← WordPress View source for WordPress You do not have permission to edit this page, for the following reason: The action you have requested is limited to users in the group: Users. You can view and copy the source of this page. == WordPress == WordPress is a popular content management system (CMS) that allows users to easily create and manage websites. {{Caution|WordPress is known to require a lot of server resources, as it's not very well optimized. Also, the more pages or plugins a WordPress site has, the bigger the site load will be. Exceeding the account load limits will cause your user account to be [[:Suspension_Policy#High_Server_Usage|suspended for high server usage]] on our [[:Tommy|Tommy]] and [[:Johnny|Johnny]] servers. Accounts on our [[:Morty|Morty]] server will not be suspended but will be charged for account load overages. If you use WordPress, we recommend you [https://heliohost.org/dashboard/load/ monitor your site load here]. If at any point you become concerned about your account server usage load getting you suspended, you can add "deny from all" to the bottom of your '.htaccess' file to take the site offline. Once that's been done, the site should stop generating load practically instantly.}} == But my WordPress Site is Brand New / Has No Plugins / Gets Hardly Any Visitor Traffic == WordPress causes 0 load with 0 traffic, but sites built with WordPress are prime targets for bot attacks. When bots discover your site URL address, they will keep trying to hack in, which causes load on the server resources. Even if your WordPress install is brand new, with no plugins, and your site gets few visitors, there is still a risk of bots spamming your site. This could cause your account to be [[:Suspension_Policy#High_Server_Usage|suspended for high server usage]] on our [[:Tommy|Tommy]] and [[:Johnny|Johnny]] servers. Accounts on our [[:Morty|Morty]] server will not be suspended but will be charged for account load overages Additionally, a lot of free themes and plugins can be backdoors for hackers, and installing them comes with risks. Once bots access your site, they will 'phone home' which then enables hackers to change your site files, set up phishing sites, send spam from your account, etc. == How Much Server Load Could It Cause? == WordPress was one of the apps we load tested, with the benchmark testing results posted on our [[:Common_Software_Load|Common Software Load]] page. Here are [https://helionet.org/index/topic/57357-solved-disconnect-addon-domain/?do=findComment&comment=252857 some comparison calculations] about how much demand on the server WordPress can cause. == How Can I Keep My Server Load Low? == Our first recommendation is to switch to anything other than WordPress. === WordPress Alternatives === * Some of our users have switched from WordPress to '''Joomla''' and liked it. * '''Drupal''' performed well in our recent benchmark load tests. * Another popular alternative is '''Gatsby'''. You can check out a guide on migrating your site [https://www.gatsbyjs.com/blog/2019-03-21-migrating-from-wordpress-to-gatsby/ here] or follow our quick [[:Gatsby|Gatsby tutorial]] to set up a basic site from scratch. * For static blog generators, '''Publii''' may be an option for you. Please note that as it's local, you will need to upload every time you post. It's not for Android or iOS, and it cannot be synced unless you use a cloud syncing service for the local files. You can check out a guide on how to import data from your WordPress site into Publii [https://getpublii.com/docs/import-wordpress-into-static-html-site.html here]. * '''Jekyll''' is a popular static site generator. * '''Hugo''' is one of the most popular open-source static site generators. * '''Grav''' is an open-source flat-file CMS (Content Management System). * '''Eleventy''' (11ty) offers a simple 'zero-config' option to quickly get a site built. Since it runs on Node, which consumes a lot of memory, we recommend running the build process locally, and then deploying the static pages to your hosting account. * '''Astro''' is a modern, fast, and flexible web framework. Our [[:Astro|Astro tutorial]] guides you through building and deploying a site with a dedicated blog section. === How To Reduce WordPress Server Load === If moving away from WordPress is not an option for you, here are other things to try: * Update everything to the latest version. * Disable uptime monitors. * Disable logins. * Disable unneeded plugins and themes. * Use caching plugins to reduce the load (users have mentioned that '''WP Fastest Cache''' plugin can be useful). * Use Cloudflare caching. * Use Cloudflare and the '''Super Page Cache for Cloudflare''' WordPress plugin to [https://helionet.org/index/topic/57606-handling-cpu-load-spikes-or-high-load-using-cloudflare/ mitigate load spikes or other high load issues]. ** If Super Page Cache for Cloudflare tells you to disable the options "Smart static files processing" and "Serve static files directly by Nginx" on the "Apache & Nginx Settings" page of your Plesk panel, you can change these settings yourself by navigating to: '''Login > Plesk > Websites & Domains > [domain] > Hosting & DNS > Apache & Nginx > Uncheck the 'smart static files processing box' and make sure the 'Serve static files directly by Nginx' box is also unchecked.''' * Actively monitor your access logs and look for IPs with an unreasonably high number of hits/page views. ** Block any suspicious / abusive IPs by adding <code>Deny from x.x.x.x</code> to your '.htaccess' file, or block them with Cloudflare if you have a custom domain. ** To check site stats, navigate to: '''Plesk > Statistics > Web Statistics > your domain > [View].''' * Convert to a static site. ** Users have mentioned '''WP2Static''' as being a useful plugin that converts WordPress sites to static sites. ** Explore [https://jamstack.org/generators/ this list of Open Source static site generators] to find alternatives. * Upgrade to a VPS. {{Template:VPSInfo}} ** You can ask us to install Hestia, a free and popular control panel, on your [https://heliohost.org/vps/ VPS] for you. Hestia includes a one-click WordPress installation feature. Preview the setup steps in our [[:VPS_WordPress | Installing WordPress on a VPS running Hestia Control Panel tutorial]]. == Abusive IPs == HelioHost needed to block the below IP addresses and IP Ranges since some of our WordPress users were under attack from bots coming from these sources. If you use WordPress, we strongly recommend that you add the below to your own .htaccess file to proactively protect your site from IPs known to be abusive. <pre> # added by HelioHost - hacking attempt Deny from 165.22.48.216 Deny from 52.169.95.1 Deny from 52.164.121.3 # these ranges are bots running at Digital Ocean who seems to have an abuse hosting problem Deny from 104.248.0.0/16 Deny from 104.131.0.0/16 Deny from 104.236.0.0/16 Deny from 165.232.0.0/16 Deny from 107.170.0.0/16 Deny from 128.199.0.0/16 Deny from 134.122.0.0/16 Deny from 134.199.128.0/17 Deny from 134.209.0.0/16 Deny from 137.184.0.0/16 Deny from 157.245.0.0/20 Deny from 152.42.191.0/24 Deny from 152.42.197.0/24 </pre> If your site is under attack from other IPs or IP Ranges, you can [[:Contributing_to_the_Wiki | edit the Wiki]] to add more details. Templates used on this page: Template:Caution (view source) Template:VPSInfo (view source) Return to WordPress.