24 Ways To Fix A Slow WordPress Site (The Complete Tutorial) – Speed Up WordPress For Faster Load Times And Core Web Vitals

Have a slow WordPress site?

Since core web vitals will be a ranking factor in June, 2021, WordPress speed optimization has definitely changed. Many websites that had great scores are getting C’s and D’s in their report.

The goal of this tutorial is to fix recommendations in GTmetrix and PSI (PageSpeed Insights) while improving load times, which is the most important factor and what you should focus on.

A slow website is usually caused by your infrastructure: hosting, themes, page builders, and plugins have some of the largest impact on both scores and load times. Start with those first. When in doubt, look at the WordPress optimization guide to see the most important factors.

OMM PageSpeed Insights

Latest OMM GTmetrix Report
Even long posts with tons of images and 500+ comments still load in about 1s with a 163ms TTFB


1. Testing Tools

What changed in GTmetrix?

In the past, scores didn’t always correlate with load times. You could have a slow TTFB and heavy CSS/JS files but still have great scores. That’s not the case anymore. Lighthouse/PSI do a better job at correlating scores with load times, and now so does GTmetrix. Page builders and hosting can most noticeably affect both load times and scores in GTmetrix/PSI. That’s why you see many people in Facebook Groups (including myself) in a rush to remove their page builder.

Web vitals will be a ranking factor in May, 2021 (in other words, improve your PSI report). Reducing TTFBs and load times of specific items in GTmetrix Waterfall are good places to start.

  • Google PageSpeed Insights – main tool you should be optimizing for (it’s Google) especially now that they have more accurate metrics that actually measure load times (e.g. LCP). To test mobile load times, use Think With Google which uses a 4G connection (PSI uses 3G). This is partially why your scores might be lower on mobile than on desktop.
  • Google Search Console Core Web Vitals – the core web vitals report only shows core vitals (e.g. LCP) for your entire WordPress site but doesn’t give specific recommendations.
  • GTmetrix – use the Waterfall chart to pinpoint specific CSS, JS, fonts, images, and third-party domains that need to be optimized. Otherwise, similar recommendations from PSI.
  • KeyCDN Performance Test – great for measuring TTFBs and DNS lookup times in 10 global testing locations. Solid indicator whether your WordPress hosting or DNS is slow.


2. Hosting

I’m using Cloudways Vultr High Frequency and usually have a 150ms TTFB + 1.4s fully loaded time in GTmetrix (the post tested also has 50+ images and 600 comments). Feel free to click through my site to see how fast it loads. Vultr HF and DigitalOcean are two of the most popular hosting plans in the WordPress Hosting and WP Speed Matters Facebook Groups. Cloudways is monthly pricing and includes a free migration which makes them easy to try out. Hosting is by far the #1 factor in the WordPress optimization guide and they even recommend DigitalOcean.

Be careful with other hosting recommendations:

  • Matthew Woodward pushes WPX but uses Kinsta on his own site.
  • Darrel Wilson pushes NameHero but his GTmetrix report is a mess.
  • Hostinger writes fake reviews and was banned from Facebook Groups.
  • They also push SiteGround when Backlinko says their TTFB is slow (I stopped recommending them and changed my review to outline all SiteGround’s problems).
  • WP Engine, GoDaddy, Bluehost, HostGator, and EIG brands are obviously not good.
153ms TTFB for a huge post with 50+ images and 600 comments (view report)

I switched from SiteGround to Cloudways in 2019. My response times were 2x faster, I was paying 1/2 the price of what I was on SiteGround, and had no CPU issues or high renewal prices.

Cloudways Shoutout

Cloudways is usually #1 in recent Facebook polls (click thumbnails to enlarge).

Moving from SiteGround
eCommerce Hosting Poll

People who moved to Cloudways and posted their results:

Cloudways Numbers
Cloudways Vultr High Frequency
Step 1: Sign up for Vultr High Frequency
Cloudways Coupon Code
Step 2: Use code OMM25 to save 25% your first 2 months
Cloudways Launch Server
Step 3: Launch your server (Vultr HF and DigitalOcean are both solid)
Cloudways Free Migration Request
Step 4: Request a free migration or use the Cloudways migrator plugin
Latest OMM GTmetrix Report
Step 5: Enjoy the faster TTFB + load times

NameHero’s Turbo Cloud plan is also a solid choice. It uses NVME, LiteSpeed servers, the LiteSpeed Cache plugin, and QUIC.cloud CDN which supports HTTP/3. All 3 tools have excellent reviews and were specifically designed to work together for faster speeds. They are different from Cloudways: NameHero is more beginner-friendly with cPanel, everything is built-in to their hosting (no need to pay for WP Rocket or email hosting), and support is A+. The biggest con is you pay 1-3 years upfront, then higher renewal prices kick in. My NameHero review shows you how to setup LiteSpeed Cache + QUIC.cloud (I was able to get a 61ms TTFB). Obviously an Astra Starter Site is smaller than onlinemediamasters.com, but it was impressive nonetheless. They also do a free migration and Ryan (CEO) has some awesome YouTube videos.

NameHero GTmetrix With LiteSpeed QUIC
Astra Site on NameHero Turbo Cloud w/ LiteSpeed + QUIC.cloud: 61ms TTFB, 733ms load time

Affiliate Disclaimer – yes, I’m an affiliate for Cloudways and NameHero, but I’d rather make a living referring people to better, faster hosting than other garbage out there. I try to backup recommendations with real evidence. You can see conversations in FB Groups, how Cloudways is recommended by Adam (WPCrafter), and other feedback.


3. Page Builders

Page builders got crushed in the new GTmetrix update.

They add extra CSS, JavaScript, and DOM elements which affect multiple items in PSI. View your source code and see how many times Elementor or Divi are mentioned (for me, it was 2,000+). Do a Google search and look at speed tests (here’s one on Gutenberg vs Elementor). Like many others in Facebook Groups, I’m in the process of removing Elementor from my site.

  • Divi, Elementor, and Brizy are slow page builders.
  • Oxygen, GeneratePress, and Kadence are solid lightweight alternatives.
  • Gutenberg, Genesis, and Elementor’s Hello theme are other alternatives.
  • If using Astra Starter Sites, use a template built in Gutenberg (not Elementor).
  • WP Johnny offers page builder removal services (he removed Elementor for me).
  • Adding more page builder plugins/addons will slow down WordPress even more.
  • Use Asset CleanUp or Perfmatters to unload unused assets created by page builders.
  • Divi’s Rocket plugin is mediocre and you’re better off using WP Rocket or LiteSpeed.
  • Elementor has experimental features in the Settings that include speed optimizations (Optimized DOM Output and Improved Asset Loading) which you should be trying out.
  • Divi has built-in minify and combine CSS/JavaScript files settings. These can do a better job (as far as compatibility goes) than cache plugins, but test their impact in speed tools.

Page builder migrations and polls on the fastest themes (click thumbnails to enlarge):

Page Builder Speed
Source: Oxygen4Fun


4. Plugins

Plugins are notorious for slowing down WordPress.

That’s why it’s so important to do research (in Facebook Groups and read reviews in the WordPress repository) before settling on a plugin. Test it’s impact in Query Monitor or PSI.

Some argue that web design requires many plugins. While this is sometimes true, it doesn’t apply to simple WordPress sites. You can easily run 20 lightweight plugins without hardly any impact on speed. It’s up to you to do your research, be minimal, and hard code things if you can. Just because you’re familiar with some plugin or page builder doesn’t mean it’s the right move.

  • Avoid common slow plugins (below).
  • Find slow plugins using Query Monitor.
  • Avoid plugins that use jQuery when possible.
  • Use plugins with modular design and disable unused features.
  • Avoid using plugins for SSL, redirects, and things you can do manually.
  • Avoid plugins that run heavy background processes or add third-party code.
  • Hard code things (headers, menu, etc) to avoid plugins – hire a developer if needed.
  • Use WP Hive to see whether a plugin is slow before installing it (screenshot below).

WP Hive

Most slow WordPress plugins include social sharing, statistics (analytics), sliders, portfolios, page builders, calendars, chat, contact forms, related post, sitemap, WPML, WooCommerce, and plugins that run ongoing scans or heavy background processes.

  1. AddThis
  2. AdSense Click Fraud Monitoring
  3. All-In-One Event Calendar
  4. Backup Buddy
  5. Beaver Builder
  6. Better WordPress Google XML Sitemaps
  7. Broken Link Checker
  8. Constant Contact for WordPress
  9. Contact Form 7
  10. Contextual Related Posts
  11. Digi Auto Links
  12. Disqus Comment System
  13. Divi Builder
  14. Elementor
  15. View the full list of 70+ slow plugins

Lightweight Plugin Alternatives

  • Backups – UpdraftPlus.
  • SEO – Rank Math or SEOPress.
  • Sliders – Soliloquy or MetaSlider.
  • SSL – you shouldn’t need a plugin.
  • Redirects – you shouldn’t need a plugin.
  • Gallery – Gutenberg Gallery or Meow Gallery.
  • Analytics – Google Analytics and Google Search Console (no plugins).
  • Security – Cloudflare Firewall, Two-Factor, Limit Login Attempts, Blackhole.
  • Social Sharing – Grow By Mediavine (fastest social sharing plugin in WP Rocket’s test).
  • Comments – native comments or wpDiscuz with optimized settings and JavaScript delay.


5. Caching

Which cache plugin you use and how you configure the settings are high impact.

WP Rocket and LiteSpeed are the gold standards (or SG Optimizer if using SiteGround). The reason WP Rocket is so highly rated is because it comes with more speed features than most other cache plugins (resulting in more speed optimizations yet less plugins needed on your site).

Otherwise, you will need to figure out which features your cache plugin doesn’t come with and install extra plugins to get those optimizations. In this case, here are the plugins I recommend:

  • Database cleanup – WP-Optimize
  • CSS/JS optimization – Autoptimize
  • Delay JavaScript execution – Flying Scripts
  • Host Google Analytics locally – Flying Analytics
  • CDN URL integration – BunnyCDN / CDN Enabler
  • Heartbeat control – Heartbeat Control / manual code
  • Lazy load images/videos – Optimole / WP YouTube Lyte
  • Preload links / instant page – Perfmatters or Flying Pages
  • Prefetch/preload – Perfmatters, Pre* Party, or manual code
  • Host Facebook Pixel locally – no plugin does this that I know
  • Font-display:swap – Swap Google Fonts Display / manual code

WP Rocket is #1 in most Facebook polls (click thumbnails to enlarge):

Caching Types
There are 6 types of caching. Cache plugins usually only support 2 types (full page cache + browser cache). Other types can usually be activated in cloud hosting accounts. Take advantage of the different types of caching your host offers – cache plugins are just one part of the picture. I would definitely activate Redis in your hosting account and use the Redis Object Cache plugin. In SiteGround SG Optimizer you should usually activate static, dynamic cache, and memcached.

  • Opcode cache – usually done by host.
  • Full page – usually done by cache plugin.
  • Browser cache – usually done by cache plugin.
  • HTTP accelerators – activate in your host (e.g. Varnish/FastCGI).
  • Object cache – similar to Redis/memcached (I highly recommend Redis).
  • CDN – done through CDN, or add a cache everything page rule in Cloudflare.


Cache Plugin Tips


6. CDN

Cloudflare is fine for most sites, but if you’re serious about speed, go with BunnyCDN.

It’s usually the most favored CDN in Facebook threads (including this one). BunnyCDN is usually faster than Cloudflare, RocketCDN (StackPath), and most CDNs. That’s because BunnyCDN is a push only CDN, which means visitors won’t experience slow pulls. WP Johnny said RocketCDN can actually increase TTFBs and Cloudflare can have a negative affect. Like cache plugins, CDNs react differently for different sites – I would test Cloudflare/BunnyCDN.

Even if you don’t use Cloudflare for anything else, their DNS is much faster than cheaper DNS providers (GoDaddy, NameCheap, etc). If you bought domain/hosting through a cheap host, changing your DNS to Cloudflare can reduce DNS lookup times.

  • If visitors are local only, you don’t need a CDN.
  • Cloudflare setup requires changing nameservers.
  • Be careful with Rocket Loader (it can break your site).
  • Add Cloudflare page rules, especially the cache everything page rule and protect the WP admin area. To cache everything on dynamic sites, use WP Cloudflare Super Page Cache.
  • If using Cloudflare, definitely use their APO for $5/month.
  • If using LiteSpeed, their QUIC.cloud CDN is a solid choice.
  • Set browser cache expiration to how often you post new content (e.g. 10 days).
  • If using Cloudflare + WP Rocket, configure the Cloudflare tab for compatibility.
  • Use BunnyCDN if you’re serious about speed (setup using the BunnyCDN plugin).
  • CDNs can both improve PSI scores and offload lots of bandwidth to their data centers.



7. Fonts

Optimizing fonts isn’t as simple as ticking an option in your cache plugin.

GTmetrix shows you how long your fonts take to load, their number of requests, and whether they’re being served locally or from an external source. Here are a few ways to optimize them.

  • Avoid .ttf and use woff instead which is faster.
  • Check GTmetrix Waterfall > Fonts to see font files/sources/load times.
  • Be minimal with number of fonts (font families, variants, characters, icons).
  • Host fonts locally with OMGF or Transfonter (avoid using fonts.googleapis.com or fontawesome.com and serve them from your CDN URL (https://x7r6b9v3.rocketcdn.me).
  • If you serve fonts from external sources (e.g. fonts.googleapis.com), prefetch them.
  • Add font-display to “ensure text remains visible during webfont load” in PSI.
  • Preload fonts (copy font files from GTmetrix and add to WP Rocket or Perfmatters).
  • Combine Google Font requests (usually done through your cache plugin) – see here.
  • Avoid plugins that add extra fonts and serve fonts from your theme, not with plugins.



8. Third-Party Code

Third-party code is a PSI item and is anything on your website that has to pull requests from external websites.

These include Google Fonts, Analytics, Maps, AdSense, Tag Manager, embedded videos, Gravatars, social like boxes, Facebook Pixel, and even like buttons from your social sharing plugin. Some can be optimized to have no impact on PSI while other third-party code is harder.

  • Google Fonts – host locally instead of serving them from //fonts.gstatic.com.
  • Google Maps – take a picture of the map and link it to driving directions. If you must use a map, only use it on your contact + local pages and lazy load iframes.
  • Google Analytics – host locally using WP Rocket or Flying Analytics. If using Perfmatters, use a smaller tracking code (minimal, minimal inline, or analytics.js) and disable display features to prevent a second HTTP request to Doubleclick.
  • Google AdSense – lazy load ads and delay it’s JavaScript using WP Rocket or Flying Scripts. AdSense can be a GTmetrix killer (try affiliate marketing instead).
  • Google Tag Manager – delay using WP Rocket or Flying Scripts and clean up tags. Avoid hardcoding tags in the header. Otherwise, there’s little you can do.
  • Facebook Pixel – hosting it locally using WP Rocket is the only way I know of.
  • YouTube – lazy load videos, replace YouTube iframes with preview images, and delay it’s JavaScript. If you’re using Elementor, Adam from WPCrafter posted a YouTube video to embed videos without creating HTTP requests to YouTube.
  • Social Media – use Grow by Mediavine which was the fastest social sharing plugin in WP Rocket’s test, avoid social media widgets (e.g. Facebook Like boxes).
  • Gravatars – delay Gravatars and use a local Gravatar image with WP User Avatar (my blog comments show an example of a custom Gravatar image I use).
  • WPdiscuz – tweak the settings to initiate AJAX loading after page, disable WordPress native AJAX functions, and disable load font awesome CSS lib. After delaying comments and using WP User Avatar, your comments should load very quickly. Native WordPress comments fast too (I just like the look of WPdiscuz).

Third Party Usage

Remember to prefetch third-party domains and delay non-critical JavaScript in step 14.


9. Images

There are many ways to optimize images.

Many of these are shown in GTmetrix and PSI (properly size images, defer offscreen images, efficiently encode images, and WebP). I listed a few additional recommendations too. Keep in mind – most speed testing tools only show you unoptimized images for the single page you test.

  • Properly size images – resize large images to be smaller. My blog width is 680px so I crop/resize fullwidth blog images to that size. Some plugins find oversized images and resize them automatically but it’s best to use the correct sizes before uploading them.
  • Lazy load images – built-in to WordPress 5.5 and many speed plugins also do this (if enabled in another speed plugin, they will deactivate native lazy loading). You should exclude above the fold images from lazy load since they are critical and will actually appear slower to visitors when lazy loaded. This is called “defer offscreen images” in PSI.
  • WebP – use a WebP plugin (or your image optimization plugin if supported) to convert images to WebP which is suppose to be faster and better quality then JPEG/PNG. Enable WebP Cache if you use WP Rocket. This is called “serve images in next-gen format” in PSI.
  • Losslessly compress images – ShortPixel, Smush, TinyPNG, and Photoshop are popular methods. The compression level really depends on what you’re willing to tradeoff in terms of quality vs. speed (Lighthouse uses 85%). This is called “efficiently encode images” in PSI.
  • Combine Images Using CSS Sprites – a CSS sprite combines multiple small images into 1 single image so it creates 1 request instead of multiple (using a CSS sprite generator). I used a CSS sprite for the circular icons on my old homepage. You can also do this when showing multiple logos (if you have a “clients” or “featured on” section). You should only do this with small, decorate images since it can hurt SEO if you do it with regular images.
  • Serve images through your CDN URL – CDN URLs (e.g. https://x7r6b9v3.rocketcdn.me) can be used to serve images. Cloudflare doesn’t use a CDN URL. If you’re using a CDN URL but images aren’t being served, enable the CDN Rewrite option if using Perfmatters.
  • Serve images with correct dimensions – add a width/height attribute to the image’s HTML. WP Rocket has an option to add missing image dimensions which should fix this.
  • Adaptive Images – serve smaller images to mobile using an adaptive images plugin.
  • Disable Hotlinking – prevents people from embedding your images on their website which consumes bandwidth and costs you money. You can prevent this with Cloudflare’s hotlink protection, WP Rocket’s disable embed setting, or some hosts have a disable hotlink option. Adding your logo to images can also discourage people from hotlinking.
  • Strip EXIF data from images – strips useless data from images like date, time, location, and camera settings when a photo was taken. Done by most image optimization plugins.
  • Downgrade Quality For Slower Connections – plugins like Optimole let you serve lower quality images for users on slow connections (downgraded for up to 40% smaller file size).

GTmetrix Image Optimizations


10. Videos

If you embed videos, they’re usually the heaviest element on a page. Just by lazy loading them and using preview images, you can easily shave a couple seconds from each video’s load time.

  • Lazy load videos – via cache plugin, Perfmatters, or try WP YouTube Lyte.
  • Replace YouTube iframes with preview images – the iframe (which is the heaviest element of the video) is only loaded once your visitors actually click the play button.
  • Preconnect To YouTube – establishes an early connection to YouTube and is a PSI item.
  • Offload media files to third-party services – if you’re using self-hosted videos, use a third-party service like WP Offload Media to offload them to Amazon S3, DigitalOcean Spaces, or Google Cloud Storage and serve it with Amazon CloudFront or another CDN.


11. Database

Give your database a deep cleaning.

Many cache plugins have automatic database cleanups (mine is set to 1 week in WP Rocket), but they don’t delete tables left behind by plugins which are created when you delete a plugin. For this type of cleaning, I recommend installing WP Optimize once in awhile. Install it then delete tables from old plugins marked as “not installed” if you don’t plan on using a plugin again.

  • Schedule ongoing database cleanups (I use WP Rocket).
  • Deleted unused tables (in WP-Optimize) after you delete a plugin.



12. Unload Assets

Some things load across your entire website even when they’re not being used. Unloading assets means disabling plugins, CSS, and JavaScript on pages/posts they don’t need to load.

Reducing CSS and Javascript are PSI items and is usually done with Perfmatters or Asset CleanUp. I wrote a comparison about them (I use Perfmatters since the UI/UX is much better). However, the pro version of Asset CleanUp lets you unload custom CSS, Perfmatters does not.

Once you decide on a plugin, edit a page and view the script manager to see which assets are loading on the page. You will need to figure out where your assets are being loaded and which type of content you can disable them on (current URLs, pages, posts, Regex, or “everywhere but” options). Test carefully or setup a staging site because disabling assets can break your site.


  • Disable slider plugin on pages that don’t use sliders.
  • Disable rich snippets plugin on pages that don’t use rich snippets.
  • Disable contact form plugin on pages that don’t have a contact form.
  • Disable WooCommerce scripts and styles on non-eCommerce pages.
  • Disable affiliate link management plugin on pages that don’t use aff links.
  • Disable social sharing plugin on all pages (since it’s usually for blog posts).
  • Disable unused functionality in your page builder (see this post for Elementor).



13. Bloat Removal

Removing bloat can reduce CPU and free up server resources.

Some bloat can be removed using Perfmatters (check their features page), Asset CleanUp, or with manual code. You should also go through your theme/plugin/hosting settings to disable all functionality you don’t use. This includes background processes which can consume high CPU.

  • Disable heartbeat.
  • Avoid bloated themes.
  • Delete unused media files.
  • Delete unused themes/plugins.
  • Disable usage tracking in plugins.
  • Disable unused modules in plugins.
  • Replace WP cron with real cron jobs.
  • Limit post revisions (5-10 is sufficient).
  • Deep clean your database with WP-Optimize.
  • Protect your blog/forms from comment spam.
  • Remove jQuery Migrate if your plugins don’t use it.
  • Disable other unused items in Perfmatters or Asset CleanUp.
  • Disable unused features in your hosting account: email, DNS, FTP, etc.



14. Delay JavaScript

Delaying JavaScript was introduced to WP Rocket and can also be done using Flying Scripts (WP Rocket delays until user interaction while Flying Scripts sets a timeout period in seconds).

You should only delay JavaScript that loads below the fold. WP Rocket has a default list of safe JavaScript to delay, but you may be able to add more. I delayed both wpDiscuz and Gravatars and now my blog loads much faster, plus the comments section doesn’t cause GTmetrix errors.

View your PSI report and look at the following items: reduce JavaScript execution time, reduce unused JavaScript, and reduce impact of third-party code. If you see any non-critical JavaScript that can be delayed, test it out. For example, AdSense can be delayed by adding adsbygoogle.js.



15. Prefetch, Preload, Preconnect

These tell browsers to download resources ahead of time.

You’ve probably seen these in WP Rocket, Perfmatters, Pre* Party Resource Hints, or you can add the code manually. Preload and preconnect are also PSI recommendations. You can add resource hints using the following values: fonts, scripts, styles, images, media, and documents.

  • Prefetch – helps browsers anticipate requests from third-party sites. First, view third-party domains loading on your site in PSI or GTmetrix. Next, grab their URLs or see these common domains to prefetch. Lastly, prefetch them using one of the 3 plugins mentioned.
  • Preload – often used for links and fonts. Preloading links downloads a page when users hover over a link so by the time they click it, the page downloads nearly instantly (can be done in WP Rocket, Perfmatters, or Flying Pages). Preloading fonts helps browsers discover fonts in CSS files. To do this, copy your font URLs from the GTmetrix Waterfall tab and paste them into the font preloading section in one of the 3 plugins mentioned.
  • Preconnect – establishes early connections to important third-party origins. Common with CDNs and external fonts like fonts.gstatic.com but can’t be done in WP Rocket (use one of the other plugins). Use sparingly and test results in speed tools once implemented.

WP Rocket Prefetch Preload


16. Redirects

If you see “avoid landing page redirects” in PSI, it’s probably because you’re linking to incorrect URLs or using a plugin that creates redirects. This is a case by case basis, but here are a few tips.

  • Avoid plugins that created redirects.
  • Use trailing slashes properly: https://example.com/blog/
  • Link to the correct HTTPS and WWW or non-WWW version.
  • Don’t use a redirect plugin, creating them in .htaccess is faster.
  • Use Better Search Replace to fix redirect errors throughout your site.

minimize redirects


17. Block Bad Bots

You would never know if spam bots are hitting your site unless you checked your Wordfence live traffic report. By blocking them, you will save resources and put less stress on your server.

Step 1: Install Wordfence (it can consume CPU itself so consider deleting it when you’re done).

Step 2: View your Wordfence live traffic report for a few minutes to see which bots are hitting your site in real-time. Googlebot (and likely others) are obviously OK, but you may notice a few spammy ones. Google these bot’s hostnames to see if other people are reporting them as spam.


Step 3: Block the bots (you have a few options): Wordfence blocking, Cloudflare firewall rules (block up to 5), Blackhole For Bad Bots, Jeff Starr’s 7G Firewall, or Cloudways bot protection.

Login to your Cloudflare Dashboard and go to Firewall → Firewall Rules → Create A Firewall Rule. Copy the bad bot’s hostnames (from Wordfence) and add it here in the “Value” field. Since you can create 5 rules, you would repeat this step for your 5 worst bad bots from Wordfence.

  • Field = Hostname
  • Operator = Contains
  • Value = hostname of the bad bot you found in Wordfence

Cloudflare Firewall Rule To Block Bad Bots

Step 4: Go to your “Blocking log” in Cloudflare and watch your spam bots get blocked.


Move your WP login page using Perfmatters or WPS Hide Login since your default wp-login page attracts spammy bots. If you’re using Cloudflare or another security service, enable WAF.


18. Mobile

How do you improve mobile scores in PSI?

Most desktop optimizations carry over to mobile so you should always start with those first. Secondly, Google uses a slower 3G connection for mobile testing which means mobile results are almost always worse than desktop. Still, there are a few mobile-specific things you can do.

  • Make sure themes/plugins are responsive.
  • Replace sliders with images (sliders are a thing of the past anyway).
  • Code menus in CSS instead of JavaScript, and avoid hamburger menus.
  • Serve smaller images to mobile devices using an adaptive images plugin.
  • Enable mobile caching if your cache plugin supports it (or get one that does).
  • Downgrade image quality for slower connections (you can do this in Optimole).
  • Consider AMP (I’m not a fan) – Kinsta’s conversions dropped 59% when using AMP.
  • Check your web vitals report in Search Console (there’s a section specifically for mobile).

Mobile caching


19. WooCommerce

WooCommerce sites can require more scripts, styles, cart fragments, and plugins.

Besides general speed optimizations, there’s a few extra things you can do. By far the most important is solid hosting. Cloudways and Gridpane are what I suggest for WooCommerce.

  • Use the Disable WooCommerce Bloat plugin.
  • Never run WooCommerce on shared hosting (recipe for disaster).
  • Clear WooCommerce Transients in WooCommerce Status settings.
  • Disable cart fragments if you value speed over fragments (in Perfmatters).
  • Disable WooCommerce scripts/styles on non-eCommerce pages (in Perfmatters).

WooCommerce Cart Fragments


20. Update Software

Keep your software updated. WooCommerce and some page builders (Elementor and Divi) have a system status section showing your software details. Also, stay informed when your host releases an update (PHP version, Redis, etc). You’ll likely need to make these updates manually.

  • PHP version
  • MySQL + MariaDB Version
  • WordPress core, themes, plugins, frameworks


21. Miscellaneous

Some of these didn’t fall under the other sections, so I listed them here:

  • Protect Login Pages  – if using Cloudflare, add a page rule for your login page, set the security level to high, then disable Cloudflare performance features inside the admin.
  • Use Brotli – it’s much faster than GZIP (WP Rocket only supports GZIP).
  • CDN Rewrite – if you’re using a CDN but images aren’t being served from them, try enabling the CDN rewrite option in Perfmatters settings (not applicable to Cloudflare).
  • Defer Non-critical JavaScript – use a cache plugin or Autoptimize to defer non-critical JavaScript (JS files loading below the fold). Don’t defer content that is above the fold.
  • Don’t Enable Yoast Indexables – claims to speed up site but I wouldn’t enable it (many complaints on their blog). And frankly, you should use Rank Math or SEOPress instead.
  • To Combine CSS/JS And Use Critical CSS, Or Not – WP Johnny says smaller sites should combine, larger sites usually shouldn’t. You should also test critical CSS to see whether it has a positive impact on your load times because it can sometimes have a negative impact.


22. Speed Plugins

Here’s a list of 35+ WordPress speed plugins with brief descriptions.

Of course, you don’t need all these. The ones I recommend most are Oxygen Builder, WP Rocket or LiteSpeed, Perfmatters, ShortPixel, WP-Optimize, Query Monitor, and Autoptimize.

  • Oxygen Builder – lightweight theme builder I recommend designing your website in.
  • WP Rocket – #1 cache plugin in most Facebook polls and what most people are using.
  • LiteSpeed Cache – the cache plugin you should be using if you’re on a LiteSpeed server.
  • Perfmatters – unload assets, remove bloat, optimizes WooCommerce, other features.
  • Asset CleanUp – similar to Perfmatters (free but more limited and UI/UX isn’t great).
  • Autoptimize – better control of CSS/JavaScript optimizations than most cache plugins.
  • OMGF | Host Google Fonts Locally – fixes leveraging browser caching issues for GA.
  • ShortPixel – popular image optimization plugin with option to convert images to WebP.
  • ShortPixel Adaptive Images – serve smart cropped (smaller) images to mobile devices.
  • Optimole – lazy load images without jQuery and serve them through Cloudfront’s CDN.
  • WP-Optimize – cleans database including the option to delete tables left by old plugins.
  • Query Monitor – find bottlenecks slowing down your site including your slowest plugins.
  • Swap Google Fonts Display – ensures text remains visible during webfont load (PSI item).
  • Flying Scripts – similar to delay JavaScript execution in WP Rocket (delays JavaScript).
  • Flying Pages – similar to preload links in WP Rocket (preloads pages during mouse hover).
  • Swift Performance – hit or miss cache plugin with aggressive caching (mediocre reviews).
  • SG Optimizer – use if you’re on SiteGround, but I don’t recommend SiteGround’s hosting.
  • Breeze By Cloudways – don’t use if you’re using Cloudways (WP Rocket is much better).
  • WP Fastest Cache – free cache plugin but hardly comes out with new features (outdated).
  • Nitropack – cache plugin specifically designed to fix PSI items, not necessarily load times.
  • ToolKit For Elementor – designed specifically to speed up Elementor (great reviews too).
  • WP YouTube Lyte – lazy load videos and use preview images (if not using WP Rocket).
  • Heartbeat Control – disable/limit WordPress Heartbeat API  (if not using WP Rocket).
  • Pre* Party Resource Hints – adds prefetch, preload, preconnect (if not using WP Rocket).
  • Disable WooCommerce Bloat – removes WooCommerce bloat to speed up the admin.
  • BunnyCDN – used to setup BunnyCDN (the CDN I recommend instead of RocketCDN).
  • Blackhole For Bad Bots – stops bad bots from hitting your site and consuming resources.
  • WP Offload Media – offload media to various services/CDNs if using self-hosted videos.
  • WP Cloudflare Super Page Cache – use the cache everything page rule on dynamic sites.
  • WP Crontrol – manage your WP cron jobs and their schedules which can reduce CPU.
  • Disqus Conditional Load – lazy load Disqus comments using OnScroll, OnClick, Normal.
  • WP User Avatar – upload a custom, optimized Gravatar image that can be hosted locally.
  • AMP For WP – add accelerated mobile pages with design options (I don’t suggest AMP).
  • Widget Disable – disable sidebar/dashboard widgets (speed up admin’s initial load time).
  • Display PHP Version – shows which PHP version you’re running if you don’t know how.
  • GTmetrix For WordPress – keep track of GTmetrix scores, schedule scans, and get alerts.
  • WP Hosting Performance Check – somewhat accurate hosting performance recording.


23. PageSpeed Insights Items

Below are items found in PageSpeed Insights and common solutions. Here’s a screenshot from Think With Google which also summarizes them but I tried to make mine specific to WordPress.

  • Avoid an excessive DOM size – avoid slow page builders, lazy load items below the fold (images, videos, iframes, AdSense), hard code your header/footer/menu, and paginate comments. If using Elementor, enable “Optimized DOM Output.”
  • Avoid chaining critical requests – defer/async JavaScript below the fold, combine CSS and JS into single files, take advantage of preconnect and preload.
  • Avoids document.write() – most often associated with a dynamic year in the footer area. Instead, manually add the current year without making it dynamic.
  • Avoid enormous network payloads – reduce page sizes and number of HTTP requests. A generic recommendation that spans from caching to optimizing images, fonts, third-party code, plugins, and reducing CSS + JavaScript files.
  • Avoid large JavaScript libraries with smaller alternatives – most plugins rely on jQuery instead of large JavaScript libraries, but you should still try to eliminate jQuery from your site by using jQuery-free plugins and disabling jQuery migrate.
  • Avoid large shift layouts – measures shifting elements on a page often associated with fonts, buttons, images, CSS, and cookies notices that “fly in” while a page is loading. Quick tips are to try disabling “optimize CSS delivery” in WP Rocket or “load CSS asynchronously” in LiteSpeed cache. Use the font-display properly, exclude above-the-fold images from lazy load, and specify dimensions of images/iframes. Ads, animations, and dynamic content can also cause a high CLS. The CLS metric only applies to content that is above-the-fold.
  • Avoid multiple page redirects – use the correct HTTPS and WWW or non-WWW version throughout your site. Plugins can also cause redirect errors.
  • Avoid non-composited animations – fix animations that shift or appear janky when your page loads which will also affect your Cumulative Layout Shift time.
  • Avoid serving legacy JavaScript to modern browsers – don’t use outdated JavaScript (ES5 standard). Using reliable themes/plugins should prevent this.
  • Defer offscreen images – lazy load images (built-in to WordPress or use a plugin (Optimole) which lazy loads without jQuery and serves images via Cloudfront).
  • Ensure text remains visible during Webfont load – use “swap” property in font-display by adding &display=swap to end of the Google Font URL, or use a plugin.
  • Efficiently encode images – generic recommendation to make images smaller. Compress images (using a plugin like ShortPixel or TinyPNG), lazy load images, serve them from a CDN (Cloudflare won’t work), remove EXIF data, use WebP.
  • Eliminate render-blocking resources – generate critical CSS and defer JavaScript. Autoptimize and the Async JavaScript plugin can usually fix these.
  • Enable text compression – enable GZIP in your cache plugin (but Brotli is faster).
  • Largest contentful paint – how long the main content on a page takes to finish rendering (multiple factors are involved). Primary ways to improve LCP are to reduce server response times, choose a data center close to visitors, use a CDN, add browser resources hints like preconnect and prefetch, use server-side caching, inline critical resources, defer non-critical resources, use critical path CSS, avoid heavy scripts above-the-fold, reduce DOM size, ensure text remains visible during font load, optimize images, use adaptive images, and minify CSS/JS.
  • Minimize main-thread work – generic recommendation for reducing JavaScript.
  • Remove unused JavaScript/CSS – avoid slow page builders which add lots of unnecessary CSS/JS, reduce third-party code by hosting files locally, lazy load files, and delay non-critical JavaScript. Remove jQuery if doesn’t break your site. Use critical CSS, or use this tool to remove unused CSS. Use a smaller Google Analytics tracking code (analytics-minimal.js or analytics.js) instead of gtagv4.js. Use Perfmatters or Asset CleanUp to unload assets on specific pages and posts.
  • Reduce server response times – avoid shared hosting, EIG brands, and get off SiteGround since their TTFB has become slow. Try Cloudways (DigitalOcean or Vultr HF) or Gridpane. Join the WP Hosting Facebook Group to get feedback.
  • Keep request counts low and transfer sizes small – Keep request counts low means to make fewer HTTP requests (often related to lots of third-party code, multiple fonts, and multiple CSS/JavaScript files). To keep transfer sizes small, minify CSS/JS, use properly sized + compressed images, and fix redirect issues.
  • JavaScript execution time – see the “removed unused JavaScript” item.
  • Minimize third-party usage – view third-party code loading on your site in PSI or GTmetrix Waterfall (or here’s a list of common third-parties) then decide what needs to be optimized. Host fonts locally in OMGF, host Google Analytics and Facebook Pixel locally, lazy load videos, replace YouTube iframes with preview image, and host Gravatars locally using WP User Avatar. Use a smaller GA script type and disable remarketing + advertising for GA to avoid a second request to DoubleClick (in Perfmatters), delay loading non-essential third-party JavaScript, and avoid using Maps sitewide. AdSense can create many third-party requests.
  • Minify CSS – removes unnecessary characters from CSS (done via cache plugin).
  • Minify JavaScript – removes unnecessary characters from JS (via cache plugin).
  • Preconnect to required origins – if using a CDN or Google Font, preconnect your CDN URL and //fonts.gstatic.com using Perfmatters, Pre* Party, or add the code manually. This will establish an early connection to third-party services.
  • Preload key requests – loads important resources sooner. Commonly done with important CSS, JavaScript, WOFF2, and image files. Can be done in WP Rocket, Perfmatters, and other speed plugins. Enable link preloading then find important files loaded across your site. Preload the files while testing impact on load times.
  • Properly size images – avoid huge images and resize to smaller dimensions. Try creating a cheat sheet of dimensions for logo, blog images, sidebar images, etc.
  • Remove duplicate modules in JavaScript bundles – often caused by importing code which can result in duplicate modules (JS bundles) from multiple sources.
  • Serve images in next-gen formats – convert images to WebP format using a plugin and enable WebP caching in WP Rocket’s Media settings if you’re using it.
  • Serve static assets with an efficient cache policy – if using WP Rocket, edit your .htaccess and change your image’s and font’s cache expiration from 4 months to 180 days (or 6 months). If using Cloudflare, set the cache expiration to 6 months.
  • Use video formats for animated content – convert any animated GIFs to video.
  • User timing marks and measures – get additional metrics in PSI and Chrome DevTools by adding the User Timing API. This is not a pass/fail test; it simply provides additional speed data used for pinpointing where time is being spent.
  • Uses passive listeners to improve scrolling performance – some themes/plugins use ‘”addEventListener” (modify it to be passive). There is also an issue with a WordPress core script (js/comment-reply.min.js) creating non-passive listeners.


24. Resources

If you’re looking to do it yourself, join the Facebook Groups I recommended and search for solutions. Plenty of people have already asked questions about improving specific items in PSI, hosting recommendations, cache plugins, CDNs, etc. There’s a gold mine of information there.

Facebook Groups

Facebook Group Search

Hire A Developer

  • WP Johnny is my go-to guy (although he’s very busy). You should at least reach out and try to squeeze a spot in with him. He’s currently removing Elementor for me and has amazing attention to detail, testing everything along with way and fixing issues I didn’t know I had.
  • I also work with bdkamol on freelancer.com. Here’s his portfolio. He lives in Bangladesh so there’s a time difference if you’re in the US, but Pronaya and I have been working together since 2012. He has a perfect 5 star review on his Freelancer profile with over 50+ reviews.

WP Johnny Speed Service

That’s all folks!

Really hope this helped. Drop your new scores + load times in the comments. Please include your GTmetrix report URL and NOT a link to your website, otherwise it will be marked as spam.


About Tom Dupuis

Tom Dupuis 2017Tom Dupuis writes WordPress speed and SEO tutorials out of his apartment in Denver, Colorado. In his spare time, he plays Rocket League and watches murder documentaries. Read his bio to learn 50 random and disturbing things about him.

Notify of
Oldest Most Voted
Inline Feedbacks
View all comments