Speed and security are key criteria for the success of e-business. When
a site takes more than 3 seconds to
load , you lose your potential income and lose positions in
search engine rankings . And when the site is
not sufficiently protected , hackers have the opportunity to strike at your reputation and profits.
When it comes to optimizing performance, the most common ones are using
compression , minimizing file size, caching, using lightweight theme code, templates, plug-ins, extensions, etc.
If we talk about security, then it is primarily associated with the appropriate extensions, the use of a
firewall for web applications , updating obsolete components.
')
All these methods are quite acceptable, but the following can be used with them.
The following is suitable for any platform, including WordPress, Joomla, Magento, Drupal, Node.js, etc. Let's look at what approaches you are already familiar with, and with which - no.
Optimization Tips:
Enable IPv6
IPv6 is faster than IPv4. When connected via IPv6,
LinkedIn download speed in Europe increased by 40%, and
Facebook - by about 10-15%.
Take a look at the IPv6 worldwide transition schedule prepared by
Google .
Approximately 15% of users use Google over IPv6, in turn, only
10% of sites have IPv6 enabled.
According to
Cloudflare, sites that work over IPv6 load 27% faster than those that use IPv4.
Is IPv6 already enabled for your site? If in doubt, check
here . In case of a negative result, here's how to do it.
Most CDN providers such as Cloudflare,
Incapsula , CacheFly, AKAMAI have IPv6 available. Go to the toolbar to enable IPv6.
To enable IPv6 on Cloudflare, you need to go to the “Network” tab.
If you do not use
CDNs and are hosted on virtual servers, such as
Linode , DigitalOcean, etc., then read the instructions for
enabling IPv6 on Nginx and Apache web servers.
With IPv6 will not be worse. On the contrary, this method will easily reduce the page load time by about 10%.
Increase download speed using HTTP / 2
HTTP / 2 is an updated HTTP protocol adopted in 2015.
In terms of performance, the following benefits are associated with it:
- use of push-technologies on the server side;
- it is possible to load page elements simultaneously over a single TCP connection;
- header compression;
- low latency
HTTP / 2 allows you to optimize content delivery by loading several page elements simultaneously over a single TCP connection, and it also implements a mechanism for sending data initiated by the server.
Judging by the
example , HTTP / 2 is seven times faster than HTTP / 1.1. You can expect a reduction in page load time by about 30-40%.
HTTP / 2 use about
11% of all sites .
First you need to check
if your site works on HTTP / 2 now.
If not, it can be enabled on a web server or network peripherals. If you use a CDN, for example, Cloudflare, Incapsula,
MaxCDN , KeyCDN, etc., then you can enable HTTP / 2 in the control panel.
Please note that
HTTP / 2 is not supported over HTTP (without SSL). However, all browsers already support HTTP / 2 via HTTPS.
In other words, to use the HTTP / 2 protocol, the site must be accessible via the HTTPS protocol (for example,
https://example.com ).
HTTP / 2 is also supported by virtual hosting, for example,
SiteGround . If you use your server, then you may find the manual
on using with Apache, Nginx useful.
Secure Domain with DNSSEC
You will receive an additional level of domain security if you enable DNSSEC.
Initially, DNS was developed to create scalable distributed systems, and security issues were not guided. DNSSEC adds a digital signature to the
DNS records and is used to verify the source of the request - whether it came from an authorized or fake server.
You can connect DNSSEC with a domain name registrar or a service administering DNS. If you work with CloudFlare, you can activate DNSSEC in the “DNS” tab.
Or you can use
Namecheap 's premium DNS hosting, which also supports DNSSEC. Once you have taken the necessary measures to protect DNS data with DNSSEC, you can test
whether DNSSEC works for your domain.
Use HTTPS (connect SSL certificate)
Google and other large companies strongly recommend using HTTPS to ensure the security of the Internet as a whole. Recently, Google mentioned that access via HTTPS is taken into account when determining search rankings, so it's time to get an SSL certificate for the site.
When your site is loaded via HTTPS, encryption of data transmitted from the user's PC to the web server or network peripherals is provided.
Bloggers and those who do not transmit sensitive data through the site will
be eligible
for free SSL certificates , for example, from Let's Encrypt.
If possible, try to
unload the SSL connection check from the network peripherals using CDNs such as
MaxCDN , CloudFlare, AKAMAI, etc.
CloudFlare also provides
an SSL certificate as part of a free package. After connecting the SSL certificate, do not forget
to check the SSL / TLS certificate for vulnerability.
For those who are serious (and this is, in any case, the right approach), it makes sense to think about connecting
WAF to provide protection against vulnerabilities from the OWASP Top-10 list and not only.
Use HSTS
An additional level of security over HTTPS can be HSTS.
The HSTS header gives the browser instructions for transmitting all data only over a secure channel (HTTPS), does not allow switching to a less advanced protocol, and prevents the interception of cookies.
The HTTP header needs to be added to the response of the web server. If you are using a CDN, you must activate the
HSTS on the network peripherals.
Reduce page size by optimizing images
The average page size is 2.4 MB, 64% of which are images.
Images are used everywhere, which opens up huge potential for optimizing and reducing the overall page size.
Reducing the size of the page will bring the following advantages:
- fast page loading;
- saving money on traffic.
I bring several
tools to optimize the size of images for WordPress, Joomla.
Cloudflare Pro users can use the new image format called “WebP”.
WebP images are more than 10% smaller than already optimized PNG or JPEG files.
I hope these approaches will help in optimizing the site and download speed, as well as enhancing protection.
HOSTING.cafe offers you to find virtual servers or hosting , as well as SSL certificates for your projects.