February 15, 2017 at 13:436 custom techniques to improve site performance and security
- Transfer
- Recovery mode
Speed and security are key success criteria for e-business. When it takes more than 3 seconds to load a site , you lose potential income and lose your position in search engine rankings . And when the site is not sufficiently protected , crackers have the opportunity to strike a blow at your reputation and profits.
When it comes to optimizing performance, the most commonly mentioned are the use of compression , minimizing file size, caching, using lightweight themes code, templates, plugins, extensions, etc.
If we talk about security, then, in the first place, associated extensions are associated with it, the use of a firewall for web applicationsupdating obsolete components.
All these methods are quite acceptable, but you can use the following with them.
The following is suitable for any platform, including WordPress, Joomla, Magento, Drupal, Node.js, etc. Let's see which approaches you are familiar with and which are not.
IPv6 is faster than IPv4. When connected via IPv6, LinkedIn download speed in Europe increased by 40%, and Facebook - by about 10-15%.
Take a look at Google’s worldwide IPv6 transition schedule .
About 15% of users use Google via IPv6, while only 10% of sites have IPv6 enabled.
According to Cloudflare, sites that work through IPv6 load 27% faster than those that use IPv4.
Is IPv6 already enabled for your site? If in doubt, check here . In case of a negative result, here's how to do it.
Most CDN providers such as Cloudflare, Incapsula , CacheFly, AKAMAI have IPv6 available. Go to the toolbar to enable IPv6.
To enable IPv6 on Cloudflare, you need to go to the “Network” tab.
If you do not use CDN and are hosted on virtual servers, such as Linode , DigitalOcean, etc., then check out the instructions for enabling IPv6 on Nginx and Apacheweb servers.
IPv6 won't be worse. On the contrary, this method can easily reduce page loading time by about 10%.
HTTP / 2 is an updated HTTP protocol adopted in 2015.
In terms of performance, the following advantages are associated with it:
HTTP / 2 will allow you to optimize the delivery of content by loading several page elements simultaneously on one TCP connection, and it also implements a mechanism for sending data on the server’s initiative.
Judging by the example , HTTP / 2 is seven times faster than HTTP / 1.1. You can expect a reduction in page load time of about 30-40%.
HTTP / 2 uses about 11% of all sites .
First you need to check if your site is working on HTTP / 2 now.
If not, you can enable it on a web server or network peripherals. If you use CDNs such as Cloudflare, Incapsula, MaxCDN , KeyCDN, etc., you can enable HTTP / 2 in the control panel.
Please note that HTTP / 2 is not supported over HTTP (without SSL). However, all browsers already support HTTP / 2 via HTTPS.
In other words, to use the HTTP / 2 protocol, the site must be accessible via the HTTPS protocol (for example, https://example.com ).
HTTP / 2 is also supported by shared hosting services, for example, SiteGround. If you use your server, then you can use the manual for use with Apache, Nginx .
You will get an additional level of domain protection if you enable DNSSEC.
Initially, DNS was designed to create scalable distributed systems, and were not guided by security issues. DNSSEC adds a digital signature to the DNS records and is used to check the source of the request - whether it came from an authorized or fake server.
You can connect DNSSEC from a domain registrar or a DNS administration service. If you work with CloudFlare, then you can activate DNSSEC in the “DNS” tab.
Or you can use premium DNS hosting from Namecheap, where DNSSEC support is also implemented. Once you have taken the necessary steps to protect DNS data with DNSSEC, you can test whether DNSSEC works for your domain.
Google and other large companies strongly recommend using HTTPS to ensure the security of the Internet as a whole. Recently, Google mentioned that access via HTTPS is taken into account when determining the search ranking, so it's time to get an SSL certificate for the site.
When your site loads via HTTPS, encryption of data transmitted from the user's PC to a web server or network peripherals is provided.
For bloggers and those who do not transmit sensitive data through the site, free SSL certificates , for example, from Let's Encrypt , are suitable .
If possible, try to remove the burden of checking SSL connections from network peripherals using CDNs such as MaxCDN , CloudFlare, AKAMAI, etc.
CloudFlare also providesSSL certificate as part of a free service package. After connecting an SSL certificate, be sure to check the SSL / TLS certificate for vulnerability.
For those who are serious (and this is the right approach anyway), it makes sense to think about connecting WAF to provide protection against vulnerabilities from the OWASP Top 10 list and beyond.
An additional level of protection to HTTPS can be HSTS.
The HSTS header instructs the browser to transmit all data only through the secure channel (HTTPS), does not allow the transition to a less sophisticated protocol, and prevents the interception of cookies.
The HTTP header must be added to the web server response. If you use CDN, then you need to activate HSTS on the network peripherals.
The average page size is 2.4 MB, 64% of which are in images.
Images are used everywhere, which offers great potential for optimizing and reducing the overall page size.
Reducing page size will bring the following advantages:
Here are a few image size optimization tools for WordPress, Joomla.
Cloudflare Pro users can take advantage of the new image format called WebP. WebP
format images are more than 10% smaller than already optimized PNG or JPEG files. I hope these approaches will help in optimizing the site and loading speed, as well as enhancing protection. HOSTING.cafe offers you to find virtual servers or hosting , as well as SSL certificates for your projects.
When it comes to optimizing performance, the most commonly mentioned are the use of compression , minimizing file size, caching, using lightweight themes code, templates, plugins, extensions, etc.
If we talk about security, then, in the first place, associated extensions are associated with it, the use of a firewall for web applicationsupdating obsolete components.
All these methods are quite acceptable, but you can use the following with them.
The following is suitable for any platform, including WordPress, Joomla, Magento, Drupal, Node.js, etc. Let's see which approaches you are familiar with and which are not.
Optimization Tips:
- enable IPv6 ;
- increase download speed using HTTP / 2 ;
- protect a domain using of DNSSEC ;
- use HTTPS (enable SSL certificate) ;
- enable HSTS ;
- Reduce page size by optimizing images .
Enable IPv6
IPv6 is faster than IPv4. When connected via IPv6, LinkedIn download speed in Europe increased by 40%, and Facebook - by about 10-15%.
Take a look at Google’s worldwide IPv6 transition schedule .
About 15% of users use Google via IPv6, while only 10% of sites have IPv6 enabled.
According to Cloudflare, sites that work through IPv6 load 27% faster than those that use IPv4.
Is IPv6 already enabled for your site? If in doubt, check here . In case of a negative result, here's how to do it.
Most CDN providers such as Cloudflare, Incapsula , CacheFly, AKAMAI have IPv6 available. Go to the toolbar to enable IPv6.
To enable IPv6 on Cloudflare, you need to go to the “Network” tab.
If you do not use CDN and are hosted on virtual servers, such as Linode , DigitalOcean, etc., then check out the instructions for enabling IPv6 on Nginx and Apacheweb servers.
IPv6 won't be worse. On the contrary, this method can easily reduce page loading time by about 10%.
Increase download speed with HTTP / 2
HTTP / 2 is an updated HTTP protocol adopted in 2015.
In terms of performance, the following advantages are associated with it:
- use of push-technologies on the server side;
- it is possible to load page elements simultaneously on one TCP connection;
- header compression
- low latency.
HTTP / 2 will allow you to optimize the delivery of content by loading several page elements simultaneously on one TCP connection, and it also implements a mechanism for sending data on the server’s initiative.
Judging by the example , HTTP / 2 is seven times faster than HTTP / 1.1. You can expect a reduction in page load time of about 30-40%.
HTTP / 2 uses about 11% of all sites .
First you need to check if your site is working on HTTP / 2 now.
If not, you can enable it on a web server or network peripherals. If you use CDNs such as Cloudflare, Incapsula, MaxCDN , KeyCDN, etc., you can enable HTTP / 2 in the control panel.
Please note that HTTP / 2 is not supported over HTTP (without SSL). However, all browsers already support HTTP / 2 via HTTPS.
In other words, to use the HTTP / 2 protocol, the site must be accessible via the HTTPS protocol (for example, https://example.com ).
HTTP / 2 is also supported by shared hosting services, for example, SiteGround. If you use your server, then you can use the manual for use with Apache, Nginx .
Secure domain with DNSSEC
You will get an additional level of domain protection if you enable DNSSEC.
Initially, DNS was designed to create scalable distributed systems, and were not guided by security issues. DNSSEC adds a digital signature to the DNS records and is used to check the source of the request - whether it came from an authorized or fake server.
You can connect DNSSEC from a domain registrar or a DNS administration service. If you work with CloudFlare, then you can activate DNSSEC in the “DNS” tab.
Or you can use premium DNS hosting from Namecheap, where DNSSEC support is also implemented. Once you have taken the necessary steps to protect DNS data with DNSSEC, you can test whether DNSSEC works for your domain.
Use HTTPS (enable SSL certificate)
Google and other large companies strongly recommend using HTTPS to ensure the security of the Internet as a whole. Recently, Google mentioned that access via HTTPS is taken into account when determining the search ranking, so it's time to get an SSL certificate for the site.
When your site loads via HTTPS, encryption of data transmitted from the user's PC to a web server or network peripherals is provided.
For bloggers and those who do not transmit sensitive data through the site, free SSL certificates , for example, from Let's Encrypt , are suitable .
If possible, try to remove the burden of checking SSL connections from network peripherals using CDNs such as MaxCDN , CloudFlare, AKAMAI, etc.
CloudFlare also providesSSL certificate as part of a free service package. After connecting an SSL certificate, be sure to check the SSL / TLS certificate for vulnerability.
For those who are serious (and this is the right approach anyway), it makes sense to think about connecting WAF to provide protection against vulnerabilities from the OWASP Top 10 list and beyond.
Use HSTS
An additional level of protection to HTTPS can be HSTS.
The HSTS header instructs the browser to transmit all data only through the secure channel (HTTPS), does not allow the transition to a less sophisticated protocol, and prevents the interception of cookies.
The HTTP header must be added to the web server response. If you use CDN, then you need to activate HSTS on the network peripherals.
Reduce page size by optimizing images
The average page size is 2.4 MB, 64% of which are in images.
Images are used everywhere, which offers great potential for optimizing and reducing the overall page size.
Reducing page size will bring the following advantages:
- fast page loading;
- saving money on traffic.
Here are a few image size optimization tools for WordPress, Joomla.
Cloudflare Pro users can take advantage of the new image format called WebP. WebP
format images are more than 10% smaller than already optimized PNG or JPEG files. I hope these approaches will help in optimizing the site and loading speed, as well as enhancing protection. HOSTING.cafe offers you to find virtual servers or hosting , as well as SSL certificates for your projects.