Performance vs. Security — How to Strike the Balance for WordPress Sites

It’s understandable to scoff at the idea of a football player taking ballet lessons. But while the image of a 320-pound lineman in a tutu may be a bit over the top, the analogy is the perfect comparison to the challenge of balance of speed and security to most effectively host a website.

WordPress is notoriously difficult to run at peak performance without sacrificing stability. Its status as the world’s most popular content management system also makes the publishing platform among the largest targets for security breaches as well.

So, lace up those pointe shoes and learn how to balance raw power with nimble agility as we explain how to have the best of both worlds with WordPress websites.

Multiple Caching Layers and SSDs Maximize Site Speed

The quickest way to improve performance is by selecting a reputable host with modern infrastructure. Instead of blindly picking the mainstream provider that offers unlimited storage, bandwidth, and memory for a song, find a company that offers performant solid-state drives and the technical expertise to fine-tune its hardware and applications.

With free SSDs and four layers of server-side caching, Media Temple provides the tools to maximize performance on WordPress sites. The company relies on Varnish, Memcached, Redis, PHP APC, and L2 to supercharge page loads while minimizing calls to the server, storage, and databases.

 SSL Certificates Protect Websites Without Slowing Load Times

Yes, SSL certificates carry the stigma of slowing down websites. But a well-configured installation minimizes page load impact and could even help site owners draw more traffic. Google rewards both speedy page loads and HTTPS encryption with higher placement in search results.

As of 2017, half the web is now secured with SSL certificates, which have become increasingly efficient over the years. SEO and marketing giant Moz provides a thorough guide to optimizing data encryption and secure connections, saving visitors from extra milliseconds of waiting.

Managed Services Reduce the Load on In-House IT Teams

Responding to both the global popularity of WordPress and the relative inexperience of most website owners, many hosts—Media Temple included—provide WordPress-specific hosting plans backed by managed services and decades of technical expertise.

Although several managed WordPress hosting packages only cover the bare minimum, Managed WordPress hosting with Media Temple comes with around-the-clock security monitoring, along with DDoS and intrusion protection. Optimized infrastructure, SSD storage, and unlimited data transfers also help make it easy for users to boost site performance.

Choose the Right Plugins and Keep Up With Updates

Although WordPress is great for a number of things, it can’t be everything to everybody. Plugins add functionality, performance, and security to websites—if used properly. Distinguishing safe from dangerous plugins in a repository of more than 52,000 can get tricky, however, and site owners should consider a variety of factors when choosing what to install: How often has a plugin been downloaded? When was it last updated? Which version of WordPress does the plugin support?

Once your WordPress platform is setup as desired, maintenance is critical. Developers frequently revise and patch their code to account for newly discovered vulnerabilities, so installing updates in a timely fashion is super important. Media Temple makes this easy for users by automatically updating WordPress, PHP, and MySQL. While core updates can be automated, users can test the updates on staging sites alongside delaying updates for 30 days to test compatibility and stability. WordPress also offers instructions on how to configure automatic updates for plugins, themes, translation files, and the WordPress Core.

Run WordPress Speedily, Safely, and Securely From the Start

Whether a WordPress website garners two or 2,000 visitors a day, it is vulnerable to attack. A spate of attacks in February 2017 affected roughly 2 million pages using an outdated version of WordPress. Thankfully, however, there are many simple procedures admins can implement to protect a site from SQL injection, cross-site scripting, and elevation of privileges:

  • Run the latest version of PHP
  • Don’t use admin for a username
  • Utilize strong, unique passwords
  • Limit login attempts
  • Enable two-factor authentication
  • Make sure file permissions are correct

Enhanced security practices, however, don’t inherently have to bog down a site’s performance. While Media Temple takes care of increasing your infrastructure’s cruising speed, site administrators can streamline how WordPress operates and handles data. Start by using Media Temple’s front-end site analysis tool to benchmark performance and receive suggestions for increasing site speed. In the meantime, here are some other tactics:

  • Use a lightweight theme or framework
  • Reduce image sizes
  • Minify JavaScript and CSS files
  • Add a content delivery network (CDN)
  • Upload videos elsewhere and embed them
  • Optimize databases and reduce calls

At the end of the day, balancing performance and security doesn’t have to be an either/or dilemma. Site owners of all levels of experience can find a happy medium, particularly with the help of a strong managed hosting provider.

Happy hosting!

About the Author Laura Stamey writes, designs, and develops for as a Contributing Editor for Digital Brands, Inc. The HostingAdvice team boasts more than 50 years of combined experience building and scaling personal projects and industry-leading websites and applications. More by this Author