Magento 2 is a complex and highly configurable eCommerce platform. It supports endless level of customization. It lets you create a website with almost any functionality you can think of.
The price you pay for such a flexible eCommerce solution is performance. Magento 2 (M2) might be quite slow. I am sure you have seen people on the web searching for ways to speed it up.
I am going to share with you my 5 easy steps to fix a slow M2 site. You don’t need to have programming skills to implement them. Follow me.
Magento 2 functionality could be extended with custom 3rd-party plugins. You can develop your own extensions or buy them from various vendors. Most plugins are poorly coded. Unlike Magento core which was written by experts, custom extensions are coded by average programmers at most. With average skills and no appreciation for performance benchmarks. It is no wonder some 3rd-party extensions slow down a Magento 2 site. You need to do an audit to identify those plugins that affect site performance.
First get a list of all custom extensions. Go to Magento backend menu Stores > Configuration > Advanced > Advanced. You will see an output like this:
Those are all extensions that are installed on your Magento 2. Ones that start with Magento_ are core plugins and you should ignore them. Others are 3rd-party modules. Copy them to a special list ‘Custom Extensions’. Now go through ‘Custom Extensions’ list and disable modules one by one. How do you disable a module? You will need SSH (Secure Shell) for that. Use SSH to login to the server and navigate to Magento root folder:
Then issue a command to disable a module:
php bin/magento module:disable Vendor_ModuleName
After you disable an extension benchmark site speed. You can use an online tool WebPageTest.org. Do you see a difference in page load time? If you do than that plugin is an abuser. Contact its vendor and ask for help. Or uninstall it or find an alternative. If there is no speed difference move to the next plugin. Sooner or later you will find a few extensions that are performance hogs.
Magento 2 requires powerful hosting to deliver decent performance. If your M2 is running consistently slow it might be just screaming out loud – I need more CPU and RAM!
Here is a simple trick I use to determine whether a poor hosting plan is the reason for poor M2 performance:
If you find out you need a better hosting plan – contact your hosting company and ask for one. If you were using a shared plan – go with VPS. If you were using VPS go with a dedicated server. Explore your options.
There are three Magento 2 modes: default, developer and production. Magento 2 is designed to be fast only in production mode. You might be surprised how many M2 sites are slow only because they are in developer mode. The reasons vary: a developer forgot to switch M2 to production, a data entry specialist turned on developer mode for testing purposes and never turned it off. You need to make sure you run M2 site in production mode only. You can find out what mode you are in now by running this simple SSH command inside Magento root folder:
php bin/magento deploy:mode:show
You can turn on production mode with this command:
php bin/magento deploy:mode:set production
Contact your hosting and ask if they support HTTP/2. Let them enable HTTP/2 for your Magento 2 store.
Magento 2 comes equipped with Full Page Cache. It means M2 can cache whole pages making time to first byte (TTFB) for cached pages around 500ms i.e. half a second. This is good news. You need to make sure Full Page Cache is always on. Go to backend menu System > Cache Management and double check. You might be surprised to see all your cache disabled. Your developer might have turned it off for testing purposes and forgot to put it back on. No wonder you are experiencing performance problems!
Magento 2 supports Varnish out of the box. Varnish is a special software that caches and serves static content. It helps with making TTFB as low as possible. Contact your hosting support team to have Varnished installed and configured on your server.
You can enable Varnish for Magento 2 Full Page Cache at backend menu Stores > Configuration > Advanced > System:
Those were my 5 tips to speed up Magento 2. They are field-proven and tested. I used them many times to optimize performance of slow M2 sites. I hope you find them useful.
About the author: Konstantin Gerasimov is a Magento Certified Developer with Goivvy.com. He specializes in backend development, speed optimization and extension creation.
Posted at November 17, 2017 at 8:17 pm by Stacey Talieres
BlogVault is a backup & security service that allows for daily and real-time automatic backups. It also provides malware scanning and one-click malware removal. BlogVault continues to deliver for customers with their extended features which offer Dedicated staging, Auto Restore, Test Restore and Migration; four very critical features that perform efficiently and heroically. To seal the deal, BlogVault designed Migrate Guru, a host-agnostic WordPress migration plugin! Here’s how it works.
InterServer recognizes BlogVaults’ extremely valuable usage in the WebHosting industry. By sharing common goals, to deliver a quality environment for customers, InterServer found this as a perfect opportunity. While a majority of Shared Web-Hosting Package customers download or actively use WordPress, Migrate Guru offers a great addition to their experience.
How It Works and Benefits of Using Migrate Guru:
When to Use Migrate Guru?
The number one case scenario when to use Migrate Guru is when migrating to a new host! You may have an entire file system that you would like to transfer over but might not want to go through the technicalities of using FTP. Transferring files, especially in mass amounts, can easily become super stressful. That’s when Migrate Guru comes in. The process becomes easy and it’s completely free. InterServer proudly features this as part of our additional apps on our Standard Web Hosting Package.
Our Standard Shared Hosting plan, while it offers endless features to service a website, might be insufficient in effort to expanding your successful and growing business. Fortunately, InterServer offers a perfect upgrade system for your expansion. First, lets answer a few common questions:
How do I know when I should upgrade?
If any of the following topics may relate to your circumstances, then it may be time to upgrade!
This awesome scroll navigation bar allows you to adjust a VPS to your specific requirements. Note: Planning ahead is important and it is highly recommended to avoid purchasing a build you plan to max out. In addition, at 4 ‘slices’ as selected in the image above, InterServer offers a Fully Managed service where we would be glad to assist on any technicalities with the server. With a fully managed vps, something as simple as installing an application for you can easily be done through an on-site call or our ticket system.
How much will this cost?
cPanel allows for the management of your VPS with easy to navigate options.
Navigating through our navigation bar will not only allow you to choose something suitable for specifications, but also pricing! You can begin with a $ 6 / month VPS with one slice and no control panel just to get a taste of what the next step is.
How long does it take to upgrade?
If you already have an account with InterServer here are the steps on upgrading!
If you have an existing VPS with InterServer, you can follow the same steps as above to increase the number of slices at any time.
Ultimately, the goal is to allocate enough resources wisely to have your business or personal agenda uninterrupted and well underway to success!
Shared hosting is a very common subscription and requires high maintenance. InterServers main goal is to offer shared web-hosting that is reliable, secure, and powerful! Through LiteSpeed, we are able to offer just that.
What is LiteSpeed?
LiteSpeed is a software application that runs on a web server. Its purpose is to improve performance by conserving resources without sacrificing performance, security, compatibility, or convenience.
A graph example from litespeedtech.com proves the high performance of its product on a WordPress site.
It is important to note that LiteSpeed does not only improve WordPress sites, but many other server applications as well!
Performance and Load Management
LiteSpeed offers unique aspects when enhancing server performance. Firstly, the software creates an ease on memory and CPU. It continues to even improve the performance of scripts that are ran on the server. Lastly, LiteSpeed aids in load balancing heavy spikes that may strike the servers. In worst case scenarios, a DDOS attack.
Because LiteSpeed offers performance, security, and compatibility, it is highly valuable to our servers! InterServer utilizes these features to enhance your customer experience.
How LiteSpeed Helps You!
Since a shared hosting packages performance is based on the servers that it is hosted on, it is critical that the server itself is managed as efficiently as possible. LiteSpeed creates an efficient environment and here’s how it helps you:
Posted at October 16, 2017 at 5:42 am by Stacey Talieres
As a longtime fan of WordPress, working on my former employer’s website pained me. I compared the organization’s online presence to a kindergartener’s craft project—held together with macaroni noodles and paste.
The website looked fairly modern to visitors, but the backend was a disaster. The theme had been customized beyond recognition, meaning updates would require days of rebuilding that we couldn’t afford. Our performance and security continually suffered, and I spent tons of time beating back the malware, pharmaceutical ads, and SQL injections.
The person who originally created the website was a fantastic graphic designer but knew very little about running a website. He naturally chose WordPress, the world’s most popular content management system, and did his best to keep up with the various requests and ideas that sprung up across the office.
Over time, our brand suffered from what turned out to be unsound and unintentional mistakes and bad decisions. When properly managed and hosted, however, WordPress does wonders for efficient workflows and improved user experiences. Below, I’ve outlined the top five lessons I’ve learned or witnessed through many years of hosting, building, and fixing WordPress sites.
Mistake #1: Choosing a Cheap Host Instead of One That Brings Value
Although nearly every reputable hosting provider offers an ultra-simple one-click installation of WordPress, not all companies have invested in the modern infrastructure required to run the platform efficiently.
Upgraded hardware, such as faster-performing solid-state drives, can come with added costs. While it’s certainly understandable to seek out the most affordable hosting plan for your website, you risk getting exactly what you paid for.
Instead of looking for the cheapest option, search for the biggest bargain. Many hosts—InterServer included—offer upgraded services, support, and a surprising number of features for $5 or less per month.
With SSD-powered infrastructure, free SSL certificates, and unlimited storage, bandwidth, and email accounts, InterServer shared hosting delivers long-term value and peace of mind to WordPress users. The company takes shared hosting security seriously, even launching a five-pronged malware and prevention system called InterShield in mid-2017.
Mistake #2: Installing Suspect Plugins—And Then Not Updating Them
While there are certainly several must-have WordPress plugins, some might actually do more long-term harm than good. According to the WPScan Vulnerability Database, plugins account for more than half of the known WordPress vulnerabilities. WordPress core files account for about 30% of the weaknesses, with themes covering roughly 15% of the remaining deficiencies.
When looking to install a plugin, look first at the options that have been installed the most number of times. If thousands or millions of users trust a plugin, the program is probably pretty reliable. Similarly, take stock of the plugin’s ratings and notice when the code was last updated. Frequent revisions are a sign that the developers are actively keeping up with security concerns and usability features.
Mistake #3: Using the Infamous Admin Username or Having Weak Passwords
Until WordPress 3.0 was released in 2010, the platform automatically set up new sites with an administrative username of—you guessed it—admin. This spawned a feeding frenzy of brute force attacks, as intruders didn’t need to guess an account’s username, just the password.
Even though WordPress ended that practice, the admin username is a major weak spot for unsuspecting site owners. Similarly, using a password of “123456” or “admin” or—cringe— “password” is likely going to accomplish exactly what one might expect. Strong passwords are critically important to successful WordPress usage, as well as limited login attempts (more on that later), and two-factor authentication.
Mistake #4: Thinking You Know How to Edit Theme and Core Files
Being able to edit a theme or plugin file directly from the WordPress interface might be convenient for the most experienced developers, but it represents a major security hole for most users. As if an intruder having unfettered access to the inner workings of your site isn’t scary enough, self-inflicted problems and broken code are incredibly common.
Limit the ability for you or your colleagues to introduce vulnerabilities to your website’s code by establishing and maintaining WordPress users roles and capabilities—give people the least amount of access needed. To take matters a step further, you can actually disable the WordPress theme and plugin editor by inserting define(‘DISALLOW_FILE_EDIT’, true); in the site’s wp-config.php file. You’ll still be able to access the files through FTP access, if you’re daring and desperate enough to still need to edit those files.
Mistake #5: Leaving Yourself Open to Attack by Not Configuring Properly
The popularity and widespread use of WordPress understandably makes the platform a major target for attackers. New malicious strategies now enable intruders to find and infiltrate fresh WordPress installations within 30 minutes of paying for a web hosting plan.
With just a few quick adjustments, however, you can help your website turn back the large majority of attacks. Start by installing a plugin that caps the number of login attempts; we recommend Limit Login Attempts Reloaded for standing up to brute force strikes. This 10-point guide includes several other code snippets you can add to various configuration files to block access to important WordPress directories and prevent certain suspicious behaviors.
Building Online Brands Often Includes a Polarized WordPress Experience
Admittedly, the much-loved open-source publishing platform does not come without a few quirks. Even experienced developers have a love/hate relationship with WordPress, as a 2017 survey showed that, while roughly 35% of developers loved working with the content management system, about 65% dreaded using WordPress.
The platform’s undeniable usability and simplicity, however, make WordPress a go-to option when looking to build an online brand—if you know a little bit about what you’re doing. InterServer provides customers with an easy-to-follow checklist of the top 10 ways to secure WordPress.
Mercifully, I eventually got the green light to redesign and relaunch my former employer’s website. Nearly all of the site’s ailments disappeared once I installed a new theme and a host of plugins, and switched to a better hosting provider. I still spent more time than I wanted running backups, updates, and security scans, but at least I could establish the best practices and routines needed to maintain the site well past my eventual departure.
Laura Stamey writes, designs, and develops for HostingAdvice as a Contributing Editor for Digital Brands, Inc. The HostingAdvice team boasts more than 50 years of combined experience building and scaling personal projects and industry-leading websites and applications.