Update WordPress
Upgrading to the latest WordPress version will make your website load faster. It also keeps your website secure from any malicious code or content. The newest version of WordPress always comes with extra features and it usually fixes any issues from the previous versions.
Whenever there is a new update available, you will get a notification to update your website on the admin dashboard. The notification has a link to update to the latest WordPress version. It also sends an email to the site administrator about the newest version release.
If you’re not using the latest version of WordPress update now. Make sure you backup your site first!
Update Plugins
Updating your WordPress plugins to the latest versions can often reduce high CPU usage. If you’re running an old version take a moment to update now.
You can go to the Plugins » Installed Plugins page in your WordPress backend (admin area) to update your plugins one by one.
Avoid beta versions of plugins
Whilst it’s cool to be at the cutting-edge, only use stable versions of WordPress plugins. Sometimes early release versions (also known as alpha or beta) can have bugs in the code which can cause CPU spikes.
Install a caching plugin
Caching plugins such as W3 Total Cache and WP Super Cache can dramatically reduce CPU load by caching static copies of your pages on your webspace.
Static files use less CPU and memory. Keeping you within your shared hosting limits.
Disable WP-Cron
WP-Cron manages all the scheduled events in your WordPress site. WP-Cron is a very common cause of high CPU loads as it is called every time someone visits your website.
Disabling WP-Cron and replacing with a real cron job can drastically reduce CPU-load and prevent the chances of your account being suspended due to exceeding your resources.
It can be simply disabled by add command [ define(‘DISABLE_WP_CRON’, ‘true’); ] at “wp-config.php” below line “define(‘DB_COLLATE’, ”);”
Only use plugins you really need
Do you really need that plugin that constantly checks for broken links? – The more WordPress plugins you have installed, the longer your site will take to load
Deactivate and delete any plugin that you don’t need. Aim for just a handful of plugins. This will speed up your site and keep your visitors happy.
If you’ve disabled plugins you don’t need, and still have high CPU usage you’ll need to try debugging each plugin to see if it’s the cause of the CPU spike.
First, make sure you’ve taken a backup of your entire WordPress site (files and database). Now try disabling each plugin one by one until the CPU load has been resolved.
Once you have found the faulty plugin you should hopefully be able to reenable the others without seeing the CPU problems.
Avoid buggy WordPress Themes
A badly written WordPress Theme or one written with demanding features such as server-side image resizing can be CPU intensive. To rule out problems with your WordPress theme try the following:
Check error logs for problems.
Login to cPanel and check the Error logs for errors.
Contact the theme developer and ask if there’s any known issues.
Disable any dynamic features built into the theme such as thumbnail resizing. Some WordPress themes have their own image resizing modules which can cause high CPU usage.
If possible we recommend disabling them in favour of using the more efficient image resizing built into the WordPress core.
Reduce widgets
There may be certain widgets that aren’t essential. Check them thoroughly and remove the ones that may not be beneficial for the readers.
The more widgets you use the more strain you are enforcing on the server. Hence, to lower server load and CPU usage, get rid of unwanted widgets.
Lower PHP or Database calls
PHP scripts and database calls also consume a lot of CPU resources. Caching your sites helps but certain database/PHP calls cannot be avoided.
Hence, you should go through the plugins documentation carefully and disable the unnecessary options.
Lower load on index.php file
At peak hours, your homepage may create a load on your server during the peak hours. To lower this load, ensure keeping your homepage simple.
Try to lower the number of posts on your homepage and remove unwanted files, links and high resolution images. It would be even better if you choose a CDN service like Amazon Cloudfront
Use PHP 7.4
Switching to PHP 7.4 can dramatically speed up your WordPress website, reducing loading time and freeing up CPU and memory.
We recommend testing a staging version of your website with PHP 7.4 before changing the production version. Kindly, check our Knowledgebase on how you can change your PHP version from cPanel–> MultiPHP Manager
Disable XML-RPC upload
Add below rules at .htacess to prevent xmlrpc.php. This may prevent xmlrpc.php attack to your domain.
# Block WordPress xmlrpc.php requests
order deny,allow
deny from all
Restrict WordPress Admin Area
Please follow the link to secure admin area.
https://www.afeeshost.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/
Protect the wp-config.php file
If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:
order allow,deny
deny from all
Change the permission of wp-config.php to 0400
Disallow file editing
If a user has admin access to your WordPress dashboard they can edit any files that are part of your WordPress installation. This includes all plugins and themes.
If you disallow file editing, no one will be able to modify any of the files – even if a hacker obtains admin access to your WordPress dashboard.
To make this work, add the following to the wp-config.php file (at the very end):
define(‘DISALLOW_FILE_EDIT’, true);
Secure wp-includes
The wp-includes folder houses WordPress core files that nobody should have the need to tamper with. To make absolutely sure it doesn’t happen, use the following code at .htaccess.
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]