Make Magento 2 Faster in 5 Easy Steps

Posted at December 13, 2017 at 6:33 am by Ylber Popaj

Magento 2 is a complex and highly configurable eCommerce platform. It supports endless level of customization.  It lets you create a website with almost any functionality you can think of.

The price you pay for such a flexible eCommerce solution is performance. Magento 2 (M2) might be quite slow. I am sure you have seen people on the web searching for ways to speed it up.

I am going to share with you my 5 easy steps to fix a slow M2 site. You don’t need to have programming skills to implement them. Follow me.

  1. Perform 3rd-party Extensions Audit.
  2. Upgrade Hosting Plan.
  3. Use Production Mode.
  4. Disable JavaScript bundling and enable HTTP/2.
  5. Enable Full Page Cache and Varnish.

1. 3rd-party Extension Audit

Magento 2 functionality could be extended with custom 3rd-party plugins. You can develop your own extensions or buy them from various vendors. Most plugins are poorly coded. Unlike Magento core which was written by experts, custom extensions are coded by average programmers at most. With average skills and no appreciation for performance benchmarks. It is no wonder some 3rd-party extensions slow down a Magento 2 site. You need to do an audit to identify those plugins that affect site performance.

First get a list of all custom extensions. Go to Magento backend menu Stores > Configuration > Advanced > Advanced. You will see an output like this:

Those are all extensions that are installed on your Magento 2. Ones that start with Magento_ are core plugins and you should ignore them. Others are 3rd-party modules. Copy them to a special list ‘Custom Extensions’Now go through ‘Custom Extensions’ list and disable modules one by one. How do you disable a module? You will need SSH (Secure Shell) for that. Use SSH to login to the server and navigate to Magento root folder:

      cd /path/to/magento/root/folder 

Then issue a command to disable a module:

     php bin/magento module:disable Vendor_ModuleName 

After you disable an extension benchmark site speed. You can use an online tool WebPageTest.org.  Do you see a difference in page load time? If you do than that plugin is an abuser. Contact its vendor and ask for help. Or uninstall it or find an alternative. If there is no speed difference move to the next plugin. Sooner or later you will find a few extensions that are performance hogs.

2. Upgrade Hosting Plan

Magento 2 requires powerful hosting to deliver decent performance. If your M2 is running consistently slow it might be just screaming out loud – I need more CPU and RAM!

Here is a simple trick I use to determine whether a poor hosting plan is the reason for poor M2 performance:

  1. Download a fresh Magento 2 copy. Pick the same version you are currently running.
  2. Install and setup the fresh M2 copy on your hosting.
  3. Compare the fresh M2 performance versus the live site performance. You can use sites like WebPageTest.org to measure speed metrics.
  4. If the fresh M2 speed is significantly faster – your host is OK.
  5. If the fresh M2 is as slow as your live site – you need to upgrade the hosting plan. Get more CPU and RAM, make sure you use SSD.

If you find out you need a better hosting plan – contact your hosting company and ask for one. If you were using a shared plan – go with VPS. If you were using VPS go with a dedicated server. Explore your options.

3. Use Production Mode

There are three Magento 2 modes: default, developer and production. Magento 2 is designed to be fast only in production mode. You might be surprised how many M2 sites are slow only because they are in developer mode. The reasons vary: a developer forgot to switch M2 to production, a data entry specialist turned on developer mode for testing purposes and never turned it off. You need to make sure you run M2 site in production mode only. You can find out what mode you are in now by running this simple SSH command inside Magento root folder:

       php bin/magento deploy:mode:show 

You can turn on production mode with this command:

     php bin/magento deploy:mode:set production  

4. Disable JavaScript bundling and enable HTTP/2

This performance tip relates to known “feature” of Magento 2: if you enable JavaScript bundling your bundled JS file will be over 5Mb. Here is a bug report on GitHub https://github.com/magento/magento2/issues/4506.

5Mb file will kill M2 performance on slow mobile networks. You need to avoid that. Do not use JavaScript bundling option. It is not worth it. Go to Magento 2 backend menu Stores > Configuration > Advanced > Developer > Enable JavaScript Bundling and set JS bundling to No.

 

If you disable JavaScript bundling your frontend pages will request lots of individual JS files making lots of HTTP requests. That might be considered as a slow factor but only with HTTP/1.  Here comes HTTP/2. This protocol was designed to make sites with lots of HTTP requests fast. It does that and many other performance optimization tweaks that make M2 deliver decent performance.

Contact your hosting and ask if they support HTTP/2. Let them enable HTTP/2 for your Magento 2 store.

5. Full Page Cache

Magento 2 comes equipped with Full Page Cache. It means M2 can cache whole pages making time to first byte (TTFB) for cached pages around 500ms i.e. half a second. This is good news.  You need to make sure Full Page Cache is always on. Go to backend menu System > Cache Management and double check.  You might be surprised to see all your cache disabled. Your developer might have turned it off for testing purposes and forgot to put it back on. No wonder you are experiencing performance problems!

Magento 2 supports Varnish out of the box. Varnish is a special software that caches and serves static content. It helps with making TTFB as low as possible. Contact your hosting support team to have Varnished installed and configured on your server.

You can enable Varnish for Magento 2 Full Page Cache at backend menu Stores > Configuration > Advanced > System:

 

Summary

Those were my 5 tips to speed up Magento 2. They are field-proven and tested. I used them many times to optimize performance of slow M2 sites. I hope you find them useful.

About the author: Konstantin Gerasimov is a Magento Certified Developer with Goivvy.com. He specializes in backend development, speed optimization and extension creation.

 

Interserver partners with blog vault to feature migrate guru

Posted at November 17, 2017 at 8:17 pm by Stacey Talieres

  •  What is BlogVault and Migrate Guru?

BlogVault is a backup & security service that allows for daily and real-time automatic backups. It also provides malware scanning and one-click malware removal. BlogVault continues to deliver for customers with their extended features which offer Dedicated staging, Auto Restore, Test Restore and Migration; four very critical features that perform efficiently and heroically. To seal the deal, BlogVault designed Migrate Guru, a host-agnostic WordPress migration plugin! Here’s how it works.

  • Why InterServer showcases Migrate Guru?

InterServer recognizes BlogVaults’ extremely valuable usage in the WebHosting industry. By sharing common goals, to deliver a quality environment for customers, InterServer found this as a perfect opportunity. While a majority of Shared Web-Hosting Package customers download or actively use WordPress, Migrate Guru offers a great addition to their experience.

How It Works and Benefits of Using Migrate Guru:

  • Migrate Guru works under a simple and quick three step operation:
    1) A user must select a migration destination. An example would be, a Web Host you are moving your site too.
    2) Enter the requested details and fill out the form.
    3) Click ‘Migrate”. With a single click, your migration begins. It’s that simple!
  • Benefits of Using Migrate Guru:
    1) Migrations done 80% faster
    2) Any Size, Any Site – Migrate sites upto 200 GB in size with ease
    3) Guaranteed zero downtime, zero troubleshooting
    4) Migration to Any Host
    5) Completely Free

When to Use Migrate Guru?
The number one case scenario when to use Migrate Guru is when migrating to a new host! You may have an entire file system that you would like to transfer over but might not want to go through the technicalities of using FTP. Transferring files, especially in mass amounts, can easily become super stressful. That’s when Migrate Guru comes in. The process becomes easy and it’s completely free. InterServer proudly features this as part of our additional apps on our Standard Web Hosting Package.

 

Please refer to following links https://www.migrateguru.com/ & https://blogvault.net/ for more information regarding these valuable tools.

Time to Upgrade?

Posted at November 10, 2017 at 1:30 pm by Stacey Talieres

Our Standard Shared Hosting plan, while it offers endless features to service a website, might be insufficient in effort to expanding your successful and growing business. Fortunately, InterServer offers a perfect upgrade system for your expansion. First, lets answer a few common questions:

How do I know when I should upgrade?

If any of the following topics may relate to your circumstances, then it may be time to upgrade!

  • Increased Traffic
    1. i) The more traffic a site has the more stress its performance takes. In other words, as traffic increases, performance decreases!
  • Administrative access to server
    1. i) With a VPS or Dedicated Server you have FULL control over your server.
  • Dedicated IP’s
    1. i) By having a dedicated IP you are adding more security and protection from abusive customers. In addition, you are establishing your own identity as a business.
  • Customization
    1. i) By upgrading to a VPS you have plenty of options to suit your needs. Here are examples how you can navigate through the many different CPU cores and memory.
    2. ii) Link : https://www.interserver.net/vps/

This awesome scroll navigation bar allows you to adjust a VPS to your specific requirements. Note: Planning ahead is important and it is highly recommended to avoid purchasing a build you plan to max out. In addition, at 4 ‘slices’ as selected in the image above, InterServer offers a Fully Managed service where we would be glad to assist on any technicalities with the server. With a fully managed vps, something as simple as installing an application for you can easily be done through an on-site call or our ticket system.

  • Planning Ahead
    1. i) By upgrading to a high tier VPS or dedicated server you allow yourself to enjoy the comfort of not having to worry about maximizing your resources. This is why planning ahead is crucial. As business grows, you will have the time to upgrade accordingly.

How much will this cost?

  • A solid build recommended by InterServer for a growing website/business would be a 4 slice Linux VPS, with cPanel. Price per month : $ 34.00.

 

cPanel allows for the management of your VPS with easy to navigate options. 

Navigating through our navigation bar will not only allow you to choose something suitable for specifications, but also pricing! You can begin with a $ 6 / month VPS with one slice and no control panel just to get a taste of what the next step is.

How long does it take to upgrade?

If you already have an account with InterServer here are the steps on upgrading!

  • Login to my.interserver.net
  • Click on support tab on the top right of the page.

  • Click on ‘Open New Ticket’ tab

  • Select the necessary product that you would like to upgrade.
  • On the ‘Detailed Description Of The Issue’ option, please provide the specifications that you would like to upgrade to. If you have any questions or uncertainties in regards to what you should be upgrading to, please ask! Our team is always willing to assist.
  • Kindly wait for a representative to respond and get you upgraded within 1-3 hours!

If you have an existing VPS with InterServer, you can follow the same steps as above to increase the number of slices at any time.

Ultimately, the goal is to allocate enough resources wisely to have your business or personal agenda uninterrupted and well underway to success!

 

 

 

InterServer Travels at LiteSpeed

Posted at November 1, 2017 at 12:00 am by Stacey Talieres

LiteSpeed Banner

How InterServer utilizes LiteSpeed software to power our shared cPanel web-hosting. Here’s a look on what goes on behind the scenes!

Shared hosting is a very common subscription and requires high maintenance. InterServers main goal is to offer shared web-hosting that is reliable, secure, and powerful! Through LiteSpeed, we are able to offer just that.

What is LiteSpeed?

LiteSpeed is a software application that runs on a web server. Its purpose is to improve  performance by conserving resources without sacrificing performance, security, compatibility, or convenience.

A graph example from litespeedtech.com proves the high performance of its product on a WordPress site.

LiteSpeed WordPress Speed Improvements

It is important to note that LiteSpeed does not only improve WordPress sites, but many other server applications as well!

Performance and Load Management

LiteSpeed offers unique aspects when enhancing server performance. Firstly, the software creates an ease on memory and CPU. It continues to even improve the performance of scripts that are ran on the server. Lastly, LiteSpeed aids in load balancing heavy spikes that may strike the servers. In worst case scenarios, a DDOS attack.

Because LiteSpeed offers performance, security, and compatibility, it is highly valuable to our servers! InterServer utilizes these features to enhance your customer experience.

How LiteSpeed Helps You!

Since a shared hosting packages performance is based on the servers that it is hosted on, it is critical that the server itself is managed as efficiently as possible. LiteSpeed creates an efficient environment and here’s how it helps you:

  • LiteSpeed guarantees not only the increased speed rate of scripts and data processing but the overall health of hardware. This guarantees long-term safety of your data.
  • Shared Hosting experience with top speeds and storage. Have a large scale website that has many components to it? LiteSpeed allows the processing of large scale sites made easy and fast.
  • Increased Security. LiteSpeed contains a built in anti-DDOS system. Additionally, you may use Apache security functions.
  • Apache Compatibility.

 

The Dangers of Human Error in WordPress Hosting & How to Protect Your Brand

Posted at October 16, 2017 at 5:42 am by Stacey Talieres

As a longtime fan of WordPress, working on my former employer’s website pained me. I compared the organization’s online presence to a kindergartener’s craft project—held together with macaroni noodles and paste. 

The website looked fairly modern to visitors, but the backend was a disaster. The theme had been customized beyond recognition, meaning updates would require days of rebuilding that we couldn’t afford. Our performance and security continually suffered, and I spent tons of time beating back the malware, pharmaceutical ads, and SQL injections. 

The person who originally created the website was a fantastic graphic designer but knew very little about running a website. He naturally chose WordPress, the world’s most popular content management system, and did his best to keep up with the various requests and ideas that sprung up across the office. 

Over time, our brand suffered from what turned out to be unsound and unintentional mistakes and bad decisions. When properly managed and hosted, however, WordPress does wonders for efficient workflows and improved user experiences. Below, I’ve outlined the top five lessons I’ve learned or witnessed through many years of hosting, building, and fixing WordPress sites.

Mistake #1: Choosing a Cheap Host Instead of One That Brings Value

Although nearly every reputable hosting provider offers an ultra-simple one-click installation of WordPress, not all companies have invested in the modern infrastructure required to run the platform efficiently.

Upgraded hardware, such as faster-performing solid-state drives, can come with added costs. While it’s certainly understandable to seek out the most affordable hosting plan for your website, you risk getting exactly what you paid for.

Instead of looking for the cheapest option, search for the biggest bargain. Many hosts—InterServer included—offer upgraded services, support, and a surprising number of features for $5 or less per month.

With SSD-powered infrastructure, free SSL certificates, and unlimited storage, bandwidth, and email accounts, InterServer shared hosting delivers long-term value and peace of mind to WordPress users. The company takes shared hosting security seriously, even launching a five-pronged malware and prevention system called InterShield in mid-2017.

Mistake #2: Installing Suspect Plugins—And Then Not Updating Them

While there are certainly several must-have WordPress plugins, some might actually do more long-term harm than good. According to the WPScan Vulnerability Database, plugins account for more than half of the known WordPress vulnerabilities. WordPress core files account for about 30% of the weaknesses, with themes covering roughly 15% of the remaining deficiencies.

When looking to install a plugin, look first at the options that have been installed the most number of times. If thousands or millions of users trust a plugin, the program is probably pretty reliable. Similarly, take stock of the plugin’s ratings and notice when the code was last updated. Frequent revisions are a sign that the developers are actively keeping up with security concerns and usability features. 

Mistake #3: Using the Infamous Admin Username or Having Weak Passwords

Until WordPress 3.0 was released in 2010, the platform automatically set up new sites with an administrative username of—you guessed it—admin. This spawned a feeding frenzy of brute force attacks, as intruders didn’t need to guess an account’s username, just the password.

Even though WordPress ended that practice, the admin username is a major weak spot for unsuspecting site owners. Similarly, using a password of “123456” or “admin” or—cringe— “password” is likely going to accomplish exactly what one might expect. Strong passwords are critically important to successful WordPress usage, as well as limited login attempts (more on that later), and two-factor authentication.

Mistake #4: Thinking You Know How to Edit Theme and Core Files

Being able to edit a theme or plugin file directly from the WordPress interface might be convenient for the most experienced developers, but it represents a major security hole for most users. As if an intruder having unfettered access to the inner workings of your site isn’t scary enough, self-inflicted problems and broken code are incredibly common.

Limit the ability for you or your colleagues to introduce vulnerabilities to your website’s code by establishing and maintaining WordPress users roles and capabilities—give people the least amount of access needed. To take matters a step further, you can actually disable the WordPress theme and plugin editor by inserting define(‘DISALLOW_FILE_EDIT’, true); in the site’s wp-config.php file. You’ll still be able to access the files through FTP access, if you’re daring and desperate enough to still need to edit those files. 

Mistake #5: Leaving Yourself Open to Attack by Not Configuring Properly

The popularity and widespread use of WordPress understandably makes the platform a major target for attackers. New malicious strategies now enable intruders to find and infiltrate fresh WordPress installations within 30 minutes of paying for a web hosting plan.

With just a few quick adjustments, however, you can help your website turn back the large majority of attacks. Start by installing a plugin that caps the number of login attempts; we recommend Limit Login Attempts Reloaded for standing up to brute force strikes. This 10-point guide includes several other code snippets you can add to various configuration files to block access to important WordPress directories and prevent certain suspicious behaviors.

Building Online Brands Often Includes a Polarized WordPress Experience

Admittedly, the much-loved open-source publishing platform does not come without a few quirks. Even experienced developers have a love/hate relationship with WordPress, as a 2017 survey showed that, while roughly 35% of developers loved working with the content management system, about 65% dreaded using WordPress.

The platform’s undeniable usability and simplicity, however, make WordPress a go-to option when looking to build an online brand—if you know a little bit about what you’re doing. InterServer provides customers with an easy-to-follow checklist of the top 10 ways to secure WordPress.

Mercifully, I eventually got the green light to redesign and relaunch my former employer’s website. Nearly all of the site’s ailments disappeared once I installed a new theme and a host of plugins, and switched to a better hosting provider. I still spent more time than I wanted running backups, updates, and security scans, but at least I could establish the best practices and routines needed to maintain the site well past my eventual departure.

Laura Stamey writes, designs, and develops for HostingAdvice as a Contributing Editor for Digital Brands, Inc. The HostingAdvice team boasts more than 50 years of combined experience building and scaling personal projects and industry-leading websites and applications.