Performance & Security is two essential metrics for online business success.
Similarly if not secure enough then you are giving an opportunity to the hacker to take down your website for reputational & business loss.
When we talk about performance optimization, we always hear to enable the compression, minify the files, enable caching, use lightweight code theme/templates/plugins/extensions, etc.
And for security, you hear about using security plugins, don’t use old components, implementing web application firewall, etc.
They are fine, and along with above, you can consider the following.
These apply to any platform website like WordPress, Joomla, Magento, Drupal, Node.js, etc.
Let’s see what you have already and what not.
Look at the IPv6 adoption graph globally by Google.
Approx. 15% of users connecting to Google is over IPv6, and there are around only 10% of a website has IPv6 enabled.
Cloudflare found web pages having IPv6 enabled load time is 27% less than IPv4.
Does your website has IPv6 enabled?
Not sure, test it online.
In case it’s not then here is how you can do it.
Most of the CDN provider like Cloudflare, Incapsula, CacheFly, AKAMAI offer IPv6 so check the control panel to enable them.
If using Cloudflare, you can enable by going to “Network” tab.
Having IPv6 doesn’t harm anything and would be fun for a quick win of around ~10% decrease in page load time.
Accelerate Content Loading with HTTP/2
HTTP/2 is the latest HTTP protocol introduced in 2015.
It has many significant performance advantages.
- Server push
- Can load page elements in parallel over a single TCP
- Header compression
- Low latency
HTTP/2 can help you to optimize the content delivery by having multiple elements loaded over single TCP and server push mechanism.
By looking at the demo, HTTP/2 is around seven times faster than HTTP/1.1. You can expect to decrease page load time by up to 30 to 40%.
HTTP/2 is used by around 11% of all the websites.
First thing first, checks if your site has HTTP/2 enabled already.
If not then, this can be enabled on your web server or edge network. If you are using CDN like Cloudflare, Incapsula, MaxCDN, KeyCDN, etc.however, then you can enable HTTP/2 in their control panel.
One thing to note here, HTTP/2 support over HTTP (non-SSL However, currently all the browser support HTTP/2 over HTTPS.
In another word, you must have your website accessible over HTTPS (like https://example.com) to take advantage of HTTP/2 protocol.
Protect Your Domain with DNSSEC
Add an additional layer of security protection for your domain by enabling DNSSEC (Domain Name System Security Extensions) protocol.
Originally, DNS was designed to be a scalable distributed system, and security was not considered. DNSSEC add cryptographic signatures to DNS record and it is used to verify the request if comes from authoritative name server or fake.
You need to enable DNSSEC with the domain registrar or service who manage the DNS records.
If you are using CloudFlare, then you can enable DNSSEC by going to “DNS” tab.
Go HTTPS (Enable SSL Certificate)
HTTPS is the big push from Google and much large organization to make the Internet safer and better. Lately, Google mentioned HTTPS is one of the searches ranking signal so go ahead and implement SSL certificate on your website.
Making your website accessible over HTTPS ensure data is encrypted from user’s PC to the web server or network edge.
If you are a blogger or not having confidential transaction through your website, then you may consider using FREE SSL certificate by Let’s Encrypt or others.
If possible try to offload SSL handshake at network edge by implementing CDN like MaxCDN, CloudFlare, AKAMAI, etc.
If you are serious (you should be anyway) then you may consider using WAF to protect from OWASP Top 10 vulnerabilities and more.
To add an additional layer of security on top of HTTPS, you may consider using HTSTS (HTTP Strict Transport Security).
HSTS header declaration let browser instruct to have all communication over the secure channel (HTTPS) only and prevent protocol downgrade & cookie hijacking attacks.
You can inject HTTP header in response code at your web server however, if you are using CDN then you can enable HSTS at the network edge.
Reduce Page Size by Optimizing Images
Average page size in the world is 2.4 MB, and 64% of them are images.
Images are everywhere and have great scope for an optimization to save the overall page size.
Having smaller page size helps you in many ways.
- Fast loading web page
- Less bandwidth cost
There are some tools listed here can help you to reduce the size by optimizing the image file in WordPress, Joomla & standalone.
If you are Cloudflare Pro user, then you may want to take advantage of newly image format called “WebP.”
By serving images in WebP format, you can reduce the picture file size by more than 10% on optimized PNG/JPEG.
I hope above technique helps you to optimize your website for fast loading and add additional security protection.