Security Plugin – Site Speed

Home Forums WordPress Security Plugin – Site Speed

This topic contains 21 replies, has 1 voice, and was last updated by   Peter Wootton .

  • Author
    Posts
  • #3980

    Michelle Thomas
    Member

    Does installing a security plugin cause your website to slow down?

  • #3981

    Peter Wootton
    Keymaster

    Depends on the plugin. Some are bloatware and should be avoided, no matter how good the sales pitch.

  • #3982

    Peter Wootton
    Keymaster

    I’m using a economy / starter plan of SiteGround.. I installed Sucuri security plugin and felt that the site got slow.. this time it’s deactivated at my website.. what do you say about Sucuri ?

  • #3983

    Peter Wootton
    Keymaster

    Could very well be the reason yes. In general, the more plugins you add, the slower the website gets. Which security plugin are we talking about here?

  • #3984

    Peter Wootton
    Keymaster

    Sucuri

    • #3985

      Peter Wootton
      Keymaster

      That’s a light one, I doubt that is the reason. Try to remove unnecessary / unused plugins, minify css/js, clear out junk files

    • #3986

      Peter Wootton
      Keymaster

      Yea I’m already using a minification and cache plugin.. Can you recommend me any other security plugin or should i go with the same ? Currently I have this deactivated

    • #3987

      Peter Wootton
      Keymaster

      See how iThemes security (free or fee) or WebARX (fee) works for you. Both are excellent… as is Sucuri, of course, but maybe one of the other two will work better for your set-up.

    • #3988

      Peter Wootton
      Keymaster

      Try “all in one wp security”. That said, if you developed the website well and have all security measures taken into account when developing, you don’t really need a security plugin. Especially if you’re always maintaining the website.

    • #3989

      Peter Wootton
      Keymaster

      I am using a #PaidTheme and hosting is from #SiteGround… is that fine? I am not much into coding just using WordPress GUI…

    • #3990

      Peter Wootton
      Keymaster

      Yes both are great. I know siteground is considered up there for hosting wp websites.

      That said, do you know if you’re on a shared hosting plan, what CPU, RAM, bandwidth you have?

    • #3991

      Peter Wootton
      Keymaster

      I am having the starter plan…

    • #3992

      Peter Wootton
      Keymaster

      Depending on the size of the website and the amount of resources it uses, the hosting plan could be a factor in speed too.

      Feel free to PM me the website so I can take a look at what it could be

    • #3993

      Peter Wootton
      Keymaster

      ok sir.

  • #3994

    Peter Wootton
    Keymaster

    Try Malcare, they sync your site to their server, and therefore their scan won’t affect your site’s performance. Great product!

    • #3995

      Peter Wootton
      Keymaster

      okay sir

  • #3996

    Peter Wootton
    Keymaster

    Low cost hosting plans usually do not have the resources to allow file scans to run without a performance hit.

    Disable any file scanning or file change detection and see if the site speeds up.

  • #3997

    Peter Wootton
    Keymaster

    First of all, why do you need the security plugin? If you need it because you can’t keep up with the updates, try something that helps you automate this. If you’re having issues with bruteforce attacks and bot traffic, you should look for WAF instead. If you’re a having bunch of websites you need to keep protected, look for security monitoring.

    There are few types of products you could choose:
    1) Just a plugin which helps you harden the wordpress installation, it often does the same things that you could already do from WP installation and they can get your site fairly slow depending on the traffic you have. The main reason is high number of .htaccess rules etc.

    2) CDN based WAF (like Sucuri, Cloudflare, StackPath etc.) which will direct all traffic from your domain to their servers and serve cached version of your site (to increase speed). With CDNs, there is often an issue that the site can also be accessed directly via IP and therefore the whole Firewall capability can be bypassed.

    3) Onsite WAF, which means that the firewall will be executed on the site itself. Similar to mod_security, fail2ban etc. modules which can be installed to the server, but you can run similar capabilities also as an integration to application. This means that the firewall will be built within your application and you don’t have to rely on third party service downtimes etc.

    4) Managed Hosting, I will also mention this here, because many of those service providers have actually included security on the server level and try to do everything they can to make it as easy and intuitive as possible to keep all the plugins etc. updated on your sites (outdated plugins are biggest security issue with WP sites).

    Obviously, I’m slightly biased. We are building WebARX as a website security platform, but not just for WordPress but also for any PHP application. We are a mix of 1) 3) and 4). While we have a WordPress plugin which allows you to enable 2FA, Recaptcha, and even change the /wp-admin/ location etc, our main strength is the on-site WAF which can be installed on any PHP application (WordPress plugin is automatically installing it) and it’s protecting you from OWASP top10 web application vulnerabilities and is getting daily updates to keep the site safe depending on the software (plugins) your site has installed. WebARX also allows you to up-time monitor, do domain reputation checks and update software on your site directly via WebARX dashboard. We are building it mainly for digital agencies to keep their client portfolio safe and monitored, but you could try it out since it has a free trial.

    TLDR; Figure out why exactly do you need a security product for your WordPress site and choose accordingly.

    • #3998

      Peter Wootton
      Keymaster

      thank you sir

  • #3999

    Peter Wootton
    Keymaster

    It depends, it could.

  • #4000

    Peter Wootton
    Keymaster

    Most plugins use your website server resources. But if you are looking for a security plugin specifically that works outside the box, you can try MalCare. MalCare uses its own server for all security functions, so there is no load on your site from its side. It includes automatic and easy scanning, cleaning, firewall, hardening and login protection. You can check it out at https://www.malcare.com/

  • #4001

    Peter Wootton
    Keymaster

    Not as much as malware and DDOS attacks… Configured properly of course.

You must be logged in to reply to this topic.