Update WordPress

Upgrading to the latest WordPress version will make your website load faster. It also keeps your website secure from any malicious code or content. The newest version of WordPress always comes with extra features and it usually fixes any issues from the previous versions.

Whenever there is a new update available, you will get a notification to update your website on the admin dashboard. The notification has a link to update to the latest WordPress version. It also sends an email to the site administrator about the newest version release.

If you’re not using the latest version of WordPress update now. Make sure you backup your site first!

Update Plugins

Updating your WordPress plugins to the latest versions can often reduce high CPU usage. If you’re running an old version take a moment to update now.

You can go to the Plugins » Installed Plugins page in your WordPress backend (admin area) to update your plugins one by one.

Avoid beta versions of plugins

Whilst it’s cool to be at the cutting-edge, only use stable versions of WordPress plugins. Sometimes early release versions (also known as alpha or beta) can have bugs in the code which can cause CPU spikes.

Install a caching plugin

Caching plugins such as W3 Total Cache and WP Super Cache can dramatically reduce CPU load by caching static copies of your pages on your webspace.

Static files use less CPU and memory. Keeping you within your shared hosting limits.

Disable WP-Cron

WP-Cron manages all the scheduled events in your WordPress site. WP-Cron is a very common cause of high CPU loads as it is called every time someone visits your website.

Disabling WP-Cron and replacing with a real cron job can drastically reduce CPU-load and prevent the chances of your account being suspended due to exceeding your resources.

It can be simply disabled by add command [ define(‘DISABLE_WP_CRON’, ‘true’); ] at “wp-config.php” below line “define(‘DB_COLLATE’, ”);”

Only use plugins you really need

Do you really need that plugin that constantly checks for broken links? – The more WordPress plugins you have installed, the longer your site will take to load

Deactivate and delete any plugin that you don’t need. Aim for just a handful of plugins. This will speed up your site and keep your visitors happy.

If you’ve disabled plugins you don’t need, and still have high CPU usage you’ll need to try debugging each plugin to see if it’s the cause of the CPU spike.

First, make sure you’ve taken a backup of your entire WordPress site (files and database). Now try disabling each plugin one by one until the CPU load has been resolved.

Once you have found the faulty plugin you should hopefully be able to reenable the others without seeing the CPU problems.

Avoid buggy WordPress Themes

A badly written WordPress Theme or one written with demanding features such as server-side image resizing can be CPU intensive. To rule out problems with your WordPress theme try the following:

Check error logs for problems.

Login to cPanel and check the Error logs for errors.

Contact the theme developer and ask if there’s any known issues.

Disable any dynamic features built into the theme such as thumbnail resizing. Some WordPress themes have their own image resizing modules which can cause high CPU usage.

If possible we recommend disabling them in favour of using the more efficient image resizing built into the WordPress core.

Reduce widgets

There may be certain widgets that aren’t essential. Check them thoroughly and remove the ones that may not be beneficial for the readers.

The more widgets you use the more strain you are enforcing on the server. Hence, to lower server load and CPU usage, get rid of unwanted widgets.

Lower PHP or Database calls

PHP scripts and database calls also consume a lot of CPU resources. Caching your sites helps but certain database/PHP calls cannot be avoided.

Hence, you should go through the plugins documentation carefully and disable the unnecessary options.

Lower load on index.php file

At peak hours, your homepage may create a load on your server during the peak hours. To lower this load, ensure keeping your homepage simple.

Try to lower the number of posts on your homepage and remove unwanted files, links and high resolution images. It would be even better if you choose a CDN service like Amazon Cloudfront

Use PHP 7.4

Switching to PHP 7.4 can dramatically speed up your WordPress website, reducing loading time and freeing up CPU and memory.

We recommend testing a staging version of your website with PHP 7.4 before changing the production version. Kindly, check our Knowledgebase on how you can change your PHP version from cPanel–> MultiPHP Manager

Disable XML-RPC upload

Add below rules at .htacess to prevent xmlrpc.php. This may prevent xmlrpc.php attack to your domain.
# Block WordPress xmlrpc.php requests

order deny,allow
deny from all

Restrict WordPress Admin Area

Please follow the link to secure admin area.
https://www.afeeshost.com/wp-tutorials/11-vital-tips-and-hacks-to-protect-your-wordpress-admin-area/

Protect the wp-config.php file

If you use a server with .htaccess, you can put this in that file (at the very top) to deny access to anyone surfing for it:

order allow,deny
deny from all

Change the permission of wp-config.php to 0400

Disallow file editing

If a user has admin access to your WordPress dashboard they can edit any files that are part of your WordPress installation. This includes all plugins and themes.

If you disallow file editing, no one will be able to modify any of the files – even if a hacker obtains admin access to your WordPress dashboard.

To make this work, add the following to the wp-config.php file (at the very end):

define(‘DISALLOW_FILE_EDIT’, true);

Secure wp-includes

The wp-includes folder houses WordPress core files that nobody should have the need to tamper with. To make absolutely sure it doesn’t happen, use the following code at .htaccess.

RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ – [F,L]
RewriteRule !^wp-includes/ – [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ – [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php – [F,L]
RewriteRule ^wp-includes/theme-compat/ – [F,L]

This July, Google is updating their Chrome internet browser to expressly inform guests when they’ve arrived on a site that isn’t secure. It’s presumable that other internet browsers will take after their lead with a specific end goal to make a more secure condition on the web.

As the need for online security expands, changes like this could negatively affect your business on the off chance that you don’t make a move to anchor your webpage.

Not exclusively will clients be less sure about working with a site that isn’t anchor, either influencing buys or marking to up for an email list. However, Google is additionally organizing destinations encoding their information to the highest point of the web crawler comes about page. That implies locales that are not anchor will appear at the base, which could affect the number of website visits originating from search.

We should investigate what should you do to ensure your site traffic is secure and abstain from being adversely affected by Google’s progressions.

What Google’s update implies for your business

When Google’s updated internet browser Chrome 68 is discharged in July, clients will know whether the website they’re going by isn’t scrambling activity from the ‘Not Secure’ message in the URL, as demonstrated as follows.

how Chrome 68 internet browser look like

On the off chance that clients see the ‘Not Secure’ cautioning, they will probably avoid entering any data on your site, such as making a buy or notwithstanding agreeing to accept your email list. Another sign is HTTPS toward the beginning of a URL with information encryption, rather than HTTP for a not anchor site. The URL for sites where activity is secured with an SSL will resemble the URL for afeeshost.com demonstrated as follows.

website with ssl certificate url

Clients will likewise be more averse to discover your site once Google rolls out the improvement to their program. In the event that your webpage is as yet not anchor, Google will rank your site bring down on the list items page, influencing your activity and income in the meantime.

Make your site secure with an SSL Authentication

An SSL Certificate remains for a Secure Sockets Layer, which by definition, is the standard security innovation for setting up an encrypted (encoded connect) between a web server and a program. A web server is what an organization or business interfaces with to introduce their site on the web, and an internet browser is the thing that clients use to associate with pages on their telephones or PCs.

To put in straightforward terms, a web server and internet browser fill in as a group to associate your client’s PC to your organization’s site. An SSL Certificate makes it harder for terrible on-screen characters to disturb the data that goes between the program and server. This implies your clients can be sure that any individual data they give is securely conveyed and the data they get from the site isn’t altered.

Why is encryption critical?

Without an SSL Certificate scrambling the information going between your business and your clients, the two gatherings could be in danger. Since littler organizations are probably not going to have a full group chipping away at site security, they are more defenseless against assaults from awful performing artists.

A straightforward SSL Certificate can secure your business by:

Verifying – Approves that clients are conversing with your servers and not somebody putting on a show to be you.

Holding information uprightness – Shields terrible on-screen characters from changing the interchanges between your clients PC and your servers, or notwithstanding infusing undesirable substance into blog entries.

Encoding information – Keeps the information going amongst you and your clients private so a similar awful performing artist can’t build up a profile about you or your clients.

Boosting Web optimization rank – Google has begun to give a slight lift in the positioning of sites that utilization an SSL Certificate

What a basic SSL Certificate doesn’t do:

Distinguish and expel malware

Distinguish and expel site security vulnerabilities

Oversee web index positioning and notoriety

Give a web application firewall

Secure site against DDoS assaults

Encrypt your site activity now to make the web a better place

An encrypted web is a more secure web, for everybody. This helps keep the web a place where thoughts can stream unreservedly, yet it additionally develops your business, by helping your clients trust you.

With a specific end goal to encourage your business and your clients, Afeeshost.com is putting forth free essential SSL to enable clients to keep their organizations developing. In case you’re an Afeeshost client, watch your inbox for more subtle elements on the most proficient method to turn it on for your record.

Encrypt your site activity now with ssl certificate

Keep your clients and your business safe and secure

It’s decent to know the organizations you are conversing with online are the genuine article and not a pantomime. It has some consolation set up to know you’re protected. An SSL Certificate keeps the information going between your clients and your business safe, and after Google discharges Chrome 68 in July, an encoded site will turn out to be considerably more imperative.

Ensure your clients can trust your business website, agree to accept your email list, and can shop online with certainty. It additionally fills in as a sign that your business thinks about security and thinks about clients.

Over 5000 websites get attacked every day. Get SiteLock and secure your website from hackers, viruses and malware. SiteLock is a website security monitoring tool for small and medium-sized businesses, providing a number of benefits and services.  Some of the key benefits are blacklist monitoring, malware detection, vulnerability identification, and virus scanning.  Additional services include domain ownership verification and SSL certificate validation. Read more

As days are passing, encryption is becoming a need for every user sitting online. Many tech giants including Google, Apple and Yahoo! are adopting encryption to serve its users security and privacy at its best, but according to Electronic Frontier Foundation (EFF), the high-tech Web security should not be limited to the wealthiest technology firms.

Read more

Hackers can’t get enough of hacking sites. Malicious on-screen characters break into them to transfer contaminated duplicates of working frameworks or appropriate malware. Fraudsters utilize site vulnerabilities to take touchy accreditations and money related information. The feds bring them over to find tyke porn buyers. Hacktivists bring them down to battle dubious lavatory bills. Furthermore, significantly more. Read more