This blog is its own story. By this I mean that the posts on WordPress that appear here are actually tested and implemented on the blog itself. So, if the blog works or doesn’t, is usually a confirmation of whether the instructions you find here are proper or not as the case may be. It is quite useful for me at this stage to take stock of the work that has been done so far, this post being an overview of the main actions and configurations done in the last several weeks.
Initially, I set up an AWS EC2 instance and an RDS MySQL instance and installed WordPress using Ubuntu 22.04 and Apache on the EC2 instance and the RDS instance as MySQL server. The process was detailed in this article.
Then, I set up an Amazon ElastiCache instance for Memcached and configured the blog to work with that using the W3 Total Cache plugin.
I changed a number of settings on the server in an attempt to make the WordPress installation more secure. In my tired state, I had some thoughts on the simulation theory which is obviously not related to WordPress, although if the world is simulated, WordPress is also simulated. In any case…
I then looked at some specific Apache and PHP settings on Ubuntu 22.04, from a security and performance point of view.
Design, CDN and other changes
It was time to look at the design of the site, and while I didn’t have courage or time to change to a whole new theme, I added some Adobe Fonts to the default WordPress theme (Twenty Twenty-Three), which I think makes for a pleasant change. In the process, I discovered that the fonts look better on Chrome/Edge than on Firefox (on Windows 11), although why this is the case I have not yet had time to check.
In the meanwhile, I found a good deal on some (audio, Hi-Fi) speakers on eBay and having had the speakers delivered I felt I needed to write something about them. Again, not really related to WordPress.
But, just before that, I enabled AWS CloudFront and WAF for the blog, which I thought was a bit of an overkill since this is a blog of 10 pages, but it is an experiment in any case, so it was done. WAF and CloudFront caused multiple headaches and website outages, partly because for some reason I decided to disable Indexes in the main .htaccess access for the WordPress site (which I have now removed). But it is still active and functional, although WAF is in monitoring mode for now.
I also installed the Yoast SEO plugin, which I found useful in generating sitemaps and providing other content-related functionality. It seems to work quite well, i.e., causing no major technical issues on its own. As I tried to hide admin user information earlier, I sought to do the same in the Yoast configuration when I saw it exposing this info in the source code. However, Flipboard is still displaying the original author name somehow (in spite of all my efforts).
Next, then, I updated some Ubuntu server settings to improve security in line with the CIS Benchmarks. I was surprised by how easy, fast and comprehensive the process is.
I also tried various plugins, in addition to Yoast SEO mentioned above. Akismet is obviously extremely useful in protecting the site from the flood of spam comments. Code Block Pro was great in generating the nice code blocks used throughout the posts on the site. I used the free version but the paid version is accessible (at 12$) and comes with lifetime updates, which is more than I can see for others.
Wordfence Security is a great plugin to improve security, block malicious IPs and enable 2FA on WordPress logins. WP Mail SMTP helped with the useful task of enabling WordPress to send emails. Performance lab was a late addition. It converts uploaded JPG/JPEG images into WEBP format, which is very handy. Too bad there is no support for PNG.
I have also tried Cookie Notice & Compliance for GDPR / CCPA by hu-manity.co. PageSpeed however identified a few issues with it, and in my quest for perfection, I disabled it for now and replaced it with “Cookie banner plugin for WordPress – Cookiebot CMP by Usercentrics” earlier today. Let’s see how that works.
Caching and PageSpeed performance results
Yesterday, I had a major fight with W3 Total Cache. Now, the fault is probably mine and my own strange configurations elsewhere in WordPress, but the plugin was not cooperating well with CloudFront. And when I finally did a test on PageSpeed of the site, with all the crazy stuff enabled (CDN, Memcached, W3 Total Cache, etc.), the Performance result was disappointing as you can see below.
This is the test result for mobile devices, with the desktop one being somewhat better. Yet, it was not what I would have expected with all the optimizations that took place beforehand. So, in my frustration with CloudFront and all, I disabled and then removed W3 Total Cache (as well as ElastiCache/Memcached connectivity), and to my surprise, the PageSpeed results were actually better:
There were some “heavy” images creating much of the bottleneck (so presumably nothing to do with caching), which I tried to fix with the help of the WordPress Performance Plugin. The results were positive:
Then, I thought that it would be nice to see how adding some caching on top of this would work, and so tried the WP Rocket plugin. The only issue is that it doesn’t provide Memcached integration, so that remains a task for another day. I tried to use the Memcached Object Cache plugin but that didn’t work. In any case, with WP Rocket installed and activated, the results improved. Again, these were the results for Mobile devices. At this stage, the performance results for Desktop devices were already in the green.
The next step was to disable the Cookie plugin I mentioned earlier and replace it with the plugin from CookieBot. I also disabled JetPack Search, which I activated earlier and found it quite an improvement to the default WordPress search. However, PageSpeed was reporting one or two issues related to it. With these changes made, here is our final PageSpeed report for now:
Aside from the fact that the new Cookie consent form is taking the whole screen space, the results are pretty decent. I don’t necessarily need to activate AWS ElastiCache at this stage, although, as an experiment, which this is, it would be interesting to see if there is any performance improvement if it at all reported. Probably not though.
This is as far as I’ve got for now. Having this blog functional in spite of the plethora of plugins and configuration changes feels like an achievement in itself. Hopefully, it will stay this way.
November 9 update
In order to enable Memcached, I returned to W3 Total Cache as a plugin but disabled all other caching, which was handled by WP Rocket. Not an easy co-existence though, to the point where I disabled and deleted WP Rocket and switched fully to W3 Total Cache.
Meanwhile, WordPress was updated to 6.4.1 and AWS CloudFront was driving me insane. Having the entire site served through it is probably not a good idea when you are constantly tinkering with it. Anything goes wrong and the entire site goes down.
As a result, I am trying a CDN provider with W3 Total Cache to serve static resources.