I had serious issues with CPU overages on my WordPress site.
All this means is we need to reduce the amount of resources consumed by high CPU plugins, images, wp-cron, databases, external requests (usually generated by plugins), comment spam, and prevent spammy bots from crawling your website using the Blackhole For Bad Bots plugin.
When you’re done, hopefully your CPU graph looks like this:
By reducing CPU usage, you will be putting less stress on your server, making your site faster. Hosting companies want you to upgrade your plan which does work since you will be getting more server resources, but you should try these alternatives before reaching into your pocket.
If you’re using slow hosting like EIG or GoDaddy, I would seriously reconsider. I use SiteGround who is also used by Yoast, recommended by WordPress, and was #1 in 20+ Facebook polls. I’m on their semi-dedicated GoGeek plan and not only are my server response times well under 200ms, but my GTmetrix report is pretty much unbeatable. They will also migrate you for free.
1. Check CPU Usage In AWStats
AWStats is built-in to most cPanels (SiteGround, Bluehost, GoDaddy) in their “statistics” section and can help identify the source of high CPU. It tells you how much bandwidth specific elements are consuming including unknown bots, images, pages, files, downloaded files, etc.
AWStats helps you find:
- Total bandwidth usage
- High bandwidth crawlers
- High bandwidth IP addresses
- High bandwidth download files
- High bandwidth files (eg. images)
If unknown bots are consuming CPU, try blocking spam bots with Blackhole For Bad Bots.
Server Response Time
High CPU can also lead to slow response times, which you can test in Bitcatcha or PageSpeed Insights. Google says it should be under 200ms. Of course, this is mostly controlled by hosting.
2. Eliminate High CPU Plugins
These resource-hungry plugins are CPU killers.
High CPU plugins usually include social share, statistic, chat, calendar, page builders, backup, and plugins that run ongoing scans/processes or show multiple times in your GTmetrix report.
Find Slow Loading Plugins
If the same plugin appears multiple times in your GTmetrix Waterfall report, you may want to find an alternative plugin that is more lightweight. External requests can also destroy your report (eg. from Google Fonts, Gravatars, AdSense, and the high CPU plugins I mentioned).
Query Monitor shows your slowest plugins, scripts, styles, queries, hooks, PHP errors, and a wealth of information to pinpoint speed issues. This may require some technical knowledge, but it’s worth hiring a developer who can make optimizations with the help of Query Monitor.
3. Remove Bloat With Clearfy
By “bloat” I am referring to the heartbeat API, autosaves, post revisions, pingbacks, and all the “miscellaneous” things that consume resources and should be disabled for most sites. The top 3 plugins to disable these are Clearfy (recommended), perfmatters by Kinsta, and WP Disable.
Option 1: Clearfy
Option 2: Perfmatters By Kinsta ($25/Year)
Option 3: WP Disable
4. Disable WP-Cron
The wp-cron is loaded on every page load and schedules automated tasks like publishing scheduled posts, checking for theme and plugin updates, and sending email notifications. Instead of running it on every page load, you can schedule it to run every 90 minutes or so.
Step 1: Disable WP Cron Jobs
Add the code to wp-config.php, before where it says “That’s all, step editing! Happy blogging.”
Step 2: Replace With A Real Cron Job
You still need wp-cron (eg. checking for theme/plugin updates), just not on every page load. Each host has their own instructions for this, here is SiteGround’s tutorial. You can set the cron job to run every 90 minutes, or increase it even more if you don’t have lots of scheduled tasks.
5. Clean Your Database
Deletes post revisions, spam, trash, transients, and database tables that accumulate overtime are often left behind when you uninstall plugins… making your site slower with higher CPU.
You should clean these at LEAST once a month using WP Rocket or WP-Optimize. They have similar settings with an automatic cleanup option (I highly recommend enabling this) but I like WP Rocket since it was rated the #1 cache plugin in this Facebook poll and has options for database cleanup + lazy loading images/videos/iframes. Most other cache plugins don’t have these extra options which means you also need to install WP-Optimize and a lazy load plugin.
6. Upgrade To PHP 7+
About 50% of WordPress users run PHP 5.6 or lower:
When upgrading to PHP 7+ can process requests almost 3x faster:
SiteGround (and most hosts) have an option to upgrade in their cPanel:
I recommend PHP 7.2:
The last step is to check your website for errors. If you see any, run the PHP Compatibility Checker to make sure your plugins are compatible. Poorly-maintained plugins may not be.
7. Offload Resources To CDNs
CDNs reduce the load on your server by offloading resources to their data centers. Each CDN has their own set of data centers, and more data centers = more offloading (and faster delivery of your content). I use both Cloudflare (free) and StackPath ($10/month with free 30-day trial).
Cloudflare offloads resources to their 150+ data centers:
Sign up for Cloudflare, add your site, and run the scan. You’ll come to a page where Cloudflare assigns you 2 nameservers. Then in your hosting account, change nameservers to Cloudflare’s.
StackPath offloads resources to 31 additional data centers:
Step 1: Sign up for StackPath (they have a 30-day trial).
Step 2: In the dashboard, click the CDN tab, then create a StackPath CDN Site:
Step 3: Copy your CDN URL and paste into your cache plugin (you can also use CDN Enabler).
Step 4: In StackPath go to CDN → Cache Settings, then click Purge Everything…
Step 5: Run your site in GTmetrix and “content delivery network” should be green in YSlow.
8. Enable Hotlink Protection
Hotlink protection can be enabled in Cloudflare (or sometimes your hosting account). This prevents people from copying/pasting your images onto their own website, which sucks up bandwidth. This usually happens if you have high quality images on your site (eg. photography).
9. Block Bad Bots
In AWStats, you might see bots + spiders consuming a lot of bandwidth. Obviously we don’t want to block Googlebot and other legitimate crawlers, but we do want to block spammy ones.
Step 1: Install Wordfence.
Step 2: View Your Live Traffic Report (in Wordfence’s Tools settings) which shows you all bots hitting your site in real-time. Googlebot is obviously OK, but when I observed mine, I saw compute.amazonaws.com was making a ridiculous amount of requests every couple seconds. I Googled it and sure enough, this was a bot known for sucking up bandwidth. View your report for a minute or two and see if bots with sketchy names are constantly hitting your site. If you have doubts, Google their hostnames and see if other people are having issues with that bot.
Wordfence – Go to the Blocking settings and add the spam bots you wish to block. Asterisks serve as wildcards, so if I block *amazonaws.com* it means any hostnames containing amazonaws.com (whether it has characters before or after it), that bot will be blocked. I have saved thousands of requests/bandwidth just by blocking these two spammy hostnames:
Blackhole For Bad Bots – adds a hidden link to your pages that forbids all bots from following the link. If a bot disobeys it, they are blocked. Googlebot and other good bots are whitelisted.
Cloudflare Firewall Rules – Cloudflare lets you create up to 5 firewall rules for free. Copy the hostnames of the most common bad bots (found in your live traffic report) and add them here.
Step 4: Go to your Blocking log and enjoy watching those spam bots get blocked.
Step 5: If you do decide to use Wordfence, configure rating limiting settings. This limits/blocks crawlers (and humans) from making excessive requests, blocks fake Google crawlers, and improves security on 404 pages. These are the same settings recommended by Wordfence:
Be sure to tweak the Wordfence “options” tab to limit bandwidth consumed by this plugin:
- Do not “enable automatic scheduled scans”
- Do not “enable email summary”
- Enable “use low resource scanning”
- Decrease “limit the number of issues sent in the scan results email” to 500
- Do not enable “updates needed (plugin, theme, or core)”
- Increase “update interval in seconds (2 is default)” to 10-15 seconds
- Decrease “how much memory should Wordfence request when scanning” to 100MB
- Enable “delete Wordfence tables and data on deactivation”
- View Wordfence’s options page for more recommendations
10. Optimize Images
Images can consume lots of bandwidth, as shown in AWStats:
There are 3 ways to optimize images in GTmetrix.
- Serve scaled images – resize larges images to be smaller
- Specify image dimensions – specify a width/height in the HTML or CSS (screenshot)
- Optimize images – losslessly compress images (I recommend ShortPixel or Imagify)
Start by optimizing images that appear on multiple pages (logo, sidebar, footer images). Then run your most important pages through GTmetrix and optimize individual images on those. The first item you should work on is “serve scaled images” since this requires you to scale (resize) an image to the correction dimensions, upload the new version to WP, and replace it.
11. Common Fixes In WP Rocket
There have also been reports that critical path CSS and preloading can increase CPU. You can use a plugin to increase the preload crawl interval from 500ms (the default) to 1.5s or higher.
12. Common Fixes In W3 Total Cache
13. Configure Optimal Cache Plugin Settings
These 3 are all very important:
- If you’re using a cache plugin
- Which cache plugin you’re using (I recommend WP Rocket)
- Whether the settings are configured optimally (some can cause high CPU)
Why WP Rocket?
It has more features than most cache plugins, which means you don’t need to install extra plugins for these, while giving you better results. Otherwise you will need to research which features your cache plugins comes with, then install these plugins if it doesn’t support them:
- Database cleanup (built-in to WP Rocket, or use WP-Optimize)
- Heartbeat control (built-in to WP Rocket, or use Heartbeat Control)
- Lazy load images/videos (built-in to WP Rocket, or use WP YouTube Lyte)
- Host Google Analytics locally (built-in to WP Rocket, or use CAOS For Analytics)
- Host Google Fonts locally (built-in to WP Rocket, or use CAOS For Fonts, or SHGF)
- Integration with Cloudflare + other CDNs (built-in to WP Rocket, or use CDN Enabler)
If you can drop $49 on WP Rocket, buy it then see my WP Rocket tutorial. It’s easy to setup, updated frequently with new features, includes documentation, and support. If not, I have tutorials for Swift, WP Fastest Cache, W3 Total Cache, WP Super Cache, and Autoptimize. For free plugins, I recommend Swift or WP Fastest Cache (Swift is a tricky to setup but has great reviews in the WordPress Speed Up Facebook Group and comes with most features as WP Rocket, while WP Fastest Cache is easy to setup but lacks features included with WP Rocket).
14. Delete Unused Plugins + Themes
Unused themes store preconfigured settings in your WordPress database (similar to plugins). Go to Appearance > Themes then delete all the WordPress themes you’re not currently using.
15. Disable Unused Settings In Plugins
Just like we tweaked Wordfence’s settings to reduce CPU usage created by the plugin, go through each one of your plugin settings and decide whether you need individual features. For example, in Yoast under Settings > General > Features I disabled all of the following…
Disable plugin settings that:
- Provide statistics
- Run ongoing scans
- Send admin or email notifications
- Pull resources from external websites
- WP Rocket’s preload bot
- Wordfence’s live traffic reports
- Broken Link Checker’s ongoing scans
- Yoast’s settings under Dashboard > Features
- Chat and calendar plugins that run constantly
- Statistical plugins that constantly collect data
- Related post and popular post plugins that store tons of data
16. Block Comment Spam
An ongoing accumulation of spam comments isn’t good for your CPU usage. The Anti-Spam plugin has always work well for me (I tested plenty of others) and it doesn’t use CAPTCHA.
17. Protect Your WP-Admin
Attacks are commonly targeted at the WordPress admin, which is not only a security threat, but will consume high amounts of CPU especially since these pages aren’t usually not cached.
- Use a Cloudflare Page Rule (below)
- Limit access the admin by IP addresses
- Limit login attempts (eg. using a plugin)
- Generate a htpasswd password (here’s a tool)
18. Minimize External Requests
External requests are hard on the server.
- Google Fonts
- Google Maps
- Google AdSense
- Some Social Sharing Plugins
- Many others from my list of high CPU plugins
Often times, these will be very noticeable in your GTmetrix report:
Step 1: Eliminate Them If Possible
Step 2: Optimize Them
- Fonts – use Autoptimize’s “combine and link in head” solution. You can also try CAOS Fonts, or hosting them locally by downloading them from Google Fonts, converting them to web fonts using Transfonter, and adding them your CSS. If Google Fonts generate multiple requests in your GTmetrix Waterfall tab, you should optimized them.
- AdSense – use Ad Balance, Cloudflare Rocket Loader (or do affiliate marketing).
- Disqus – use the conditional load plugin.
- Gravatars – host them locally using WP User Avatar.
Step 3: Prefetching DNS Requests
Some cache plugins like WP Rocket let you prefetch DNS requests (as well as perfmatters and WP Disable). This helps browsers anticipate external resources so they can load them faster. Luke created a nice list of common domains to prefetch which you can then add to WP Rocket:
19. Limit Crawl Rate By Google + Bing
Google is usually the most resource-hungry crawl bot (by far) and you can limit their crawl rate in the “site settings” section of Google Search Console. This lowers the requests made by Googlebot and does NOT affect your rankings or penalize you in any way. Unless you run a news website or publish time-sensitive content (and you have a hosting plan with sufficient resources), you don’t need Google crawling your site quickly and consuming tons of resources. Websites struggling with CPU usage should lower this – keep in mind it resets every month.
Google says this on their crawl rate page…
“If Google is making too many requests per second to your site and slowing down your server, you can limit the crawl rate… we recommend against limiting the crawl rate unless you are seeing server load problems that are definitely caused by Googlebot hitting your server too hard… you canot change the crawl rate for sites that are not at the root level.”
20. Avoid Resource-Hungry Themes
Bloated, poorly coded, and non-maintained themes are a recipe for disaster.
Instead of using a theme with tons of built-in features, use a lightweight (minimal) theme and rely on plugins to only add functionality you absolutely need. I always recommend StudioPress along with their Genesis Plugins which is what I use on my own site. Yoast also uses Genesis.
21. Disable Resource-Hungry WooCommerce Features
- Disable WooCommerce cart fragments
- Disable WooCommerce scripts and styles
- Disable WooCommerce widgets
- Disable WooCommerce status metabox
- Disable automatic product feed plugins
Most of these can be done using the perfmatters plugin.
22. Host Download Files On External Websites
I barely have any files to download on my website so the bandwidth is low enough where I don’t worry about this. But if you have tons of large files that suck up bandwidth when people download them, consider uploading them to Dropbox or another file sharing website and pointing people there. That way dropbox.com will be handling the bandwidth and not you.
23. Disable AWStats + cPanel Statistics
AWStats, Webalizer, and other statistical programs in the cPanel are good for identifying the source of high CPU usage, but these actually increase CPU just like any WordPress plugin that collects statistics. All I’m saying is that when you’re done using these, you should delete them.
24. Turn Off SiteGround’s Site Scanner
If you’re getting CPU overages on SiteGround and you paid for their SG Site Scanner, try contacting their support team to turn this off. The ongoing scans may be causing high CPU.
As nice as these emails are, you should try turning this off…
25. Use A Hosting Plan With Sufficient Server Resources
Generally, the higher the plan the more server resources you get (and yes, upgrading should cure CPU overages/bandwidth limitations). For example on SiteGround’s features page you can see how many server resources come with their StartUp vs. GrowBig vs. GoGeek plan. Just scroll down to the “we allocate the resources you need” and look under the server tab…
26. Upgrade CPU/RAM
Make sure you have enough RAM so you’re not always on the edge of your limit. If it’s almost always maxed out, this puts stress on your CPU. You want to have enough resources so your server is relaxed. In this case, the 2GB of RAM was almost always maxed out, so upgrading to 4GB was a smart move. Most shared plans don’t let you add RAM (you’ll need to upgrade to a plan that includes more resources) but you can usually add them on most cloud hosting plans.
SiteGround (#1 Host In Facebook Polls)
SiteGround is used by Yoast, myself, and recommended by WordPress. They are #1 in nearly every Facebook poll and give most people significant load time improvements especially if they were using mediocre hosts: GoDaddy, Bluehost, HostGator, InMotion, Dreamhost, EIG.
I use their semi-dedicated GoGeek plan which comes with 4x more server resources than shared hosting. Click through my pages to see how fast they load, check out my GTmetrix report, or see people who migrated and posted new load times. They also do free migrations.
DigitalOcean on Cloudways and Kinsta are also good and start at $10/month and $30/month. Cloudways is more for developers who don’t need cPanel, email hosting, or the support you get with SiteGround. Kinsta is basically what WP Engine used to be (pricey, but awesome). My entire blog is basically dedicated to helping people make their website load faster. I refuse to recommend $2/month hosting since it’s most people’s biggest regret when running a website.
How To Check If Your Hosting Is Slow
Run your site through Google PageSpeed Insights to see if reduce server response time is in your report. Google recommends it should be <200ms. Anything above 1 second is not good. You can also check your TTFB (time to first byte) in GTmetrix’s Timings tab or bytecheck.com.
SiteGround is recommended by WordPress:
A few threads:
SiteGround has 3 plans:
Higher plans include more server resources (#1 factor in the WordPress optimization guide). Here’s the full comparison chart, but GrowBig gives you about 2x more server resources than StartUp, and GoGeek is semi-dedicated hosting which gives you even more. GrowBig and up comes with a free migration, staging, advanced caching, and ability to host multiple websites. GoGeek comes with priority support. Their cloud hosting is quite the price jump at $80/month.
You can see this on their features page:
People usually migrate because their speed technology can cut load times in half:
Hire My Developer To Reduce Your CPU Usage
His name is Pronaya and he should be able to solve your CPU overages (if you still need help) and help you improve scores/load times in GTmetrix and Pingdom. You can hire him by creating a profile on freelancer.com and searching for username bdkamol. Here is his full WordPress speed portfolio. He’s $40/hour from Bangladesh (so there is a time change) and you can email him at email@example.com. He also has a perfect 5 star review on his profile.
Let me know if this tutorial worked in the comments!