I’ve been a fan of WordPress for quite some time. In fact I’ve been using the CMS since 2005. Up until recently I haven’t had many issues running WordPress aside from a few heavy plugin snags.
Well about 2 months ago I started the task of making WordPress run more efficiently or at the very least lighter. Here’s a serious list of things to try if you’re site begins spiking.
How to Make WordPress Run Better
1. Install WP Super Cache – First and foremost you should be running the wp-supercache plugin. IMHO this should be a core part of the WordPress platform, but until it is you’ll have to install this one yourself. This plugin creates an html file out of served pages that is much smaller than it’s php doppelganger.
2. Remove Heavy Plugins – Some of the plugins written for WP while value adding are often heavy draws. One of the ways to find some of your heavier plugins is with the Plugin Hog Detecor. This will help you pin point offending plugins.
One of the things that makes plugins heavy is the number of queries made to your database. This article here will help you determine how many queries are being run every time someone accesses a page on your website.
3. Delete old SQL prefixes – Over time your sql database will start to accumulate more and more unused sql tables. You may uninstall a plugin while it’s table info is still saved in your database. By logging into phpMyAdmin and removing old plugin prefixes you can speed and streamline your database performance.
4. Remove large files – This one is a no brainer, but some times when you’re too close to the problem it’s hard to see the forest for the trees. Make sure there aren’t any outside sites serving a large media file from your server. If you really must serve up video create your own to be hosted on Youtube or track something down. Chances are whatever you are looking for is already there.
5. Use phpMyAdmin to optimize your database – Log in to phpMyAdmin, select all the tables, then, “repair”, and, “olptimize”.
How to Make WordPress Run Safer
1. Keep your WordPress version up to date – Aside from compatibility issues WP releases are filled with new security fixes. As Wordress is constantly evolving so are the ways it is exploited. In an effort to stay ahead of the hackers always try to keep the most up to date version of WordPress running for the best possible security coverage.
2. Disallow Access to WP Core Files With .htaccess – It’s a good idea to keep curious bots out of parts of your site such as wp-admin, wp-content, etc. This can be done with your .htaccess file by banning access to these directories. Get more info about manually altering your .htaccess file here. Or give the AskApache Password Protect plugin for WordPress here.
3. Update your login information – Never use, “admin”, as your login username. WordPress sets this by default. So do many other CMS’s and scripts out of the box.
To assign a new WordPress username, login to your control panel and create a new user. Then set this profile as an administrator. For this user provide a password that is harder to crack than your birthday date or local address. Make sure your password contains both upper and lower case letters. Be sure to inlcude alpha numeric characters as well as qwerty symbols. It may be hard to remember, but it’s also harder to crack. It’s also not a bad idea to update this information every so often.
WordPress Security Plugins
Ask Apache Password Protect – Password protect sections of your website with this plugin.
Bad Behavior – Deny automated spambots access to your PHP-based Web site.
Close old posts – Closes comments on old posts on the fly, without any DB queries. By default it’s 14 days, change that setting by editing the plugin file.
Disable Revisions – Disable revision functions in WordPress and delete all entries of revisions in database.
WordPress Exploit Scanner – Scans your WordPress site for possible exploits.
WP-Spamfree – An extremely powerful anti-spam plugin that virtually eliminates comment spam. Finally, you can enjoy a spam-free WordPress blog! Includes spam-free contact form feature as well.
WP Security Scan – Scans your WordPress installation for security vulnerabilities and suggests corrective actions.
Simple Captcha – A CAPTCHA for your comment system to prevent unwanted spams. Prevent automated spams by bots and most important naughty peoples. It’s simple and yet secure.
Some Free Handy Web Tools
Page Load Test from Pingdom. This free tool will tell you which parts of your site are running slower than others.
Website Grader Website Grader provides a decent report of where your website needs the most help.
About Me: Nate Balcom is a web designer and social media guru with over 11 years of experience in the web industry. He specializes in web design and development, SEO and social networking. You can follow him on Twitter here. 
Nate Balcom on 
After all the craziness you have endured trying to keep this site up, we have both learned more about security than I would have ever thought we needed to know. Now i am crossing my fingers that neither of us will need to further this education!
The “number of queries” code can be left in the footer of your blog, just wrap it in HTML comment tags: i.e. <!– php code goes here –>. That way you can check it anytime without having every visitor see it, and without having to remove or comment it out after looking at it.
Also, the Debug Queries plugin can also help you identify bottlenecks:
http://wordpress.org/extend/plugins/debug-queries/
I think you’re making a mistake with the Google XML Sitemaps plugin settings. The whole benefit of using WordPress and plugins is that you are automating the dynamic building of the site. By disabling automatic rebuilding, you’re defeating the automatic function of the plugin. Sure, it uses memory, but only when you publish and only for a few seconds.
Also limiting the number of posts in the sitemap is bound to screw it up. Because now you have to remember to increase the limit as you add more posts. If you forget, your sitemap is inaccurate and everyone you (automatically) submit it to is getting an incomplete picture of your site.
JP – Since my move to a new host I’ve actually instituted Google sitemaps again. This is for people really trying to optimize.
Google sitemaps is an important one. It’s all about the dynamic xml!
Thanks for all your advice. You’ve been a great help!