I had serious issues with CPU overages on my WordPress site.
Bandwidth limitations, too many executions…whatever you want to call it. All this means is that we need to reduce the amount of resources consumed by your site, plugins, images, etc.
I was able to reduce CPU usage by configuring WP Disable, minimizing plugins and turning off unused settings, offloading resources to Cloudflare/MaxCDN, cleaning my database, limiting crawlers using Wordfence, and uploading this convenient bad bot list to my .htaccess. But you should also check AWStats (usually found in your cPanel) which identifies causes of high CPU.
Hosting companies want you to upgrade your plan which WILL work since you will be getting more server resources, but you should try these alternatives before reaching into your pocket.
I was also able to get 200ms load times in Pingdom and .5s in GTmetrix. You can read my WordPress speed guide to see how I did it but I contribute most of it to SiteGround who was rated the #1 host in a recent Facebook poll (and last year’s poll) when I migrated to their semi-dedicated GoGeek plan which comes with 4x more resources than shared hosting (and can handle more CPU usage). I also contribute it to WP Rocket which is generally accepted as the best cache plugin. WP Rocket has an option for database cleanup, lazyloading images, videos, iframes, Cloudflare + MaxCDN, which makes it easier to complete those steps in my tutorial.
1. Check CPU Usage In AWStats
AWStats is built-in to most cPanels (SiteGround, Bluehost, Godaddy) in their “statistics” section and identifies the source of high CPU. I’m going to be referencing it in a few steps in this tutorial (reducing CPU from crawlers, downloaded files, images) so check to see if you have it. You can also use the WP Server Stats plugin but AWStats is definitely more detailed.
AWStats helps you find:
- Total bandwidth usage
- High bandwidth crawlers
- High bandwidth IP addresses
- High bandwidth download files
- High bandwidth files (eg. images)
2. Check Your Server Response Time
You can also check TTFB in the GTmetrix Timings tab…
PHP Version – PHP 7 makes your site faster and more secure, but only 15% of WordPress users are on PHP 7. Install the Display PHP Version plugin to see what version you’re running. If you’re using an outdated version, check whether your theme/plugins are compatible using the PHP Compatibility Checker plugin then upgrade to PHP 7 through your host. Some hosts don’t support PHP 7 (Godaddy still uses PHP 5.6) while SiteGround and most hosts use PHP 7.
My Server Is Slow, Should I Upgrade Hosting?
I won’t suggest upgrading if you don’t need to – go through this tutorial first. But I would definitely avoid using a hosting company owned by EIG (Bluehost, HostGator, Site5, etc), check if they have a low rating in this Facebook poll, and make sure they use fast technologies like PHP7, HTTP/2, and NGINX. Migrating from a cheap $3.95/month plan to SiteGround’s semi-dedicated GoGeek plan ($11.95/month) can make a huge difference since it includes 4x as many server resources (key factor in the WordPress optimization guide) and is what I highly contribute my 200ms Pingdom load times and .5s in GTmetrix to. Their speed technology includes the SG Optimizer plugin which automatically upgrades you to the latest PHP version.
3. Configure WP Disable
WP Disable turns off unused WordPress settings that consume CPU like post revisions, autosaves, pingbacks, trackbacks, emojis, and others. It also has other speed options like loading Google fonts asynchronously, heartbeat control, and hosting Google Analytics on a local server. It is SUPER easy to use and Jody (developer) has made some huge updates recently and maintains the plugin very well – making this one of my favorite speed plugins.
Host Google Analytics Locally – on the right side of the WP Disable settings, enter your Google Analytics UA code. This should fix the “leverage browser caching” item for Google Analytics often seen in GTmetrix, Pingdom, and Page Speed Insights. Be sure to delete ALL other tracking codes and Google Analytics plugins, and make sure GA is still tracking user data.
4. Block Spammy Bots + Spiders
In AWStats you might see bots + spiders consuming a lot of bandwidth. Obviously we don’t want to block Googlebot and other legitimate crawlers, but we do want to block spammy ones.
I recommend adding this file to your .htaccess which blocks tons of known spammy bots including Ahrefs and other services that crawl sites for statistical purposes but increase CPU.
5. Configure Wordfence Crawl Rules
Wordfence lets you block individual IP addresses (shown in AWStates) but this is not a long-term solution as they constantly change – and you don’t want to block legitimate visitors. Since crawlers are most often the reason for high CPU usage, it’s really best to focus on those.
Be sure to tweak the Wordfence “options” tab to limit bandwidth consumed by this plugin:
- Do not “enable live traffic view”
- Do not “enable automatic scheduled scans”
- Do not “enable email summary”
- Enable “use low resource scanning”
- Decrease “limit the number of issues sent in the scan results email” to 500
- Do not enable “updates needed (plugin, theme, or core)”
- Increase “update interval in seconds (2 is default)” to 10-15 seconds
- Decrease “how much memory should Wordfence request when scanning” to 100MB
- Enable “delete Wordfence tables and data on deactivation”
- View Wordfence’s options page for more recommendations
6. Limit Crawl Rate By Google + Bing
Google is usually the most resource-hungry crawl bot (by far) and you can limit their crawl rate in the “site settings” section of Google Search Console. This lowers the requests made by Googlebot and does NOT affect your rankings or penalize you in any way. Unless you run a news website or publish time-sensitive content (and you have a hosting plan with sufficient resources), you don’t need Google crawling your site quickly and consuming tons of resources. Websites struggling with CPU usage should lower this – keep in mind it resets every month.
Google says this on their crawl rate page…
“If Google is making too many requests per second to your site and slowing down your server, you can limit the crawl rate… we recommend against limiting the crawl rate unless you are seeing server load problems that are definitely caused by Googlebot hitting your server too hard… you canot change the crawl rate for sites that are not at the root level.”
7. Clean Your Database
Deletes post revisions, spam, trash, transients, and database tables that accumulate overtime are often left behind when you uninstall plugins… making your site slower with higher CPU.
You should clean these at LEAST once a month using WP Rocket or WP-Optimize. They have similar settings with an automatic cleanup option (I highly recommend enabling this) but I like WP Rocket since it was rated the #1 cache plugin in this Facebook poll and has options for database cleanup + lazyloading images/videos/iframes. Most other cache plugins don’t have these extra options which means you also need to install WP-Optimize and a lazyload plugin.
8. Delete Unused Plugins/Themes
Unused themes store preconfigured settings in your WordPress database (similar to plugins). Go to Appearance > Themes then delete all the WordPress themes you’re not currently using.
9. Disable Unused Plugin Settings
Just like we tweaked Wordfence’s settings to reduce CPU usage created by the plugin, go through each one of your plugin settings and decide whether you need individual features. For example, in Yoast under Settings > General > Features I disabled all of the following…
Disable plugin settings that:
- Provide statistics
- Run ongoing scans
- Send admin or email notifications
- Pull resources from external websites
- WP Rocket’s preload bot
- Wordfence’s live traffic reports
- Broken Link Checker’s ongoing scans
- Yoast’s settings under Dashboard > Features
- Chat and calendar plugins that run constantly
- Statistical plugins that constantly collect data
- Related post and popular post plugins that store tons of data
10. Avoid Common High CPU Plugins
Most slow loading plugins include related post, statistic, sitemap, chat, calendar, page builders, and plugins that run ongoing scans/processes or show multiple times in your GTmetrix report.
- AdSense Click Fraud Monitoring
- Better WordPress Google XML Sitemaps
- Broken link checker
- Constant Contact for WordPress
- Contact Form 7
- Contextual Related Posts
- Digi Auto Links
- Disqus Comment System
- Divi builder
- Essential Grid
- Fuzzy SEO Booster
- Google XML Sitemaps
- NextGEN Gallery
- Reveal IDs
- Revolution Slider
- S2 member
- SEO Auto Links & Related Posts
- Similar Posts
- Slimstat Analytics
- Visual Composer
- WordPress Facebook
- WordPress Related Posts
- WordPress Popular Posts
- WP Statistics
- WP Power Stats
- Yet Another Related Post Plugin
- Yuzo Related Posts
The P3 Plugin used to be great for finding plugins with high CPU usage, but it hasn’t been updated for many years and probably won’t work on your site. An alternative solution is to run your site through GTmetrix and expand items in the Waterfall tab to see slow loading plugins…
11. Configure Optimal Cache Plugin Settings
Most people are using a cache plugin but don’t have it setup properly. It’s important because cache plugins have a TON of settings that reduce CPU usage: minifying files, combining files, specifying a cache validator, remove query strings from static resources, Cloudflare, others.
Cache Plugin Configuration Tutorials:
- WP Rocket Settings With Cloudflare + MaxCDN Instructions
- WP Fastest Cache Settings With Cloudflare + MaxCDN Instructions
- W3 Total Cache Settings With Cloudflare + MaxCDN Instructions
12. Offload Resources To Cloudflare/MaxCDN
Cloudflare and MaxCDN host your website files on multiple data centers around the world so your content is delivered from the closest data center to your visitors. This offloads resources to their data centers (reducing bandwidth consumption on your own server) and should also significantly improve load times for people who (used to be) geographically far away from your 1 origin server. Using a CDN is also a recommendation in the WordPress optimization guide.
MaxCDN vs. Cloudflare – Cloudflare is free and has over 115 data centers. It helps with both speed/security but they don’t provide support for the free plan. MaxCDN is $90/year with my coupon (or do a free 30 day trial) and has 54 data centers. One of the most valuable things about MaxCDN is their support team who helped me configure everything… they improved my GTmetrix YSlow score to nearly 100% with .5s load times. I would try using both if possible.
Cloudflare helps offload bandwidth consumption to their 115 data centers…
Step 1: Enable Cloudflare – most cache plugins (and hosting cPanels) have an option to enable Cloudflare which is free and helps with offloading some of your resources.
Step 2: Disable Hotlink Protection – protects websites from pasting YOUR images on THEIR website when the image is still hosted by you, which means you are consuming bandwidth from their website. In Cloudflare’s settings go to scrape shield > enable hotlink protection.
Step 4: Set Page Rules For WP-Admin – Cloudflare says “we recommend that you create a Page Rule to exclude the admin section of your website from Cloudflare’s performance features. Features such as Rocket Loader and Auto Minification may inadvertently break backend functions in your admin section.” Here are the 2 rules to create for your admin panel:
MaxCDN offloads it to 54 more data centers…
Step 2: Create a pull zone if you haven’t already (view tutorial).
Step 3: In your pull zone settings go to your pull zone and go to Manage → Settings. Find your CNAME which should look something like this: omm.onlinemedia.netdna-cdn.com
Step 4: Most cache plugins have an option to enter a CDN URL (below is WP Rocket’s) where you paste your CNAME. You can also use the CDN Enabler plugin if you don’t have this option.
13. Block Comment Spam
An ongoing accumulation of spam comments isn’t good for your CPU usage. The Anti-Spam plugin has always work well for me (I tested plenty of others) and it doesn’t use CAPTCHA.
14. Optimize Images
Your images might consume a lot of bandwidth in AWStats…
There are 3 ways to optimize images in GTmetrix…
- Serve scaled images – resize larges images to be smaller
- Specify image dimensions – specify a width/height in the HTML or CSS (screenshot)
- Optimize images – losslessly compress images (I recommend Imagify or Kraken)
Start by optimizing images that appear on multiple pages (logo, sidebar, footer images). Then run your most important pages through GTmetrix and optimize individual images on those. The first item you should work on is “serve scaled images” since this requires you to scale (resize) an image to the correction dimensions, upload the new version to WP, and replace it.
15. Avoid Editing Multiple Pages At Once
Leaving your WordPress dashboard open (especially in multiple windows) makes ongoing requests to your server. When you’re done working on your site, close the dashboard! Constantly previewing your posts isn’t good either. In AWStats, your own IP address is probably consuming the most bandwidth which makes sense if you’re constantly updating.
Try to avoid:
- Constantly publishing/previewing content
- Having multiple people work on your site at once
- Leaving your dashboard open especially in multiple tabs
16. Host Download Files On External Websites
I barely have any files to download on my website so the bandwidth is low enough where I don’t worry about this. But if you have tons of large files that suck up bandwidth when people download them, consider uploading them to Dropbox or another file sharing website and pointing people there. That way dropbox.com will be handling the bandwidth and not you.
17. Disable AWStats And cPanel Statistics
AWStats, Webalizer, and other statistical programs in the cPanel are good for identifying the source of high CPU usage, but these actually increase CPU just like any WordPress plugin that collects statistics. All I’m saying is that when you’re done using these, you should delete them.
18. Monitor RAM Usage
Make sure you have enough RAM so you’re not always on the edge of your limit. If it’s almost always maxed out, this puts stress on your CPU. You want to have enough resources so your server is relaxed. In this case, the 2GB of RAM was almost always maxed out, so upgrading to 4GB was a smart move. Most shared plans don’t let you add RAM (you’ll need to upgrade to a plan that includes more resources) but you can usually add them on most cloud hosting plans.
19. Use A Hosting Plan With Sufficient Server Resources
Generally, the higher the plan the more server resources you get (and yes, upgrading should cure CPU overages/bandwidth limitations). For example on SiteGround’s features page you can see how many server resources come with their StartUp vs. GrowBig vs. GoGeek plan. Just scroll down to the “we allocate the resources you need” and look under the server tab…
200ms Load Time On SiteGround
If you’re wondering what hosting I use, it’s SiteGround’s semi-dedicated GoGeek plan. It includes 4x more server resources than most $3.95/month plans and can handle more CPU usage. It should also reduce server response times, TTFB, and improve overall your site’s overall grades/load time. Between migrating from Bluehost to SiteGround then using their SG Optimizer to upgrade to PHP 7, this made a hell of a difference. Been with them for 3 years.
Here’s my Pingdom report…
My GTmetrix report…
People who migrated and posted results on Twitter…
And #1 in last year’s poll too…
Higher plans include more server resources (number of servers is the #1 factor in the WordPress optimization guide). You can see a full comparison chart of their StartUp vs. GrowBig vs. GoGeek plan but GrowBig gives you about 2x server resources as StartUp, and GoGeek is semi-dedicated hosting which gives you even more server resources. GrowBig + GoGeek come with priority support and you can host unlimited sites. Cloud hosting is quite the price jump at $80/year but comes with 2CPU + 4GB RAM and is even faster than GoGeek.
Here’s how many server resources come with each plan (shown on their features page)…
I like SiteGround because…
- They were #1 in 2017’s Facebook poll
- They were #1 in 2016’s Facebook poll
- They’re highly rated in thread after thread after thread
- Ivica runs the WordPress Speed Up Group and ranks them #1
- People who migrate usually see nice load time improvements
- Average load time is 1.3 but I have 200ms in Pingdom + .5s in GTmetrix
- Their speed technology uses SSDs, NGINX servers, HTTP/2, PHP7
- SG Optimizer keeps your site updated with the latest PHP version
- Their cloud hosting includes HHVM which is even faster than PHP7
- Choose from 5 data centers (select the one closest to your visitors)
- They’re the only hosted listed on all 3 WordPress, Joomla, Drupal pages
- Automatic daily backups
- Automatic WordPress updates
- Weekly security email notifications
- Their cPanel is easy to use (view demo)
- All plans come with a free Let’s Encrypt SSL
- They constantly release new security updates
- 1-Click Cloudflare activation makes it super easy
- I usually get 100% uptimes but 99.99% is guaranteed
- Support tickets are usually answered within 10 minutes
- SiteGround will migrate you for free (just fill out a ticket)
- SiteGround is NOT an EIG company (EIG has a horrible reputation)
- They are super helpful in Facebook Groups, WordCamps, community events
- Out of the 50 people I referred to SiteGround in July, not 1 person has cancelled
- Their semi-dedicated plan comes with 4x more server resources than regular shared hosting, 1-click WordPress staging, and PCI compliance if you run an eCommerce site
Let me know if this tutorial worked in the comments!