Reducing Server Resources: Improve Costs, SEO, Conversions & UX
Download as PPTX, PDF3 likes3,207 views
Michael Jones, an expert in search engine marketing and SEO with 14 years of experience, managed multiple travel websites and focused on enhancing their security and performance. After noticing unusual CPU usage, he researched and implemented various strategies, including IP blocking and content delivery networks (CDNs), to mitigate risks and improve website load times. His efforts resulted in normalized server resources and significant improvements in website performance metrics, emphasizing the importance of continuous testing and optimization.
Reducing Server Resources: Improve Costs, SEO, Conversions & UX
- 1. Michael Jones - Holidaypoint.com.au
- 2. 14 years of search engine marketing experience, worked with many large organisations in Australia (both in-house and agency side), in a broad range of industries including: shopping, insurance, classified and service websites. Specialising in SEO, but have experience in: - SEM - Analytics - Social - Local - Reputation Management - Email Marketing A network of 11 travel websites; managing everything from: - Search Engine Optimisation - Social Media Marketing - Video & Image Creation - Content Editing - Web Programming - Website Building - Affiliate Marketing - AdSense - Web Analytics - Keyword Research Web Search Strategist
- 3. Just an ordinary day in Cpanel
- 4. Not Really! During my routine inspection of my Cpanel interface, I noticed that my CPU usage and account executions were significantly higher than normal and were exceeding the usage limits. From past experience – this usually leads to trouble…
- 5. Surely I was already safe? Having road-tested a lot of Wordpress security plugins in the past, I thought I was pretty safe from potential hackers, harvesters and spamming; especially with the built in features of Wordfence… http://www.wordfence.com/
- 6. Wordfence – IP blocking I was blocking whole countries from accessing my websites, along with individual IPs that have tried accessing my admin panel and those who were obviously not human visitors (crawling my website too quickly, but not a search engine) http://www.wordfence.com/
- 7. Wordfence – Firewall Additional to this, there is a built-in firewall that automatically blocks IPs based on certain triggers (accessing the site too quickly, using a username that doesn’t exist, etc) http://www.wordfence.com/
- 8. Redirections – 404 Logs I also utilise a plugin that logs all 404 errors and easily lets me implement 301 redirects to stop users from trying to access those files in the future. I also block their IPs if they apparent to be sniffing for file vulnerabilities. https://wordpress.org/plugins/redirection/
- 9. So what did I do about it?
- 10. Ask for help Since I have had similar issues in the past, I jumped into a live chat session with my Web Host, who then told me to launch a support ticket. <<< ME THEM >>>
- 11. Research admin-ajax.php I just did a quick Google search and found out what this file is used for, ways I could minimise the usage, and possible effects of changing how it works.
- 12. Research wp-cron.php Similar to the previous, I researched what this file is and what it does. The default configuration of wp-cron is used to trigger background / maintenance tasks in the background every time a page is loaded. If you have a pretty basic website, this really isn’t required, so I limited how often cron- jobs are processed.
- 13. Some of my themes use Timthumb Timthumb is a resource heavy script that automatically compresses and resizes images on the fly. Since it is somewhat old technology and has been a known security vulnerability in the past - it’s no longer updated / supported, I have a started to change themes (that’s another story altogether), but I have also blocked external websites from triggering the script and hotlinking images.
- 14. Awstats – Visiting Countries Since Google Analytics only monitors pages / users that trigger the tracking code, it is advised to look into Awstats instead (this looks at all files on your website). For an AU based website that normally receives nearly all traffic from Australia, the stats below looked worrying – especially the Pages to Hits Ratio.
- 15. Awstats – Requested Files Similar to the list of files provided by the hosting company, I was also able to view the most requested file on a site basis. You can see here that xmlrpc.php has been requested an abnormally high number of times.
- 16. Awstats – Visiting IP addresses Similar to the country report, you can also review the most active IP addresses. Not only can we see that the ratio between Pages and Hits is way to low, but an IP trace shows they are from suspicious countries outside of my targeted audience.
- 17. IP Deny Manager With the IP addresses in hand, I used the IP Deny Manager tool to start blocking these suspicious IPs form accessing my website. The good thing about this is that it applies the blocks across all your websites at once. I also added additional countries to Wordfence.
- 18. Surely that was enough?
- 20. An email I get at 3am in the morning So lets just say it was not very fun waking up to this – especially since everything was fixed… that and I already flagged potential issues that I was looking into.
- 21. The major issue: Current Suggested Not only were the suggested upgrades I needed are overkill for what I need, but the closest hosting upgrade is more than 4 times the price.
- 22. What I responded with: ME >>> <<< THEM So they unblocked my website, but I pretty much 24 hours to turn things around or I would be blocked again.
- 23. Time to declare war!
- 24. Block and block some more Using a combination of Awstats & the IP Deny Manager, I reviewed the list of recently visited IP addresses and further blocked anything suspicious.
- 25. Time to step up my game! http://spyderspanker.com/
- 30. Spyder Spanker - Settings Panel Blacklist Whitelist IP Blocking Country Blockinghttp://spyderspanker.com/
- 31. Spyder Spanker – Project Honeypot If a visitor doesn’t get matched to your whitelist or blacklist, their IP is submitted to Project Honeypot where they are matched against an up to the minute list of comment spammers, harvesters, hackers and suspicious IPs. http://spyderspanker.com/
- 32. EWWW Image Optimiser A great free and easy to use Wordpress Plugin that bulk optimises your existing images files and new optimises new images on the fly. https://wordpress.org/plugins/ewww-image-optimizer/
- 33. Caching Plugins So even though I was using the built-in mod_pagespeed apache module provided by my webhost, there was several things that I wasn’t able to implement and the settings were quite basic… so I went looking around. https://www.w3-edge.com/products/w3-total-cache/
- 34. W3 Total Cache After road-testing several plugins by looking at their configuration options, their functionality, pagespeed scores and page loading times, I settled on W3 Total Cache for their manual control of Javascript minifying and deferring and cache settings. Here are some of the key benefits of these plugins: https://www.w3-edge.com/products/w3-total-cache/
- 35. W3 Total Cache: Setting Examples Manual control of Javascript Delivery CDN Support for popular providers Full control on the file types to cache / CDN deliver https://www.w3-edge.com/products/w3-total-cache/
- 36. CDN Delivery “A content delivery network (CDN) is an interconnected system of cache servers that use geographical proximity as a criteria for delivering web content.
- 37. Why use a CDN? https://www.keycdn.com/
- 38. Which CDN provider to use? Apart from reading a lot of online reviews and endorsements, I also used a few calculators that would compare pricing on monthly bandwidth and traffic origin. Some providers have the nerve to charge extra for different countries and also will look to charge you a flat fee regardless of how much data you use. http://www.cdncalc.com/
- 45. After all that, what did I see? BEFORE AFTER
- 46. My server resources normalised I got a response back from my web host that server resources have fell back to normal rates and that the ticket has been closed. If anything, these are the lowest they have been in a long time, which means I can afford to use additional plugins and launch more websites to maximise my existing hosting package.
- 47. CDN Impact You can see from the below bandwidth graph below that even though my website traffic increased, the data served from my server has fallen considerably. This is an indication that content is being servers via my CDN by the closet data centre for users.
- 48. Pagespeed: Before & After Measuring 2 different websites using the same theme on the same host, we can see that the one that uses W3 Total cache and EWWW has halved their page load time, is 520k lighter and has 16 less requests – even though website A is loaded with affiliate widgets and Adsense units. Website A Website B
- 49. Website A Performance: Pre vs Post changes Using the same website and the same testing tool, we can see that by using EWWW, we successfully trimmed 500k from the page weight, and due to the improved code & asset delivery, the website’s visual progress has improved by 1 second at both the 50% and 100% marks.
- 50. Summary So even though I have added several new plugins to my website to make it more secure and to improve delivery, I have actually negated any noticeable impacts by installing them. Even though I was pretty confident with mod_pagespeed’s out of the box functionality, it actually goes to show that you can always go that little bit further to improve your results, and you shouldn’t become complacent believing what you have is always the best solution – test, test and test again – and forever strive for the best results possible (backed up by actual data).
- 51. Final Advice • Monitor your website, check your stats and logs • Utilise plugins / modules to automatically block bad bots / visitors • Block whole countries that serve no purpose accessing your website • Lock down your login page • Utilise plugins / systems to make your website load faster and reduce your page weight (it’s part of the Google Algorithm and great for UX) • Use a CDN – they are actually very cheap – even if you host locally • Forever test!