Can your website perform faster if it has better security? Absolutely! In fact, better security may be the only reason your site performs at all when there is a surge in bot attacks. Read on to see how performance is tied directly to security and what you can do to improve both on your site.
Page Load Speed
How fast one of your site pages can be delivered to a viewer may make the difference in you gaining a client or losing one. If they don’t already know you, and your post is testing their patience factor, they may decide that someone else is more interested in their business than you are.
There are multiple elements that affect load speed, including:
(For more on the first three items, read WordPress Site Performance 300% Improvement in 3 Easy Steps)
How Security Affects Traffic
How many of your site visitors are humans and how many are bots?
If you don’t know, you need to.
If your hosting has cPanel, like my preferred vendor A2 Hosting (aff link), then it’s a very easy thing to check. Log in to your cPanel and go to the Logs section and click Awstats.
Be sure to refresh to the current date at the top.
Then scroll down and look at the wealth of info you can get about the visitors to your site, including how many of them are unknown bots. You’ll also want to have a look at the number of visitors that only stayed on your site for less than :30 seconds. Most of them are probably bots.
Good Bots, Bad Bots
You want good bots to visit your site. Google has several bots, as do all major search engines. And they are easy to identify in that list.
What you don’t want are a bunch of unknown bots, especially those that are hammering your wp-login.php or other admin pages. Those bots are trying to hack your site through a brute force attack.
Read DDoS Attacks, Brute Force Attacks, and Site Security for more.
Chewing Up Resources
Each time a bot tries to break your login, a request has to be sent to the server to see if it is correct. That eats your system resources. On shared hosting, the limits for the resources you are allowed to use have a low ceiling.
If bad bots are using up most of the resources, that doesn’t leave much left for legitimate site visitors to use. That makes your pages load slowly.
If they use up enough, the host will automatically make your site completely unavailable to all site visitors, bots and humans, until the requests drop. That’s not good on days where you have a post going viral. And search engine bots may issue a warning if they happen to be crawling then too.
See the Logs image above to find the Resources icon and see how your site is running on average.
What You Can Do
1. View your site stats and analytics on a regular basis. You need to know what normal is.
2. Monitor your uptime. Free sites like Monitor.us give you a good indication when you’re site is getting hammered and your resources are being limited. They even send out email notifications. (And no host really has 99.9% uptime, no matter what they guarantee. But you should be running very close or at 100% most of the time.)
3. Know your bots and attack types. I mentioned a brute force attack, but there are others too. And you need to guard against all of them. Read DDoS Attacks, Brute Force Attacks, and Site Security for this and 4. below.
4. Know your protection choices. There is no one-size-fits-all solution.
5. Optimize your site. If your site is chewing up your resources all by itself, it doesn’t take too big of a bot hit to put it over the edge. A lean site runs faster all the time, which is going to make your visitors very happy.