All Valcato Hosting accounts are located on powerful servers shared between a number of customers and are great for running Wordpress. However sometimes Wordpress can use a lot of computing power - particularly when plugins are added - when this happens visitors may encounter a 508 Resource Limit Is Reached message.
These are some techniques that can be used to optimise and harden Wordpress so that fewer resources are used:
Install a Caching Plugin
A caching plugin reduces the amount of PHP and database processing required to load each Wordpress page on your website, replacing it with a static HTML file, which doesn't count towards the resource usage.
We recommend the WP Super Cache plugin; it's created by the team behind Wordpress.com
It can be downloaded from: https://en-gb.wordpress.org/plugins/wp-super-cache/
Installation instructions are here.
Disable xmlrpc.php file
The xmlrpc.php file is part of Wordpress used by external systems to login to your Wordpress admin area (for example the Wordpress iPhone app), but is often a target for bots to flood your website with failed login requests (known as a DDoS attack). If you don't need this functionality, then access to it can be blocked.
It's not sufficient to simply delete the file, as it will be restored next time Wordpress is updated. Instead it can be blocked:
- Login to cPanel
- Click the File Manager icon (or use SFTP)
- Navigate to the directory in which Wordpress is installed
- Edit the file called .htaccess
- Add the following code to the bottom of the file:
# Block WordPress xmlrpc.php requests order deny,allow deny from all
- Save the file to the server
Access to this file is now permanently blocked and cannot be targeted.
Protect the Administration Area
The administration area of Wordpress is a common target for bots trying to guess the password of the Wordpress administration area and also flooding a website (known as a DDoS attack). Adding an additional protection to the administration area can prevent this:
- Login to cPanel
- Click the Directory Privacy icon
- Navigate to the directory in which Wordpress is installed
- Click the Edit button next to the wp-admin directory
- Tick the Password protect this directory checkbox
- Optionally enter a name to be displayed on the login prompt
- Click Save
- Next you'll be asked to specify a username and password. This can be any value, we recommend is be different from your Wordpress admin logins.
- Click Save
Now access to your Wordpress Admin login page is protected by an additional username and password prompt.
Schedule a Cron Job to perform housekeeping tasks
Each time a Wordpress page is loaded, it checks to see whether any housekeeping tasks need to be performed, and if necessary starts doing them in the background. This includes core features such as checking for updates, publishing scheduled posts and generating backups. So by logging into the Wordpress admin area, the intensive tasks are triggered in the background, using up the resources available for other tasks such as serving and processing PHP webpages. As a result your updates might be competing with these housekeeping tasks.
There is a solution; trigger the housekeeping checks every 15 minutes via a Cron Job instead of waiting for visitors to do it. This is a little more advanced:
- Login to cPanel
- Click the File Manager icon (or use SFTP)
- Navigate to the directory in which Wordpress is installed
- Edit the wp-config.php file
- Add the following code to the file:
define('DISABLE_WP_CRON', true); - Save the file to the server
- In cPanel click the Cron Jobs icon
- Use the dropdown menu to select the Twice Per Hour option
- In the Command text box, enter code like this:
wget --delete-after http://YOUR_SITE_URL/wp-cron.php
- Replace YOUR_SITE_URL with the actual address of your website's Wordpress installation eg. example.com:
- Click the Add New Cron Job button
The regular Wordpress housekeeping tasks will now be triggered by the cron job. This should mean that when you or visitors go to the website, the background tasks have already been performed, leaving more resources for your editorial tasks.
For reference here is the section of the Wordpress documentation which covers these changes: https://developer.wordpress.org/plugins/cron/hooking-wp-cron-into-the-system-task-scheduler/
Completing these steps will help harden and optimise the Wordpress app on your website, allowing more visitors to access it and reducing the resource usage.
