Performance & Security are two essential metrics for online business success.
Similarly if not secure enough then you are giving an opportunity to the hacker to take down your website for reputational & business loss.
When we talk about performance optimization, we always hear to enable the compression, minify the files, enable caching, use lightweight code theme/templates/plugins/extensions, etc. And for security, you hear about using security plugins, don’t use old components, implementing a web application firewall, etc.
They are fine, and along with the above, you can consider the following.
These apply to any platform website like WordPress, Joomla, Magento, Drupal, Node.js, etc.
Let’s see what you have already and what not.
Look at the IPv6 adoption graph globally by Google.
Approx. 30% of users connecting to Google is over IPv6, and there are around only 16% of a website has IPv6 enabled.
Cloudflare found web pages having IPv6 enabled load time is 27% less than IPv4.
Does your website have IPv6 enabled?
Not sure, test it online.
In case it’s not then here is how you can do it.
Most of the CDN providers like Cloudflare, Incapsula, CacheFly, AKAMAI offer IPv6 so check the control panel to enable them.
If using Cloudflare, you can enable by going to the “Network” tab.
Having IPv6 doesn’t harm anything and would be fun for a quick win of around ~10% decrease in page load time.
Accelerate Content Loading with HTTP/2
HTTP/2 is the latest HTTP protocol introduced in 2015.
It has many significant performance advantages.
- Server push
- Can load page elements in parallel over a single TCP
- Header compression
- Low latency
HTTP/2 can help you to optimize the content delivery by having multiple elements loaded over single TCP and server push mechanism.
By looking at the demo, HTTP/2 is around seven times faster than HTTP/1.1. You can expect to decrease page load time by up to 30 to 40%.
HTTP/2 is used by around 46% of all the websites.
First thing first, checks, if your site has HTTP/2, enabled already.
If not then, this can be enabled on your web server or edge network. If you are using CDN like Cloudflare, StackPath, KeyCDN, etc.however, then you can enable HTTP/2 in their control panel.
One thing to note here, HTTP/2 support over HTTP (non-SSL However, currently all the browsers support HTTP/2 over HTTPS. In another word, you must have your website accessible over HTTPS (like https://example.com) to take advantage of HTTP/2 protocol.
Update: HTTP/3 is a new protocol that is more faster and secure than HTTP/2.
Protect Your Domain with DNSSEC
Add an additional layer of security protection for your domain by enabling DNSSEC (Domain Name System Security Extensions) protocol.
Originally, DNS was designed to be a scalable distributed system, and security was not considered. DNSSEC adds cryptographic signatures to DNS record and it is used to verify the request if comes from authoritative name server or fake.
You need to enable DNSSEC with the domain registrar or service who manage the DNS records.
If you are using Cloudflare, then you can enable DNSSEC by going to the “DNS” tab.
Go HTTPS (Enable SSL Certificate)
HTTPS is the big push from Google and many large organizations to make the Internet safer and better. Lately, Google mentioned HTTPS is one of the search ranking signals so go ahead and implement an SSL certificate on your website.
Making your website accessible over HTTPS ensures data is encrypted from the user’s PC to the web server or network edge.
If you are a blogger or not having confidential transactions through your website, then you may consider using a FREE SSL certificate by Let’s Encrypt or others. If possible try to offload SSL handshake at the network edge by implementing CDN like StackPath, Cloudflare, AKAMAI, etc.
Cloudflare gives you universal SSL under a FREE plan as well. Once you implement SSL don’t forget to test the SSL/TLS certificate for the vulnerabilities.
If you are serious (you should be anyway) then you may consider using WAF to protect from OWASP Top 10 vulnerabilities and more.
To add an additional layer of security on top of HTTPS, you may consider using HTSTS (HTTP Strict Transport Security).
HSTS header declaration lets the browser instruct to have all communication over the secure channel (HTTPS) only and prevent protocol downgrade & cookie hijacking attacks.
You can inject HTTP header in response code at your web server however, if you are using CDN then you can enable HSTS at the network edge. Once activated, don’t forget to test it.
Reduce Page Size by Optimizing Images
The average page size in the world is 2.4 MB, and 64% of them are images.
Images are everywhere and have great scope for optimization to save the overall page size.
Having a smaller page sizes helps you in many ways.
- Fast loading web page
- Less bandwidth cost
There are some tools listed here that can help you to reduce the size by optimizing the image file in WordPress, Joomla & standalone.
If you are Cloudflare Pro user, then you may want to take advantage of a new image format called “WebP.” By serving images in WebP format, you can reduce the picture file size by more than 10% on optimized PNG/JPEG.
I hope the above technique helps you to optimize your website for fast loading and add additional security protection.