How to fix a slow Wordpress Admin caused by Wordfence

Scroll Down
How to fix a slow Wordpress Admin caused by Wordfence

For any website or web application, security should always be a priority from the get-go rather than an afterthought or a nice to have. At our agency, we offer a variety of bespoke website designing, web development, and backend CMS development solutions as well as open source Wordpress website development and WooCommerce solutions. Regardless of the end solution, security should always be at the forefront of any go-live plan.

When it comes to providing security and WAF services on Wordpress based solutions, Wordfence is by far one of the most popular security plugins in the world. 

With over 2 million installs and a 4.8/5 rating on the plugin's Wordpress page, there is no doubt that Wordfence has a mass appeal. Its wide gamut of features, Wordfence is a big favorite of ours as well and it is one of our top recommendations of must-have plugins on a Wordpress or WooCommerce site. However, this otherwise awesome plugin can sometimes have a negative impact on your Wordpress website. While there are many reasons your Wordpress or WooCommerce website is slow, this blog article specifically helps you tune a website which has been slowed down by Wordfence.

The issue with Wordfence on Smaller Servers

While Wordfence is a great plugin, it can be a resource hog on smaller server deployments especially when its settings are kept stock. As an example, we recently ran into a resource situation while working on a WooCommerce based project where we had a stock Wordfence setup with all the default settings in place. The website was built to serve a very limited audience and was therefore launched on a DigitalOcean cloud running limited CPU & RAM resources. 

While the initial deployment of the project went off exactly as expected and the performance was great, we soon started to notice a dramatic drop in the performance of the website which was even more noticeable on the admin panel. Request that took 1-2 seconds were now taking close to 30 seconds to process, even more in some cases. The database showed massive resource consumption for its size and was a clear bottleneck. The bottleneck, in this case, wasn't caused by Wordpress or the WooCommerce plugin, it was primarily Wordfence trying to do the job of real-time traffic analysis and protection as it was instructed to do using the stock settings. 

Here is where the issue lies. Most users simply install Wordfence leaving all the default settings in place. I mean, who wouldn't want all the recommended security being offered by the plugin. Great right? Wrong! Depending on the infrastructure, leaving these settings untweaked will have you run into the situation we have outlined above very.

Alternate Failed Fixes

Our first approach was to try an keep the settings for Wordfence intact, however, after running multiple optimizations including tweaking the max connections and timeout settings, running WP Optimize and similar solutions, all our optimizations at a database level left us with little to no improvement. Of course, we could scale up the server but that would only temporarily resolve the situation.

The Simple and Correct Fix

The right solution to a slow WP Admin and website caused by Wordfence on smaller servers lies in a few simple tweaks. Visit the Wordfence > Options menu and update these settings  :

  1. Under Basic Options
    Uncheck ‘Enable Live Traffic View’

  2. Under Email Summary
    Uncheck ‘Enable email summary’

  3. Under ‘Scans to include’
    Check ‘Use low resource scanning (reduces server load by lengthening the scan duration)’
    Set ‘Limit the number of issues sent in the scan results email’ to 500

  4. Set ‘Rate Limiting Rules’ as defined below :

  5. Under Other Options
    Set ‘How much memory should Wordfence request when scanning’ to 100
    Set ‘Update interval in seconds (2 is default)’ to 15 seconds

  6. Set a valid email address for ‘Where to email alerts’. This is critical because you will receive important emails regarding the website on this email address so please ensure it is a valid and frequently checked email address

  7. Under Advanced Option > Alerts
    check ‘Email me if Wordfence is deactivated‘
    uncheck ‘Alert when an IP address is blocke
Once done, Save the settings. Give the newly updated settings a few minutes to kick in and you should quickly start seeing your website and Admin panel become more responsive. For more settings, visit the Wordfence documentation.

In Conclusion

Wordfence really is a great plugin but it can be a demanding on your server resources. Good news is, keeping the settings tight can resolve most bottleneck issues and have your Wordpress website back to normal in no time.

comments powered by Disqus