For any website or web application, security should always be a priority from the get-go rather than an afterthought or a nice to have. At our agency, we offer a variety of bespoke website designing, web development, and backend CMS development solutions as well as open source Wordpress website development and WooCommerce solutions. Regardless of the end solution, security should always be at the forefront of any go-live plan.
When it comes to providing security and WAF services on Wordpress based solutions, Wordfence is by far one of the most popular security plugins in the world.
With over 2 million installs and a 4.8/5 rating on the plugin's Wordpress page, there is no doubt that Wordfence has a mass appeal. Its wide gamut of features, Wordfence is a big favorite of ours as well and it is one of our top recommendations of must-have plugins on a Wordpress or WooCommerce site. However, this otherwise awesome plugin can sometimes have a negative impact on your Wordpress website. While there are many reasons your Wordpress or WooCommerce website is slow, this blog article specifically helps you tune a website which has been slowed down by Wordfence.
While Wordfence is a great plugin, it can be a resource hog on smaller server deployments especially when its settings are kept stock. As an example, we recently ran into a resource situation while working on a WooCommerce based project where we had a stock Wordfence setup with all the default settings in place. The website was built to serve a very limited audience and was therefore launched on a DigitalOcean cloud running limited CPU & RAM resources.
While the initial deployment of the project went off exactly as expected and the performance was great, we soon started to notice a dramatic drop in the performance of the website which was even more noticeable on the admin panel. Request that took 1-2 seconds were now taking close to 30 seconds to process, even more in some cases. The database showed massive resource consumption for its size and was a clear bottleneck. The bottleneck, in this case, wasn't caused by Wordpress or the WooCommerce plugin, it was primarily Wordfence trying to do the job of real-time traffic analysis and protection as it was instructed to do using the stock settings.
Here is where the issue lies. Most users simply install Wordfence leaving all the default settings in place. I mean, who wouldn't want all the recommended security being offered by the plugin. Great right? Wrong! Depending on the infrastructure, leaving these settings untweaked will have you run into the situation we have outlined above very.
Our first approach was to try an keep the settings for Wordfence intact, however, after running multiple optimizations including tweaking the max connections and timeout settings, running WP Optimize and similar solutions, all our optimizations at a database level left us with little to no improvement. Of course, we could scale up the server but that would only temporarily resolve the situation.
The right solution to a slow WP Admin and website caused by Wordfence on smaller servers lies in a few simple tweaks. Visit the Wordfence > Options menu and update these settings :