Shares 14

Performance & Security is two essential metrics for online business success.

If your website is not loaded in less than 3 seconds, then you may be losing potential revenue and missing a higher search engine ranking.

Similarly if not secure enough then you are giving an opportunity to the hacker to take down your website for reputational & business loss.

When we talk about performance optimization, we always hear to enable the compression, minify the files, enable caching, use lightweight code theme/templates/plugins/extensions, etc.

And for security, you hear about using security plugins, don’t use old components, implementing web application firewall, etc.

They are fine, and along with above, you can consider the following.

These apply to any platform website like WordPress, Joomla, Magento, Drupal, Node.js, etc.

Let’s see what you have already and what not.

 

Enable IPv6

IPv6 is faster over IPv4. LinkedIn found 40% improvement in Europe and Facebook around 10-15% by accessing over IPv6.

Look at the IPv6 adoption graph globally by Google.

Approx. 15% of users connecting to Google is over IPv6, and there are around only 10% of a website has IPv6 enabled.

Cloudflare found web pages having IPv6 enabled load time is 27% less than IPv4.

Does your website has IPv6 enabled?

Not sure, test it online.

In case it’s not then here is how you can do it.

Most of the CDN provider like Cloudflare, Incapsula, CacheFly, AKAMAI offer IPv6 so check the control panel to enable them.

If using  Cloudflare, you can enable by going to “Network” tab.

If not using CDN and hosting on VPS like Linode, DigitalOcean, etc. then refer this to allow IPv6 in Nginx and Apache web servers.

Having IPv6 doesn’t harm anything and would be fun for a quick win of around ~10% decrease in page load time.

Accelerate Content Loading with HTTP/2

HTTP/2 is the latest HTTP protocol introduced in 2015.

http-protocol-history

It has many significant performance advantages.

  • Server push
  • Can load page elements in parallel over a single TCP
  • Header compression
  • Low latency

HTTP/2 can help you to optimize the content delivery by having multiple elements loaded over single TCP and server push mechanism.

By looking at the demo, HTTP/2 is around seven times faster than HTTP/1.1. You can expect to decrease page load time by up to 30 to 40%.

HTTP/2 is used by around 11% of all the websites.

First thing first, checks if your site has HTTP/2 enabled already.

If not then, this can be enabled on your web server or edge network. If you are using CDN like Cloudflare, Incapsula, MaxCDN, KeyCDN, etc.however, then you can enable HTTP/2 in their control panel.

One thing to note here, HTTP/2 support over HTTP (non-SSL However, currently all the browser support HTTP/2 over HTTPS.

In another word, you must have your website accessible over HTTPS (like https://example.com) to take advantage of HTTP/2 protocol.

HTTP/2 is also supported on some shared hosting like SiteGround. However, if you are hosting on your own, then you may checkout this guide how to enable in Apache, Nginx.

Protect Your Domain with DNSSEC

Add an additional layer of security protection for your domain by enabling DNSSEC (Domain Name System Security Extensions) protocol.

Originally, DNS was designed to be a scalable distributed system, and security was not considered. DNSSEC add cryptographic signatures to DNS record and it is used to verify the request if comes from authoritative name server or fake.

You need to enable DNSSEC with the domain registrar  or service who manage the DNS records.

If you are using CloudFlare, then you can enable DNSSEC by going to “DNS” tab.

Alternatively, you can use premium DNS by Namecheap who supports DNSSEC. Once you secured your DNS data with DNSSEC, you can perform an online test to verify your domain is enabled with DNSSEC.

Go HTTPS (Enable SSL Certificate)

HTTPS is the big push from Google and much large organization to make the Internet safer and better. Lately, Google mentioned HTTPS is one of the searches ranking signal so go ahead and implement SSL certificate on your website.

Making your website accessible over HTTPS ensure data is encrypted from user’s PC to the web server or network edge.

If you are a blogger or not having confidential transaction through your website, then you may consider using FREE SSL certificate by Let’s Encrypt or others.

If possible try to offload SSL handshake at network edge by implementing CDN like MaxCDN, CloudFlare, AKAMAI, etc.

CloudFlare gives you universal SSL under a FREE plan as well. Once you implement SSL don’t forget to test the SSL/TLS certificate for the vulnerabilities.

If you are serious (you should be anyway) then you may consider using WAF to protect from OWASP Top 10 vulnerabilities and more.

Enable HSTS

To add an additional layer of security on top of HTTPS, you may consider using HTSTS (HTTP Strict Transport Security).

HSTS header declaration let browser instruct to have all communication over the secure channel (HTTPS) only and prevent protocol downgrade & cookie hijacking attacks.

You can inject HTTP header in response code at your web server however, if you are using CDN then you can enable HSTS at the network edge.

Reduce Page Size by Optimizing Images

Average page size in the world is 2.4 MB, and 64% of them are images.

Images are everywhere and have great scope for an optimization to save the overall page size.

Having smaller page size helps you in many ways.

  • Fast loading web page
  • Less bandwidth cost

There are some tools listed here can help you to reduce the size by optimizing the image file in WordPress, Joomla & standalone.

If you are Cloudflare Pro user, then you may want to take advantage of newly image format called “WebP.”

By serving images in WebP format, you can reduce the picture file size by more than 10% on optimized PNG/JPEG.

I hope above technique helps you to optimize your website for fast loading and add additional security protection.

Shares 14

Reader Interactions

Comments

Your email address will not be published. Required fields are marked *