I recently sent an email to my readers asking them to choose what’s the most important thing for their website: Decrease Page Loading Time or Making the website more secure?
As I suspected, most of them replied that are equally interested in both.
Here’s some of the answers I got:
I’m a senior software engineer specialising in web based applications. As such I’m equally interested in website speed and security! – Stuart
I think both, we all can improve speed and security of our websites – Erdei
The answer is both, of course. We deploy good security across all sites, but always need something better. Speed is often compromised and we need to balance speed with efficiency. – Mark
Hmm, that’s a tough one. But I’m going to go Page Loading Speed 🙂 – Cinger
I will focus in the next posts more on these 2 topics from the most basic things that do not require any coding to the most advanced ones that requires code changes and will significantly make your website stand out by being super fast and secure.
Why is WordPress optimisation so important?
In the past when I began developing websites, I was focusing more on the page loading speed and less on the security of a website. I just under estimated its importance. A fact is that it’s less likely your website will get hacked if its source code is private. With WordPress and other platforms that are open source, the situation is different. Once the code is accessible to everyone, you can expect serious security measures should be taken in order to stay safe. Due to its popularity (it accounts for ~18% of the self-hosted websites), WordPress presents a large target.
After my websites and my clients’ ones got hacked several times, I’ve decided to do more research about WordPress optimisation, improving the security of websites and web applications. There’s no point of having a super fast website that can be easily hacked and you end up losing sales. The same goes for the other way around. You have a very secured and monitored website but it’s so slow that visitors would drop off and search engines such as Google, might not rank you well in their search results, since you’re website doesn’t respond fast to web requests.
I’m moving often WordPress websites from one hosting to another and I have to admit that I’m having a hard time (as many others have) transferring large amount of data that is no longer needed anymore. I just like keeping things simple and clean everything that is useless for my site and can even cause security issues later on.
The less unnecessary files and MySQL tables you have in the Database, the easier it would be for you to go browse through them, make updates and regular backups that would also save you space on your hard-drive or the server/cloud that you’re using to store your data.
I will share with you a few things that I use to make WordPress a better platform to work with (in spite the fact that this CMS has a reputation of being often slow and bulky).
If you haven’t done any of these WordPress optimisations before, you will be surprised to see how much space you can save (over 70% in disk space and database saving is something usual).
While some of these things might seem obvious to you, it’s surprising to see how many people are just ignoring them:
1) Remove all the unused Themes and Plugins
You install themes that you’re just not using anymore or plugins that you tested and you deactivated, leaving them in your “wp-content” folder.
Besides the fact that it makes your website heavier, they can also have security issues and attackers might try to exploit the vulnerability of those themes/plugins by accessing directly unsecured files which are not protected against various attacks including, but not limited to: MySQL injection, Directory Traversal, Executable Files Upload etc.
The .PHP files of the disabled plugins/themes are on the server and they can be triggered any time if accessed directly (unless you specifically configure the server / .htaccess to specifically deny access to certain folders and files).
Moreover, others websites can leech images and other files from your unused themes. I remember once that I deleted a theme that I wasn’t using anymore and after I later checked my 404 logs (a great way to see hacking attempts by the way) with Wordfence, I’ve noticed that some websites had unsuccessful image loading attempts on the images from that old theme (an error was returned and the 404 page shown up since the image did not existed anymore in the requested location). Had I left it like this, it would have continued to use my bandwidth and even make my server slower if those websites had lots of visits.
A good way to prevent leeching is to setup your .htaccess to deny any remote access to your images and other files. Just make sure you do it properly in case you would want to access your files between domains that you own. I usually avoid this practice, but sometimes it can be effective.
2) Delete unnecessary revisions from your posts, custom post types and pages
As the WordPress revision system stores a record of each saved draft or published update, allowing you to see what changes were made in each revision.
Do you need all of them? Personally, I do not need all the history of each draft saved. A maximum of 5 would do it in case I make a mistake when I’m doing an update and I need to restore the previous saved one.
As I didn’t need more than a few most recent revisions for each post, I’ve decided to remove the older ones to make the MySQL database smaller and easier to backup. To my surprise, the unnecessary revisions, took half of the total size of the MySQL dump (yes, 50%). I managed to save ~100 MB worth of space. Doing the same for other WordPress websites, this added up to the space saved on the server and made the queries faster in execution as a result of having less records in the database.
While you can do the optimisation yourself in phpMyAdmin or other similar software (you have to make sure you won’t mess up anything there this way), it’s recommended to use a well established plugin such as Optimize Database after Deleting Revisions, to do that as it’s more convenient, time-saving and gives you a nice and complete report of all the updates that were made in the database.
How to make sure that only a maximum number of revisions will be stored for each post?
If you want to do that (e.g. 5 revisions at most), you can add the following code in wp-config.php:
// Limit number of revisions define('WP_POST_REVISIONS', 5);
3) Remove unused MySQL tables and records left by deleted plugins and themes
If you’re using a plugin that has to create its own tables in the database (plugin developers should use as much as possible the existing WP tables and only add new ones if they really have to) it often happens that those tables are still there even if you deactivated and delete the plugin.
Some advanced plugins offer you the option to clear all tables’ data and remove everything that was added when the plugin was activated, while others don’t and if you will never use that plugin anymore, you will have to manually delete the unused tables from the database. I suggest you remove the tables right after you delete the plugin as later on it it will add up and you will have lots of tables to delete without even knowing which ones are belonging to the plugins you use. I remember I had to Google a lot the prefixes of those tables and check the source code of the plugins to determine the tables that are not used anymore.
This is useful if you used plugins that stored lots of data in the database (such as logs) and you just don’t need them anymore or you found a better plugin that has setup new tables. This way, you can save a lot of space.
What plugins can I use to clean up my MySQL database?
For deleting tables, you can use WP-DBManager, while for removing unused options (from old plugins) from the WordPress’ Options Tables, Clean Options would do. Although it hasn’t been updated in years, it still does its job fine. In the example below some options used by Jigoshop Plugin are being selected for removal as the plugin is no longer used.
4) Remove unused images and files from the media library
Old and unnecessary images that were uploaded to WordPress take space (including their thumbnails) in the “uploads” folder as well as in the database (as their information is kept there). You can browse through the files from “Media” -> “Library” and delete the unused ones. For a bulk delete, click “Bulk select”, then click on the thumbnails to select the files. After you’re done with the selection, click “Delete Selected”. Note that there are plugins such as NextGen Gallery which keep their images separately from the media library.
5) Check for old backups and remove them if no longer needed
People often use plugins that make backups for the MySQL database and all the files. This can add up plenty of space in time and if it’s best to revise them once in a while and delete the ones you don’t use. A good alternative is to store your backups in the cloud and use services such as Amazon S3 Storage. It’s a good practice to save them in your local machine or external HDD once in a while to feel safer that even if you lose them in the cloud somehow, you will manage to retrieve them from other sources.
Thank you for reading this and looking forward in posting more content about WordPress optimisation, security and page loading speed. Lastly, it would be nice if you can leave a comment about your experience regarding WordPress optimisation techniques.