How can I improve the performance of my WordPress blog with my current host?

Below are a few things I’ve learned over the years to improve the performance of a WordPress blog (in lieu of throwing hardware at “the problem”).

Unlimited shared hosting is “limited” by your web host.

Surprisingly, many believe that because they have unlimited space and bandwidth, they’re allowed unlimited server resources as well. This is one of those little secrets within the shared web hosting industry. Server resources like the number of processes allowed and memory are virtually always limited per account.

However, with a few minor tweaks, you may be able to squeeze a bit more blood from that shared website hosting turnip.

Let’s start with your wp-config.php file. The wp-config.php file contains your WordPress blog settings. This one file governs how your website interacts with your website’s database (where your post content lives). About that:

Sample php.ini file“Fatal error: Allowed memory exhausted”

Ok, maybe you have not yet experienced this specific error, though an error like this may appear when a plugin begins using up all of the memory allocated to your website. To help prevent this error from occurring, and/or give your site a bit more than the default memory allowance, add this to the top of your wp-config.php page (see image at right):*

set_time_limit (60);

Line 1 is your public page memory allowance
Line 2 is your dashboard memory allowance
Line 3 is your maximum execution time, set to 60 seconds

*Sadly, this does not always work. If not then see the alternate php.ini method described below.


GZip Compression, Expires headers, ETags, Cache control headers, and query strings. What the heck, let’s toss in the kitchen sink too..

On the server side, plugins like Cache Enabler and Autoptimize will help to nicely cache content or generate static HTML files to speed up page loading speed.

Dislike caching plugins, need a speed boost, and feel comfortable modifying your .htaccess file?

Add to the top of your .htaccess file, sit back, and soak in the grandeur of it all.

# 1
# GZip Compression
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE application/rss+xml
AddOutputFilterByType DEFLATE application/x-httpd-fastphp
AddOutputFilterByType DEFLATE application/x-httpd-php
AddOutputFilterByType DEFLATE application/x-javascript
AddOutputFilterByType DEFLATE application/xhtml+xml
AddOutputFilterByType DEFLATE application/xml
AddOutputFilterByType DEFLATE image/svg+xml
AddOutputFilterByType DEFLATE text/css
AddOutputFilterByType DEFLATE text/html
AddOutputFilterByType DEFLATE text/plain
AddOutputFilterByType DEFLATE text/xml

# 2
# Expires headers
<IfModule mod_expires.c>
 ExpiresActive on
 ExpiresDefault "access plus 1 month"
 # CSS
 ExpiresByType text/css "access plus 1 month"
 # Data interchange
 ExpiresByType application/json "access plus 0 seconds"
 ExpiresByType application/xml "access plus 0 seconds"
 ExpiresByType text/xml "access plus 0 seconds"
 # Favicon
 ExpiresByType image/x-icon "access plus 1 week"
 # HTML components
 ExpiresByType text/x-component "access plus 1 month"
 ExpiresByType text/html "access plus 0 seconds"
 # JavaScript
 ExpiresByType application/javascript "access plus 1 year"
 # Manifest
 ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"
 ExpiresByType text/cache-manifest "access plus 0 seconds"
 # Media
 ExpiresByType audio/ogg "access plus 1 month"
 ExpiresByType image/gif "access plus 1 month"
 ExpiresByType image/jpeg "access plus 1 month"
 ExpiresByType image/png "access plus 1 month"
 ExpiresByType video/mp4 "access plus 1 month"
 ExpiresByType video/ogg "access plus 1 month"
 ExpiresByType video/webm "access plus 1 month"
 # Feeds
 ExpiresByType application/atom+xml "access plus 1 hour"
 ExpiresByType application/rss+xml "access plus 1 hour"
 # Fonts
 ExpiresByType application/font-woff "access plus 1 month"
 ExpiresByType application/ "access plus 1 month"
 ExpiresByType application/x-font-ttf "access plus 1 month"
 ExpiresByType font/opentype "access plus 1 month"
 ExpiresByType image/svg+xml "access plus 1 month"
# Expires headers and Entity tag (ETag)? Because you are
# manually setting the expires above and ETags are normally
# used to check newer versions of cached files,
# let's disable ETags as well
Header unset ETag
FileETag None

# 3
# Cache control headers. This tells browser how to
# handle file caching
<ifModule mod_headers.c>
 <filesMatch "\.(ico|jpe?g|png|gif|swf)$">
 Header set Cache-Control "public"
 <filesMatch "\.(css)$">
 Header set Cache-Control "public"
 <filesMatch "\.(js)$">
 Header set Cache-Control "private"
 <filesMatch "\.(x?html?|php)$">
 Header set Cache-Control "private, must-revalidate"
 <FilesMatch "\.(bmp|css|flv|gif|ico|jpg|jpeg|js|pdf|png|svg|swf|tif|tiff)$">
 Header set Last-Modified "Mon, 31 Aug 2000 00:00:00 GMT"

And the kitchen sink…
# 4
Let’s kill those irritating query strings to enable proxy caching of files.

Add this to the bottom your themes functions.php file.

function jw_remove_script_version( $src ){
 return remove_query_arg( 'ver', $src );
add_filter( 'script_loader_src', 'jw_remove_script_version' );
add_filter( 'style_loader_src', 'jw_remove_script_version' );

# 5
Let’s flush the buffer. In theory, this will help partly ready pages load while the server works to build the full content of the page being visited.

Insert <?php flush(); ?> just below the </head> within your theme’s header.php file, like this:

<?php flush(); ?>


Limiting plugins

More plugins equal more complexity, ergo potentially slower website. Be smart when choosing plugins.

  1. Look for well-rated plugins with multiple features. A good example of a well-rounded plugin is iThemes Security. iThemes Security helps reduce the likelihood you’ll be hacked; includes a nifty bot blocking option; login management; and provides a very cool real-time file-change-monitor as well. Wordfence Security is another top-rated security plugin with a range of security options, including an actively maintained firewall and WordPress exploits monitor.
  2. Focus on plugins that will help speed up your blog. Examples:
  1. WP Smush, or EWWW Image Optimizer and ShortPixel Image Optimizer compress images.
  2. BJ Lazy Load delays the loading of images until actually viewed.
  3. Transients Manager lets you manage and delete expired transients.

php.ini and how to tame it

At some point in your web design career, you’ll meet Mr. php.ini. The php.ini file is simply a file used by the web server to control specific options within your account. Like the wp-config.php, and .htaccess file, the php.ini file is just another dumb text file. You may edit this file via your computer’s text editor or use the File Manager provided by your host.

The php.ini file lives in your public_html directory with your other website files. If the file does not exist just create a blank one like you would any blank HTML file.

Edit the existing setting or add these lines:*

memory_limit = 256M 
max_execution_time = 60


*If after following all of the advice above your memory limits are still not “sticking,” Google this phrase as an emergency option, “default-constants.php WP_MEMORY_LIMIT”


The bain of my existence – admin-ajax.php*

Has your host told you have lots and lots of connections to your admin-ajax.php script, and that if you don’t fix it they are going to boot your butt to the street… Sadly, this is an all too common occurrence.

Heartbeat control plugin settings
* Click Me

Next to wp-login.php and xmlrpc.php, admin-ajax.php can be a major resource hog. WordPress introduced the WordPress Heartbeat API back in version 3.6. This was developed to help improve session management, auto-saving, revision tracking, et al.

If you’ve noticed your site slows to a crawl during when multiple browser tabs are logged into the dashboard, or that your dashboard loads sluggishly but site loads fast, then you’ve likely experienced one of the downsides of the WordPress Heartbeat API in regards to how it handles AJAX calls from the web-browser to server.

Luckily Jeff Matson developed the Heartbeat control plugin just for you! See image at right.


About that database

Have you ever had to run a defragmentation program on your computer hard drive?

WordPress requires much the same “defrag” process to keep fresh and lively.

Don’t let DB bloat get you down.

Optimizing your DB once a month

is simply good for business.

But before we get into how to optimize, let’s start by preventing much of that bloat from happening in the first place.

Did you know that every time you make a change to a post, a backup of the old post is saved?

While a helpful feature, saving post revisions is fairly wasteful as well. Periodically emptying the trash may be helpful as well.

On a busy website, post revisions, transient records, and lots of trash may slow your website to a crawl. Try WP-Optimize to clear out those naughty post revisions, trackbacks / pingbacks, comments in the spam queue, expired transient records and more.

Then add the below line of code to your wp-config.php settings file:

// Limit number of saved revisions to one
define('WP_POST_REVISIONS', 2);
// Empty trash every 10 days
define('EMPTY_TRASH_DAYS', 10);
// Control how often WordPress autosaves
define( 'AUTOSAVE_INTERVAL', 120 );

Now back to database optimization. Install the WP-Optimize or WP-DBmanager plugin, optimize your database, then set to optimize once per month.



I wrote an article on bots some years back, “How to Block Bots from Seeing your Website – Bad Bots and Drive-by Hacks Explained.” There are some nice tips in that guide though my personal favorite anti-bot abuse tactic is to simply tell the bots to “calm down bot!”

Crawl-Delay: 10


While there are many ways to further improve the performance of WordPress, like replacing your theme, deleting inactive plugins, reducing widget usage, or even disabling “Allow link notifications from other blogs (pingbacks and trackbacks),” the items described above tend to return the most dramatic improvements with the least amount of effort.

Testing tools like GTmetrix, Google PageSpeed Insights, Uptrends dot com, Whichloadsfaster, or Pingdom may help in verifying how well your blog is performing as well. Though ignore page load times (a pre-2010 testing philosophy), and focus on above-the-fold render times and “speed index” testing. How fast folks can see your above-the-fold text, can click links, etc., are the truest indicators of performance.

Other improvements may be seen by utilizing services like Cloudflare; having Nginx or LiteSpeed installed on your server; moving to an HTTP/2 supporting host; or by upgrading your hosting plan to one which allows for greater RAM allowances. Suffice it to say, “mo’ RAM is mo’ betta.”


And there’s more…


5 Responses

  1. Besides all these point , I think way a WordPress theme is designed to handle its CSS and Javascript of its own and its plugins is also matters a lot. Right now able to score 99/100 score on GTmetrix with all the plugins and ads. Thanks for posting this wonderful article for us. Keep in touch

  2. Regarding PHP’s memory_limit: there are plugins that set a lower limit in their code, e.g 64 or 32 MB. Keep this in mind when increasing PHP memory limit, because it may be overridden somewhere else.

  3. Thanks you for mentioning this Jan.This problem has come up multiple times in my workplace and weren’t able to figure out why setting the memory limit sometimes wasn’t working on WP installs.

  4. Speed is critical. Everyone likes things fast. Why the wait? Speed optimizing any website will give it an extra edge over its competition. I always implement speed optimization to all my clients regardless if they pay for it or not.Speed optimizing a website should be essential but not all web developers are implemtenting such practice. Would this also effect ranking? I do think that google may consider this as part of their ranking algorithm.

Please feel free to comment via WordPress, Twitter, or Facebook

Proactive WordPress Security Management for Pennies a Day™
© Copyright 2024™,™,
The Hack Repair Guy™, Hack Repair Guy™
Copyright and Trademark Statement | Privacy Policy

Call for website security help, (619) 479-6637.
Content Approved By Jim Walker, The Hack Repair Guy