google Hosted Libraries, MaxCDN, CDNJS
Paid CDN for content: MaxCDN, CloudFront, Azure CDN, Akamai, CloudFlare
Name dropping a few things to look at. Not an exhaustive list
Monitoring your site is important to understand the health of your site, not just for uptime, but changes to your code, hosting or the environment around the hosting. All of these are equally important but some are more expensive than others.