WooCommerce: 11 Performance, Security, and Scalability Tips

WooCommerce websites need to be operational at all times: they must load quickly, be secure, and handle large traffic spikes. 

Achieving this can be a daunting task without the right strategy and expertise, particularly when dealing with a high number of visitors, as a single problem can result in hours of downtime and lost sales.

In this article, our special guest Martin Ronfort, founder of Dr Tech,  will share an overview of the strategies and processes that you can apply to your WooCommerce store and grow with ease

At Dr Tech, in fact, they manage thousands of WooCommerce stores – ranging from small businesses that are just starting out to stores with millions of requests and significant marketing campaigns – and deal with all the technical aspects such as hosting, loading speed, security, updates, backups, uptime, and scalability.

Let’s go, Martin! 

Performance Optimization 

1. CDN

Let’s start directly with the biggest optimization you can do. If you don’t use a CDN yet, this is what will bring you the biggest benefits in terms of loading speed.

If you don’t know what a CDN is a Content Delivery Network is a network of servers located in different parts of the world that work together to deliver website content to users more quickly and efficiently. When a user requests a webpage or file from a website, the CDN automatically redirects the request to the nearest server in the network that can deliver the content. This not only reduces the load on the website’s server but also decreases the amount of time it takes for the content to reach the user, resulting in faster page load times and a better user experience.

Dr Tech uses Cloudflare for four essential tasks: content offload, image optimization, minification, and full-page delivery.

Content offload

By offloading your JS, CSS, and images to the CDN and caching them there, all these files will be served from the CDN’s servers and not from your server. This way, you will significantly increase the loading speed as Cloudflare has datacenters all around the world and will use the closest one to your visitors to serve the content. Also, it will drastically reduce the load on your server, resulting in cost savings (we have seen stores caching 80%+ of their requests on the CDN!).

Image optimization

Cloudflare’s built-in image optimization tool automatically converts your images to WebP, reducing their size at the same time.

Minification

We recommend using Cloudflare for minification instead of your caching plugin as it is more effective. However, be cautious with minification as it can potentially break your website (it depends on the theme and plugin you use). So make sure you test your online store during a few days after you implement it to make sure it is working fine for you. If it does not work properly, just deactivate it.

Full Page Delivery

This is how you can achieve a loading time of under 1 second and a TTFB of under 100ms. The idea is to cache the entire page on the CDN. When a visitor visit your store, the full page is loaded directly from the CDN’s servers, and 0 requests go to your server. Cloudflare has servers all around the world, which means that your content will be served to your visitors from a server close to them! And as it is static content, your website will load super fast 🙂

2. Hosting

To run a WooCommerce store efficiently, avoid cheap shared hosting services that cost just a few dollars per month. Even with your best efforts, you won’t have enough resources to ensure fast loading speeds and reliability. While they may suffice for small websites or blogs, they are not suitable for eCommerce – they simply lack the power required for eCommerce.

Another issue to consider is the complexity of migration, especially in eCommerce where customers visit your site and potentially buy your product at all times. Migration requires downtime, which means that once you outgrow these small servers, you will need to migrate to a larger server. Doing so will require taking your website offline, potentially leading to lost sales and negatively impacting your business.

Instead, we recommend using a server that is:

  • Optimized for WooCommerce
  • Flexible to allow you to increase resources (CPU, RAM and storage) as you grow, thus avoiding the need for migration. This is called vertical scaling, and we will talk more about it in the part about scalability.

3. Caching

At Dr Tech, we use the W3TC plugin for caching (the free version is enough), but you could use another caching plugin – in fact, as most of the performance optimization is done by the CDN, it does not really matter which plugin you use. W3TC and the other caching plugins are very complex. However, we only use two features: Page Caching and CDN.

Page Caching

When implementing page caching, make sure to exclude any pages that should not be cached. For example, SEO plugins like Yoast can cause problems if the sitemap is cached (we had this issue on Dr Tech). All WooCommerce pages should already be excluded by default, including cart, checkout, and my account. To ensure everything is working correctly, enable page caching and test your site. If any issues arise, exclude the problematic page from caching.

CDN

It is the CDN feature of your caching plugin that will put all your static files (JS, CSS, and images) on the CDN. You will need to do the configuration on your CDN as well to enable the caching of those files. 

4. Managing your code

To achieve optimum performance, it is essential to ensure that the themes and plugins you use are well-coded and follow WordPress’s best practices. If they do not, it is better not to use them at all. 

Moreover, if the plugin or theme you want to use does not follow WordPress’s best practices, you will have issues with updates and security later in your eCommerce journey.

To accomplish this, you can either hire a skilled developer who possesses knowledge of it, or gain more insight on the subject through WordPress and WooCommerce documentation. Everything is well described.

At Dr Tech, to ensure that everything works, we verify the code of all plugins and themes before making them available to Dr Tech users. If they do not follow WordPress’s best practices, we simply do not include them. Whenever possible, we offer suggestions to developers on how they can improve their code, wait for them to fix it, and then add it 🙂

Data Optimization

The idea here is simple: things that you do not need on your website should not be on your website. Either you should delete it, or maybe it should never have been added in the first place. Any unnecessary data increases your storage usage (you pay for it), your CPU and RAM usage (you pay for it too), and slows down your database. So you always want your online store to be as small as possible.

5. Use a staging site

First, you should use a staging site. There, you can test new themes, plugins, custom code, or anything you want. And only once you are sure that you will use them, add them to your main site. Never test things on your main site.

This is because plugins and themes add a lot of data to your website and almost none of them clean their own data when you delete them. WordPress has no cleaning feature to remove the data of a plugin that you just installed for 2 minutes and delete instantly. Its data will be in your online store forever.

6. Removing old and unused data

Even if you try to be careful not to add any useless data to your store, you will still have some. For example, post revisions. They are old versions of your pages, blog articles, products, and other types of content on your online store that are kept automatically as backup. This can be useful sometimes, but once your content is published for a few weeks – chances are that you don’t need these backups anymore. Also, by default, WordPress will keep an unlimited number of revisions for all your posts, and you probably don’t need that much. Thankfully, you can just add one line of code in your wp-config file to limit the number of revisions that WordPress will keep (you can keep 5, for example) : 

define( 'WP_POST_REVISIONS', 5 );

Revisions are one type of data that you want to remove; anything that you don’t use should be deleted to ensure maximum performance. And especially if it is in your database!

Security

For our own Dr Tech security purposes, I can’t tell you everything that we do to protect our infrastructure. But below are some best practices that we can share with you.

To start, we can say that it is much easier to build good practice, good process, and good habits when you are small and there is no pressure. If you have a security issue, it will be a very high-pressure moment – and fixing things is way harder than prevention!

7. Don’t give people access to your site

It’s a common practice in the WordPress community for developers to request your WP admin or FTP credentials. While I acknowledge that it can be a quick solution to help you, granting this access gives them full power over your store – they can access your files, data.. everything. Though most individuals have good intentions, security starts with establishing healthy practices. Therefore, it’s crucial to never disclose your admin password and refrain from allowing anyone external to your team to modify any code that you don’t understand or haven’t inspected.

Instead, it is better to ask for guidance and perform the task yourself.

You can also use your staging site and make developers work there. Then, you can review the changes and apply them to your primary site on your own.

8. Review your code

The reason why you don’t want people to access your code is that there are plenty of potential vulnerabilities. For example, backdoors are one of the most common vulnerabilities. These backdoors provide outsiders with unauthorized access to your site, allowing them to do anything from stealing data to taking control of your entire site. It’s crucial to ensure that your code is free from backdoors and other vulnerabilities.

So if you need to hire external developers, and it’s the same if you install a new theme or a new plugin, you need to take some precaution. Even if they have no bad intentions, they may lack the necessary experience, knowledge, or attention to detail to avoid creating serious vulnerability issues. It’s always best to have an experienced professional in your team to review and verify everything.

Also, even if your store is currently small and unappealing to attackers, it’s essential to remain vigilant and ensure that your site remains secure as it grows. Building good security habits early on is much easier than trying to fix things when attackers have already found vulnerabilities.

9. Add tools: WAF, DDOS, and brute force protection

WAF

A WAF (Web Application Firewall) is a security tool that helps protect websites from malicious attacks, such as SQL injections and cross-site scripting. It acts as a filter between the website and the internet, inspecting incoming traffic and blocking any harmful requests.

For your eCommerce store, a WAF is especially important because it helps prevent attacks that could compromise sensitive customer data, such as credit card information.

DDOS Protection

A DDOS or Distributed Denial of Service is a type of cyber attack where multiple systems flood your website with traffic, overwhelming your server and causing it to become unavailable to legitimate users. This type of attack is often carried out by hackers or other malicious actors as a way to disrupt or shut down a website or online service.

Without DDOS protection, a successful attack could result in significant downtime, lost sales, and damage to the reputation of the business. DDOS protection can help to mitigate the impact of these attacks by detecting and blocking malicious traffic before it can overwhelm your online store.

Brute Force Protection

A brute force attack is a type of cyber attack in which an attacker tries to guess a user’s password by repeatedly trying different combinations of characters until the correct one is found. This type of attack can be very effective if there is nothing to block them on your online store. You should also employ strong passwords and use security measures such as two-factor authentication and rate limiting to limit the number of login attempts. You should also not use a very simple pseudo as your admin log in, do not use “admin” 🙂 

Scalability

Congratulations on launching your store and having an increase in sales and traffic! Now that your store grows, so must your server infrastructure. There are two ways to scale your infrastructure: vertical scaling and horizontal scaling (also known as multi-server infrastructure).

10. Vertical Scaling

Vertical scaling is simple. When you need more resources, you increase your server’s specifications by adding more RAM, CPU, and storage. Then, you are good to go until you need to do this again.

This solution works until you reach the maximum capacity of your server. Unfortunately, vertical scaling is not infinite, physical machines that host your store have limitations. This is when scaling becomes complicated, and you must migrate to a multi-server infrastructure.

Also, one more reason to not use a cheap server : it will only lead to reaching its maximum capacity faster and requiring migration to a larger server. This migration will cause downtime, which you want to avoid. Starting with a good server that has the potential to scale as big as possible will save you time and effort.

11. Horizontal Scaling : Multi-Server Infrastructure

With a multi-server infrastructure, you can expand your business without worrying about resource limitations, and you can handle high spikes in website traffic with ease. As your needs grow you can simply add more servers, or remove them when they are no longer needed. 

Ideally, you would want to start from the beginning on a multi-server infrastructure. But because it’s more complex and more expensive, most businesses start by scaling vertically. However, there will come a point where a single server can not handle the traffic and a team with specialized skills will be required to create and maintain a multi-server setup for continued growth.

I would recommend to consider this option early on, well before reaching the server’s maximum potential if you do vertical scaling. This will help avoid any limitations and allow for a smooth and stress-free planning process for the new setup !

Bonus 

A multi-server infrastructure will greatly improve uptime. With the ability to have multiple servers, you can have standby servers ready to take over in case of a failure. By using a load balancer, you can distribute traffic between servers and automatically stop sending traffic to a server that is not functioning properly. This creates a much more stable infrastructure for your business.

At Dr Tech, this is what we do. We put your store on a multi-server infrastructure from the very beginning, and use load balancers to ensure that your store can grow and handle large amounts of traffic without any resource concerns.

Conclusion

Performance, security and scalability are as important as the quality of the products you sell on your WooCommerce website.

You can have the best product on the market, but if you let down your customers because your WooCommerce website is not optimized, you can miss out on a lot of potential revenue (the same applies to the opposite! If you have the best and most optimized WooCommerce website on the planet but you sell a product that no one wants or likes, you’ve wasted your time and money investment).

It’s now up to you to take action on your own WooCommerce website and making it faster, more secure, and able to work well with traffic spikes.

If you don’t want to implement these strategies on your own, you can always migrate your website to Dr Tech, so that you can concentrate on growing your business, while they handle everything else. They’re currently offering a free 7-day trial and then only $1/month for the next 3 months. Learn more on Dr Tech website.

Related content

Rodolfo Melogli

Business Bloomer Founder

Author, WooCommerce expert and WordCamp speaker, Rodolfo has worked as an independent WooCommerce freelancer since 2011. His goal is to help entrepreneurs and developers overcome their WooCommerce nightmares. Rodolfo loves travelling, chasing tennis & soccer balls and, of course, wood fired oven pizza. Follow @rmelogli

Leave a Reply

Your email address will not be published. Required fields are marked *