How to reduce hosting costs, decrease CPU usage & speed up your website to improve user experience and top Google search results
Slow websites cause two big problems: 1) Increased hosting costs and 2) Slow websites or pages will be penalized in Google’s search rankings because website performance measured by page load speed is now a big factor in Google’s search ranking.
I discovered the cost of hosting when your website starts to receive some real traffic. I received the dreaded e-mail that so many people receive from their hosting service that substantial traffic my websites receive cause tremendous CPU usage and I would have to upgrade my account. They wanted to increase my hosting fee by $123 per month (VPS4) and gave me three days to upgrade my account or move it elsewhere. The e-mail stated “We are having an emergency issue involving your account.” “Your average usage CPU time is 10.03% while the average CPU usage is 0.48% across our fleet.”
I looked around and found that $123 per month is a good price for what they offer (but see Hosting below for much faster hosting for half the price), but I didn’t want to spend that money if it wasn’t necessary. Fortunately, Site5.com was patient and gave me more time to work on reducing my CPU usage. I worked on various ways to reduce CPU usage for three weeks and was successful in making a big difference. Site5.com “Server Health Department” wrote, “I pulled up your stats again and they are still a small amount over, but close enough that we can let it slide. As such we are marking this issue resolved now.”
On my hosting account, I run websites with plain HTML; PHP scripts; and some with WordPress. WordPress is a great content management system to build a website and/or blog but it is a heavy database user and can hog CPU time. I decided to implement several measures to substantially reduce CPU time instead of paying $123 per month.
Following are the methods I used to optimize my websites, improve security and reduce CPU usage:
After going through everything here to speed up my largest web site, which uses WorPress Multisite, I added hosting because it made a huge difference. Top10GoogleResults.com is on shared hosting at Site5.com which works well and is reasonably fast but their VPS account was much slower (shared accounts are usually faster because they give you more resources but if you use too much, they’ll kick you out. They kicked my WorPress Multisite out and I took their VPS2 but it was real slow! Then they wanted me to go to VPS4 which is expensive) After a long search, I found WiredTree.com where I bought their least expensive pure SSD server with Lightspeed. My site now seems about 5 times faster and it’s half the cost of Site5! They even have 24 hour telephone support.
The two options I considered are WP-Super Cache and W3 Total Cache. I chose WP-Super Cache because it appeared easier to set up and some people were stating that it was better for a shared hosting environment although I suspect that was because W3 Total Cache was not set up properly. WP-Super Cache works well on my stand-alone WordPress sites but was causing numerous and serious headaches on my multisite installation. On WPMUDEV, I found Mark de Scande of www.bloglines.co.za and asked him to look at my problems. Mark removed Super Cache and installed Quick Cache which is working well without headaches.
WP Widget Cache for WordPress will cache the output of your widgets and works with WP Super Cache.
CDN (Content Delivery Network)
For WordPress, the plugin Use Google Libraries allows your WordPress site to use the content distribution network side of Google’s AJAX Library API, rather than serving these files from your WordPress install directly (Thanks to Bill Wood www.r3now.com for suggesting this plug-in.)
Attempted botnet attacks against WordPress sites use substantial server resources and have frequently crashed my sites. The only botnet stopping plugin I found to work is a free plugin Botnet Attack Blocker which will lock out all admin login attempts from all IPs except white listed IPs when an attack starts and then automatically unlocks after the attack. Botnet Attack Blocker now works with WordPress Multisite, just change the default values and the same values will be set for all subsites. Read the reviews. Other plugins like Limit Login Attempts state that it will “Limit the number of retry attempts when logging in (for each IP). (emphasis added)”. The problem is that botnet attacks can come from multiple IP addresses at the same time. If 5,000 computers each with a different IP address try to brute-force your admin password and are locked out after 5 incorrect attempts then 25,000 attempts were allowed and your server will crash. The Botnet Attack Blocker plugin ignores the different IP addresses and locks out all admin login attempts so those 1,000 different computers will only have a total between them of 5 incorrect attempts. The plugin can easily be configured to your likes in the settings. I used the default settings and white listed my IP so I can get in even during a bot net attack.
This is a really good article written to tell you how to prevent a successful attack and attempts. Also, Cloudflare now detects the signature of bot net attacks and stops it (but only one IP at a time). I’m now using the premium version of Wordfence on my multisite which is a good deal because you only need one API key license for all of the sites on multisite. But Wordfence also only blocks bit net attacks from only one IP at a time.
Passwords: Use a different complicated password for every site you log into, whether it’s your own website or not. For my own web sites, I use passwords that are 17-18 characters long. I use www.LastPass.com to remember my user names and passwords and automatically log me into web sites. This is a good article about password security.
Usernames: Do not use the default login username such as Admin which is the default login username for Worpress. Just change it to something else. The username doesn’t have to be complicated like a password, just not the default and preferably not something common like Phil. Phil2006 is good.
wp-config Security Keys (only for WordPress): Make sure you are using all 8 unique keys and Salts in your wp-config file. These are a random array of letters, numbers and special characters. WordPress has a tool to create the keys and Salts. Just copy the keys and Salts from the tool page and paste in wp-config where you see (then upload wp-config with an FTP client like Filezilla):
define(‘AUTH_KEY’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_KEY’, ‘put your unique phrase here’);
define(‘LOGGED_IN_KEY’, ‘put your unique phrase here’);
define(‘NONCE_KEY’, ‘put your unique phrase here’);
define(‘AUTH_SALT’, ‘put your unique phrase here’);
define(‘SECURE_AUTH_SALT’, ‘put your unique phrase here’);
define(‘LOGGED_IN_SALT’, ‘put your unique phrase here’);
define(‘NONCE_SALT’, ‘put your unique phrase here’);
Optimizing the Database
This guide will show you how to easily optimize the database using phpMyAdmin. For a WordPress database, there are a couple of popular plug-ins. WP-Optimize will automatically clean up your WordPress database and optimize it without phpMyAdmin and will also remove page revisions. WP-DBManager is another plugin to optimize, repair, backup and restore your database. This article provides two other plug-ins and information about optimizing or repairing a WordPress database. I do it manually using phpMyAdmin.
Blocking Foreign IP Addresses
A substantial amount of traffic comes from foreign countries. Some of that traffic are legitimate visitors but much of it consists of spammers. I have no need for foreign visitors or spam so I was interested in blocking all foreign visitors. Not only does this substantially decrease usage but it substantially decreases spam comments and other types of spam submissions. With WordPress, I use a free plug-in called iQ Block Countries. For non-WordPress sites, I found Power Redirector 2 which I have not tried. I’m now using the premium version of Wordfence on my multisite (see Security above) which allows you to easily block all the countries you want.
Reducing comment spam will reduce server load. A substantial amount of comment spam results from pingback and trackback notifications which occur when a spam site links back to your content. I turn off pingback and trackback notifications. You should turn of these off now but if you already have content, you will have to go to each post or page which was already created. In WordPress, go to Settings >Discussion and uncheck “Allow link notifications from other blogs (pingbacks and trackbacks). While here, uncheck “Attempt to notify any blogs linked to from the article”.
Another method of reducing CPU usage and speeding up your website is to offload the work for commenting. After doing a lot of reading, I decided to go with IntenseDebate but stopped because I received 9 thousand spam comments and thought I would try anti-spam plugins. Try it out below and leave your comment about Intense Debate, other commenting systems or any other server resource saving ideas you have. You can read more about Intense Debate here.
WordPress Page & Post Revisions
If you’re using WordPress, you may not know it but WordPress is constantly saving versions of your pages and posts when you are working on them. I just looked on a friend’s WordPress site and found that he had in the neighborhood of 50 revisions saved on his pages and posts and I found 505 revisions on a page on one of my websites. This will increase the size of your database. Revision Control is a really nice free plug-in that allows you to control how many of these revisions you want saved. After installing the plug-in, the default setting is set to unlimited revisions for both pages and posts, so you need to go into the settings and change it. I set mine to “Do not store Revisions”. Better Delete Revision is another free plugin.
WordPress Cron Control
Even after doing a lot of the optimization listed here, my websites continue to receive a lot of traffic which resulted in another e-mail from my hosting company stating ” Unfortunately upon checking the usage we are still seeing it too high for a shared hosting environment. Checking the logs further it is do to the wp-cron execution.” I installed WP-Cron Control (free) which seems to have made a big difference. After installing WP-Cron Control and optimizing the database, I received another e-mail from my hosting company stating that my CPU usage had gone down significantly.
WordPress, Multisite, BuddyPress and bbPress Registration Forms
Spam users use your server resources for their benefit at your expense. WangGuard (free for sites earning under $200 per month) stops most spam user registrations and cleans your database from existing spam user registrations.
Google bot and other search engine bots have been constantly indexing wp-signup.php for every subsite on my Multisite which crashed the server. This can also help single WordPress sites. I uploaded a robots.txt file to the public_html directory on the server to stop this. Just create a .txt and name it robots.txt. Copy and paste in the file, the following:
User-agent: * Disallow: /wp-signup.php User-Agent: * Disallow: /wp-content/plugins/
One of my websites is using WordPress Multisite to create websites for lawyers. This site was responsible for the majority of my CPU usage although it was only running 291 subsites and most of those had only two pages. The more websites running off of WordPress Multisite, the larger the database. So, I got rid of splogs and split the database.
Database: I installed the Multi-DB plugin from WPMUDEV to split the database into 16 separate databases. Multi-DB substantially reduced CPU usage and also sped up the websites. I decided to pay someone to install Multi-DB for me because I did not want to spend the time to learn how to install it or the time to actually do it. If you want someone to do it for you, let me know and I can recommend someone who I found to be very reliable, knowledgeable and inexpensive. Multi-DB is a WordPress plug-in available with a paid membership from WPMUDEV but it’s well worth it to save on hosting fees and speed up the websites.
A free plug-in, called shardb, to accomplish the same thing but in a different manner was designed by Ron Rennick. Ron and his wife Andrea are well-known in the WordPress community and I have used Andrea to help me with LawFirm911.com™. I highly recommend them and I am sure that shardb works well but I went with Multi-DB because the person I used to install it was only familiar with Multi-DB. It’s apparently easy to switch from Multi-DB to shardb at any time so I have that option but Multi-DB is working very well and I like the idea of a paid plug-in because I know it will continue to be well supported.
If you have even a small WordPress Multisite installation or are planning a new installation, I recommend using Multi-DB or shardb which will very quickly save you a substantial amount every month on hosting fees. The side benefit of speeding up your websites will help to keep the websites in the top Google results. One caveat is that I was previously using BackupBuddy to back up the entire multisite installation and cannot do that any longer. BackupBuddy says that they will support Multi-DB soon but I don’t know when. In the meantime, I have been manually downloading 16 databases which is a pain in the neck. Until I find a backup solution, I would prefer one database with higher hosting costs.
Deleting Plugins: I have a lot of plugins installed and some of them are duplicative or not necessary. Plugins utilize the database and CPU usage, so eliminating plug-ins will reduce CPU usage. The problem is that I don’t know which plug-ins are not being used. These plugins are useful for checking to see which plugins are not being used at all so that you can deactivate those as needed or determine plugin popularity: Multisite Plugin Stats (now shows which plugins are installed on each subsite in Multisite); WPMU Plugin Stats; Network Plugin Auditor. Read How To Clean Up Unused Plugins in WordPress Multisite.
How to get Nginx and WordPress Multisite running on a VPS for less than ten bucks per month.
WordPress Optimization Resources
WordPress Speed Analysis Tools:
Webpagetest.org Test a website’s performance online.
P3 (Plugin Performance Profiler) – See which plugins are slowing down your site. This plugin creates a report for your site’s plugins’ performance by measuring their impact on your site’s load time. WordPress sites often load slowly because of poorly configured plugins or because there are so many of them. By using the P3 plugin, you can narrow down the plugins causing your site to run slow. I was surprised to find two plugins that are CPU hogs, Formidable Pro and AddThis.
WPDB Profiling plugin analyzes each individual database query.
TPC! Memory Usage plugin allows WordPress administrators to view the current and peak memory usage of the application.
After spending some time to optimize my websites for faster loading and decreased CPU usage, I received an e-mail from my hosting company stating that I am now ok. Speed up your website to help keep it in the top Google results.