The optimization of WordPress websites has always been about installing a few plugins to solve the problem. The optimizations done on virtual hosts were quite limited (like Redis couldn't be installed). Currently, the results tested in the browser are quite good.
This article will be continuously updated, and all the content introduced in this article is free. (Or free is enough)
Test Results
Website Optimization for Speed#
HTTP2 push content plugin can help you easily apply HTTP2, automatically pushing the JS and CSS files included in the page using server push. Regarding server push, "HTTP/2 Server Push Tutorial" explains how this technology can reduce the number of requests (essentially solving it quickly and effectively with one or two requests). In addition, Youpai Cloud also supports setting HTTP2 + server push, but there are some limitations.
Redis Object Cache plugin can cache data such as comments through the Redis database, improving the website's concurrency capability while speeding up the website. WP OPcache plugin can accelerate PHP scripts. These two plugins require the server to install the corresponding applications or extensions, which cannot be used on virtual hosts.
On the CDN side, try to set a longer expiration time for the cache of static files such as JS, CSS, and audio. Youpai Cloud also supports page compression, and setting the compression level to 1 is sufficient; setting it too high may affect speed.
Additionally, Youpai Cloud also supports HTTP3, which is recommended for use. (However, this has little impact on the website's loading speed)
Website Optimization for Security#
Although this is futile for those who really want to attack, as website owners, we cannot leave the door wide open for others to enter.
On the server side, Teacher Du helped me install a micro-step Trojan detection on my server, and I brought the security risk of the panel down to 0.
On the application side, I have enabled automatic updates for all plugins used on the website, and the WordPress version will always remain up to date. The website uses the Wordfence Security plugin as an application firewall and modified the php.ini according to the prompts provided by the plugin.
Recently, the situation regarding brute force attacks has become quite severe. According to data provided by Wordfence, most attackers choose to use "admin" as the username for brute forcing, while some try using my domain name, English name, or usernames starting with "test." This month, there were 187 attempts at brute force attacks and a total of 1116 various attacks. Currently, I am using Two-Factor Authentication to strengthen the login, so even if the password is guessed, they cannot log into the backend.
On the resolution side, this site uses Tencent Cloud for domain registration, uses Cloudflare for domain resolution, and has enabled DNSSec. (I heard that DNSSec is not very useful, so I just enabled it) I heard that Cloudflare has some issues with resolution in China, so I switched to using Cloud Shield for authoritative resolution services.