I have a site to manage
I checked Google test result it was 40+ 60+ M/D and pingdom 65 time 4.15 sec
Then I used wp- optimize SEMrush autoptimize
Now I have pingdom 95 3.75 sec and Google result 7 and 20:@
and on this site load time crosses 30sec +
The site is https://thecbdoil.online CBD
I have a site to manage
You have a different runtime context than other sites, as you’re selling CBD products, which means you’re site will likely require handling far more attack traffic than real traffic.
I host many of the largest Docuseries projects running right now. Several of these sell CBD based video sets, which eventually drive to CBD oil products like your site.
The CBD oil market is lucrative + many competitors are hiring Bot Farms to attack + take down competing sites, so the following recommendations relate to handling both real + attack traffic, as both increase over time.
Pass along this message to your tech team. Likely the following will make sense to them…
Focus on WPT (WebPageTest.org) first, over Google + Pingdom + GTMetrix.
Fix all problems WPT reports, especially compress your images.
Your running HTTP2 + ALPN, so that’s good.
And your asset #1 serving speed looks odd. Normally I’d expect to see the HTML component serve 100% + then all other assets begin loading.
Since you’re running LightSpeed (hacked up Apache) rather than pure Apache, unsure if this can turn into an issue or note.
I’m running sites with sustained 50K-100K+ requests/minute for hours, using vanilla LAMP + WordPress, so my suggestion is likely you’re better off having your tech team plan on moving to vanilla LAMP.
You’re not using NGINX. Excellent! NGINX only slows down well tuned WordPress sites + adds another layer of code that tends to break in odd ways.
You’re not using any CDNs. Excellent! CloudFlare (and other CDNS) add same problems as NGNIX, for high speed sites.
You’re running inside Kitchen Sink Hosting, so many other sites running on your IP.
If this is your own dedicated machine + all sites are under your control, this is fine.
If other non-related sites are running on your machines… so sites you have no control over for monitoring resource usage + tuning, then best get onto your own dedicated machine as soon as possible.
If you make a move, consider OVH + install Ubuntu Bionic as your OS + point to latest stable PPAs so your entire LAMP Stack runs latest stable code.
- Periodically run slowloris on your machine, attacking your own site.
This is hands down the best way to block DOS/DDOS attacks.
You’ll require setting up Apache + Fail2Ban so Apache can survive long enough for Fail2Ban to notice + block the attack.
Be sure you run FPM PHP, as this is the only way to survive serious attack traffic.
Tighten up your SSL config, as https://www.ssllabs.com/ssltest/analyze.html?d=thecbdoil.online shows your score can be better + your missing HSTS being enabled, which means your site will run slower + be more easily taken down by attack traffic.
Target https://www.ssllabs.com/ssltest/analyze.html?d=davidfavor.com&latest type score, with an A+ along with 4x 100 scores.
- Some of your static assets (.js, .css, images) look like your hosting company is running some sort of bandwidth throttling.
Here’s how to see this.
Refer to the above WPT test + now look at your asset #41, which is a massive image seriously requiring compression + it’s still serving way to slow.
In your hosting this asset takes 4 seconds to serve.
Dropping your images onto one of my servers, time to serve drops to 691ms - 150ms = 541ms.
So 4secs with your hosting + 541ms inside highly optimized hosting.
I’d say moving hosting is one of your top priorities.
This is just what popped up for me, when I took a quick glance at your site.