For superior mobile speed, don’t install any SEO plugin. Ever.

Yes. “Autodescription” is a worthy plugin. It’s benign. We’ve tested it. It’s good for speed. But we don’t advocate SEO plugins. Keep reading to find out why:

★★★★
Autodescription (aka The SEO Framework)

Load time: 0 milliseconds

Autodescription plugin doesn’t do grotesque slow downs like Yoast SEO (from 150 to 240 milliseconds site drag). All SEO plugins consume ever-growing database resources. The plugin authors don’t tell you about that hidden liability.

To migrate the database from Yoast SEO to Autodescription plugin use this helper plugin:

REFERENCE: https://wordpress.org/plugins/seo-data-transporter/

OFFSITE ARTICLE: https://spigotdesign.com/how-to-migrate-from-yoast-seo-to-the-seo-framework/

Do we think SEO tricks alter ranking or increase click thru? We’re unconvinced. It doesn’t move the needle. But site owners desire feeling in control of the uncontrollable page rank and clickthrough.

SEO is as therapeutic as knitting.

We also don’t believe speed affects page ranking more than 1 percent. Yet, we sell information about speed. Speed affects UX. Focusing on user experience and not gaming Google produces a better return on investment. Think about it.

Google used your handcrafted rich snippet?

Big deal. It’s simply not significant compared to a good product offer – or better and more written content that makes people drool. No one can prove  snippets make any difference. There is no quantifiable data or evidence. No expert certification or credible SEO degree. Except from Google, of course.

But if writing *rich* snippets makes you feel good. Do it.

Google chooses – and has the right to accept or reject – your manufactured rich snippet. When they feel it’s worthy or believable, they’ll keep it. But if they don’t, they’ll make their own concoction. You don’t *force* your snippet upon the world with a plugin. Our opinion is Google’s formula-built snippet is better. Why? They claim it’s based on user intent. They predict based on search history, where they just were, and what users hunt for. They use a smart algorithm.

Is that provable? Of course not.

Nothing Google claims or reports is provable with real metrics. They shamelessly imply or even promise site owners empowerment when there is none. It’s a reward (bribe), manipulation, or distraction. Compliance to their proprietary rules is mysterious behavior. Inexplicable. They really don’t want people knowing how they do things. Knowledge of the *real rules* allows site-owner cheating.

Is there “any harm” in writing custom snippets? Yes. Opportunity cost. That simple. It wastes your time. You’ve got bigger fish to fry. The SEO Emperor has no clothes.

MYTH: I’ve installed Yoast, so I’m all set

Sometimes, this statement makes me want to spit out my coffee and laugh; other times, it makes me sad that new bloggers can be so gullible and clueless.

Why?

Because this is an utterly ridiculous statement.

First, some newer bloggers mistakenly think that Yoast “gives them SEO.” And, of course, it doesn’t. In fact, there is no plugin that “gives you SEO.” There is no such thing. Rather the blog posts you write and the activities you do for a post will get you organic traffic. There is no silver bullet and no easy way around this.

Rather, Yoast attempts to measure your SEO. It uses some basic formulas that “check off” some of the boxes. Notice how I say “attempts.” This is because it’s very formulaic. And, also, it’s not very accurate nor predictive. In fact, often it gives you bad advice because it will direct you to do things that will lead to keyword stuffing (which is very bad for SEO) as well as poor writing, and that is bad for user experience. And, if it’s a bad user experience, it’s bad for SEO.

Many people mistakenly think that if they get a green light that their post is SEO optimized and will rank well. This simply isn’t true. Far from it. It’s all based on the keyword phrase that you enter. It does not tell you if that’s a highly searched term nor your chances of ranking for it. And, it’s simply garbage in/garbage out.

–Debbie Gartner

Will it upset us if you install a plugin and do “SEO”? Not at all. We have freedom of speech and religion – and SEO. Go for it.

Our recommendation: Ignore machines and write for humans instead.

If you do SEO and see some miracle happen, please let us know. We’re only right 51 percent of the time. We’re not perfect.

So prove us wrong. That’s the challenge. Document your traffic dramatically increasing in short order after changing SEO tactics using snippets.

We’d actually like to be wrong on this one.

Avoid WPFaster.com’s $1,985 speed tuning shakedown.

Let’s examine one of the Internet’s bigger speed service shakedowns: WP Faster. NOTE: Their home page loads in 2.76 seconds in our browser. Hmm? Not a very good example of less-then-2-second speed performance.

WP Faster provides an itemized “ala cart” 10-item speed menu. You can do the same changes yourself for free.

1SETUP FEE is $40.
Fine. A cover charge. A deterrent or penalty for clients with impossible speed tasks. A filter for unqualified leads.

Here are the various entrées you can order from WP Faster:

2CACHING $240.
What does that really entail? They install a caching plugin. Is that hard? No. It’s simple. There are good caching plugins with few (3) settings like free Cache Enabler. Can you do that? Yes. It’s easy to install this plugin. We use it on PagePipe. Now you know which caching plugin to install. We just told you. Don’t waste your 240 tacos! Does caching make a meaningful difference?

Tom Usborne of GeneratePress, a trustworthy and infamous developer, discourages activating caching plugins. Why? Because caching frequently breaks sites! Tom is tired of telling people to turn off caching to fix theme and plugin conflicts. The minimal return in actual speed gains is trifling. A well-optimized website rarely benefits from caching plugins. It’s not worth the pain. Same goes for minification plugins. Better scores but not better speed.

Tom Usbourne also says: “Don’t put too much stock into what Google PageSpeed says – it’s one of the worst performance checking services in my opinion (and a lot of other opinions).” – source

So, why does PagePipe use Cache Enabler if it doesn’t help speed? Face it, some pipsqueak critic won’t read this very page, go test PagePipe, and think a bad score means we’re stupid about speed. Sadness. Sigh. So a preventative preemptive strike is required against whiners and skeptics.

3PLUGIN PRIORITIZATION & LOAD ORDER OPTIMIZATION $168.
For this service, they use the more complicated and heavier Plugin Organizer plugin. It’s free. Does it require fiddling with settings? Yep. Do plugin “prioritization and load order” make a significant difference in speed? Well. No. It doesn’t. Not advantages we’ve ever measured. Maybe we missed a profound artifact?

LEARN MORE ABOUT OUR SITE TUNING SERVICES – PagePipe

If they use Plugin Organizer plugin for selective plugin activation, that would help. But they didn’t say they do that. Selective plugin activation and deactivation is tedious work. For that, we’d choose the more obscure but still free, simpler Plugin Logic.

But plugin priority and load order are NOT needed except for extreme speed optimization. And, by that, we’re talking rescue-attempts at subsecond load times. Even then, this monotonous messing around won’t guarantee acceptable user experience. It’s speed hand waving or superfluous project job padding. The return on your investment is minuscule.

4IMAGE OPTIMIZATION (Lossy) $138.
Lossy image optimization is what you want. This is best achieved with a simple free plugin: Imsanity. No typo. Imsanity. Set the size limit to your page column width in pixels. If you don’t know that dimension, use 750 to 1000 pixels. Then set the compression to a range of 70 to 80. After backup, resize all your media library with the press of a button. Resizing is more important than compressing. Why? Because WordPress automatically compresses images to 82 quality. That is good enough for most sites. This speed-saving stopgap is already built into WordPress. But not for uploaded originals, just smaller size images like thumbs and medium-size insets. Imsanity plugin fixes everything.

If you’re using free Smush plugin for optimizing images, please stop. It only compresses images by 10 percent. Worthless! It’s the worst optimization plugin available. Normal lossy compression decreases image file size by 5 to 10 times the original. In other words, around 70 to 80 percent reduction.

First ask yourself: “Are my media library images PNG images? Or JPEG images?” What’s the worst performance problem caused by images? Answer: it’s site owners using high-resolution PNG image format for photographs. PNG photo format is a bad choice for speed. Use instead lossy JPEG compression. But lossy sounds bad. Doesn’t it?

Lossy doesn’t mean lousy. It should be called “automated data removal for visually lossless images.” Using PNG format for photos is a mistake. How big of a mistake? Well, a proper change can take a 12-second load time down to 4 seconds. Is that good enough? Absolutely not. 4 seconds is slow. 2 seconds or below is the target speed.

Is it hard to convert your media library from PNG to JPEG? Not if you use the free PNG to JPEG plugin. It even detects and preserves transparency on your tiny PNGs used as icons and guideposts. Smart plugin. A speed lifesaver.



★★★★★
PNG to JPG plugin

Load Time: 10 milliseconds

 

Description: Convert PNG images to JPG, free up web space and speed up your webpages:

  • Set quality of converted JPG.
  • Auto convert on upload.
  • Auto convert on upload only when PNG has no transparency.
  • Convert existing PNG image to JPG.
  • Bulk convert existing PNG images to JPG.

The return on image optimization for speed isn’t as great as it used to be. Even though images are still more than half of page weight, they’re not half of page load time. Why? Because improved web browsers do faster parallel loading. Images are loading simultaneously or overlap in the performance waterfall.

5DEFER/ASYNCHRONOUSLY LOAD JAVASCRIPT $148.
This activity is a complete waste of time and money. It’s a coder’s dilemma that programmers take joy in solving and get many billable hours. It produces no measurable benefit in millisecond load time. It only improves those dang fake speed scores misleading site owners into hunting unproductive wild geese. Don’t go on a wild goose chase. Forget this JavaScript-deferral silliness.

6COMBINE STYLES & SCRIPTS (CONCATENATION) $168.
Install a minification plugin like Autoptimize and your done. But if your site breaks, try Better WordPress Minify. Read more about minification and it’s dangers here. Minification and concatenation don’t help speed much on a well-optimized site. More money wasted on speed services.

7IMAGE LAZY LOADING $108.
Pulleeze! One free lazy-load plugin with no settings installed for over a hundred dollars. You’ve got to be joking! BJ Lazyload plugin. And there are other freebies we like, for example, Lazy Load by WP Rocket. WordPress added lazy loading to core in August of 2020.

8MINIFICATION $158.
We can’t believe this! Minification is intrinsic in #5 plugin solution above. Double dipping with extra charges!
Scam artists.

9INLINE CRITICAL, ABOVE-THE-FOLD CSS $278.
This is a waste of time recommended by speed tests. It usually requires a coding solution. There are plugins to help but we’ve never found one that works. Even if we did, it’s simply not worth it. Where is above-the-fold on a mobile device or tablet? Farcical.

The GRAND TOTAL for WP Faster’s shakedown Bundle Offer is $1,125 dollars.

Over $1,000 dollars spent for what? Nothing you can’t do with free plugins yourself. Money wasted!

SPEED SIDE ORDER OPTIONS for WP Faster
9. Remove inline CSS, change JavaScript load order $760 extra.
10. A Highly Detailed Before-and-After Report add $100 extra.

They’ve got to be joking!


LEARN MORE ABOUT OUR SITE TUNING SERVICES – PagePipe

iThemes Security slows your site and depletes server resources.

Security
Myth: WordPress security plugins don’t affect speed.
The usual recommendation is iThemes Security (formerly Better WP Security).
Most people don’t know security plugins slow down your site and use up server resources.

While studying site security and speed, we tested the iThemes Security plugin. It’s claimed to prevent malware injection. We’re sure it works but the plugin is major overkill. We duplicate it’s core features with lightweight, fast-loading, standalone free plugins. Beneath the surface, this large, 3.1M plugin contains a lurking, greedy speed bite. Chomp!

There’s no detectable difference in load time with most speed tests. With this security plugin onboard there’s not even an extra call (HTTP Request). The plugin appears pretty safe and benign for speed. And it’s popular! What could go wrong?

Nowadays, there’s a herd-panic or paranoia about WordPress security and getting hacked. It’s easy to get caught up in the frenzy – and go plugin crazy. All that’s required are a few simple things. First, change your login from the default “admin.” Duh? Use something a little more challenging for bots. Don’t use “password” as your password. These are obvious right? Right.

Only 8 milliseconds for extra site security with four recommended plugins:

PagePipe uses the following simple security plugins. We predict load time in milliseconds using P3 Plugin Performance Profiler (by GoDaddy). NOTE: P3 plugin will slow down your site. Don’t leave it installed!

Limit Login Attempts Reloaded (40ms)
package download size: 697k

Brute-force attacks are the simplest method to gain access to a site. The hacker tries usernames and passwords, over and over again, with a “bot” until they get in. This lightweight plugin prevents brute force login attacks using .htaccess. .htaccess is a configuration file on web servers running Apache Web Server software. Time-limited number of login attempts block the hacker’s IP address. This plugin also disables XMLRPC.

It’s best to disable the xmlrpc. php files. By disabling it, you ensure this non-feature can’t be used to hack your WordPress website. XML-RPC is a specification enabling communication between WordPress and other systems (like smartphones).

Change Table Prefix (1ms)
package download size: 10k

WARNING: Only use this plugin if you know what you are doing. You can mess up your database and nuke your site. Some hosts like GreenGeeks automatically change the default prefix for you on migration. Protect your website from SQL injections. Replace your database WordPress default prefix (WP_). Use any other alternative prefix in a single click. An SQL injection is a computer attack. Hacker’s can embed malicious code in a poorly-designed applications. Then pass it along to the backend database. Anything can then happen on your site.

Email Address Encoder (2ms)
package download size: 5k

A lightweight plugin to protect email addresses from email-harvesting robots. The plugin encodes addresses into decimal and hexadecimal entities. No configuration required.

Block Bad Queries (BBQ) 4ms
package download size: 7k

A simple, super-fast firewall plugin that protects your site against malicious URL requests. Hackers can redirect user requests from your site to an illegitimate site. No plugin configuration required.

What went wrong?

After installing iThemes Security plugin, we got a GoDaddy email notification. It said our hosting account exceeded its resource limits. What!?

The recommended solution by our benevolent host, of course, is buy more server goodies. But the better answer – they don’t tell you – is simpler and cheaper than that.

Once again, we observe that plugin file weight is indicative of resource consumption. If not page load time, then RAM or MySQL databases are gobbled up. This isn’t always the case. But a fat plugin is suspicious and requires testing. To find out how your site is using resources, click the C-Panel icon labeled CPU and Concurrent Connection Usage.

After the “warning,” we checked Cpanel (CPU and Concurrent Connection Usage). It said RAM usage jumped from 89M normal to the 512M maximum available. We’d never encountered this problem before. The “spike” in the Cpanel Memory data occurred when we installed the iThemes plugin.

We completely uninstalled that nasty security plugin. Ram usage immediately began dropping down. An hour later the RAM usage was 221M. By 1.5hrs, it was 128M. We were finally drifting back into the green zone. Are we the only ones to ever see this weirdness? No. Read on.

In the production notes:

“Enhancement Jan 2016: Updated the File Change Detection feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.”

So what? What’s the big deal?

When you exceed server limits, many hosts at least will start throttling your site. Or worst-case, take your site offline for hours to days. They claim they’re protecting other sites hosted on the server from your malfeasance. You’re dragging everyone else down with you.

Bandwidth throttling is the intentional slowing by your Internet service provider. This helps limit network congestion and server crashes. But it’s also often a lame excuse to justify poor performance. And sloppy cramming of thousands of domains on a server. You can’t control this. But you can avoid getting shutdown by memory-hog plugins – like iThemes Security.

Is iThemes Security the Lone-Ranger plugin that consumes RAM? Nope.

There are a bunch of plugins we know of (and many others we don’t). But they aren’t security plugins.

Here are some examples:

Checking broken links one by one is not physically possible, even for a small site. There are many free and paid tools that check for broken links. You can get the Broken Link Checker plugin (active installs 500,000) and check the health of your links with it.

But Broken Link Checker is a RAM hog. You’ll see two spikes on the graph below. The first is when we switched on Broken Link Checker and it started it’s automated crawling of the site. The second peak is UpDraft Plus doing an automatic site backup. We keep Link Checker deactivated and only run it once a month.

What if you’re running Link checker? And doing a backup? And have a hog security plugin running all together? You’re doomed. What can you do!?

Changing the PHP version from 5.3 to 7.x reduced RAM usage by 20 to 30 percent. This keeps us safe. Now we idle around 70M. We’re staying far away from the 512M rail. But when we do daily backups, we push up to around 300k usage. We improved this with better backup plugin settings. We could do manual backups when we create new content. But instead we compromise and switch from daily to weekly backups to reduce the load. That works for us.

Render-blocking JS is the most annoying and unresolvable error message

We don’t recommend using Google’s PageSpeed Insight tools for doing mobile website benchmarking – or even for desktop. We avoid this tool. We refer you to the following articles as to why:

Why the .@Google Mobile Test Tool Is Absolute Crap >
Why Trying to Get 95+ on Google PageSpeed Insights for Your WordPress Site Will Drive You Mad! >
The Truth about Google Pagespeed Insights >

Better tools for evaluation are pingdom.com and WebPagetest.org.
Note: WebPagetest is an open-source project owned by Google.

Deferring Javascript breaks WordPress.

Google’s Bogus Error Message for Mobile Anxiety

Should Fix:
Eliminate render-blocking JavaScript and CSS in above-the-fold content.

R
ender-blocking JS is the most annoying and unresolvable error message Google’s mobile test delivers. It pushes some perfectionists to the brink of frothing madness. We’ve decided it must be ignored completely if you use WordPress. Give yourself a break. It’s not you that’s bad. It’s Google.

“Everybody is talking about Render Blocking. Sounds like something Google planted so we’d spend more time learning code – instead of thinking of how to run a successful blog.”

When you’re using WordPress for website production, it’s an impossible situation. The most basic components of WordPress trigger the “render-blocking JS” error message. No other method of speed testing uses render-blocking JS as a parameter. It’s not worth reporting.

Many supposed solutions are created by plugin authors attempting to resolve this frustrating error message. We tested all of the 8 plugins below. They don’t all work as claimed. They are not “plug-and-play.” They don’t eliminate the “render-blocking” error message on PageSpeed Insights. Nor do they improve page load time in the least. Three plugins broke the page being tested. Those three are marked with a red asterisk.

These are not simple or easy plugins. In most cases, they are dangerous in the wrong, inexperienced hands. You can easily damage your site. We recommend you not use them. They are esoteric fluff. Their claims are presented below but don’t believe them without testing for confirmation on your site. We had no success. This is a warning.

This is one we actually used on a web project with success:

★ ★ ★ ★ ★
Async JavaScript

Load Time: 30 milliseconds

Async JavaScript plugin allows script control by adding ‘async’ or ‘defer’ attributes. Or to exclude a script to help increase site performance.

OTHERS WE LIST BUT DON’T RECOMMEND:

performance optimization order styles and javascript 5k
Description: Ordering StyleSheet and JavaScript (external and inline) for performance optimization. The plugin will also collect different inline scripts to one place.

wp deferred javascripts 14k
Description: Defer the loading of all JavaScripts added by the way of wp_enqueue_script(), using LABJS. The result is a significant optimization of loading time. It is compatible with all WordPress JavaScript functions (wp_localize_script(), js in header, in footer…) and works with all well coded plugins. If a plugin or a theme is not properly enqueuing scripts, your site may not work.

external files optimizer* 4.7k
Description: Automatically combine and compress css/js files generate with wp_head() and wp_footer()

head cleaner* 262k
Description: Cleaning tags from your WordPress header and footer. To speed up the loading of JavaScript and CSS. PHP5 required.

headjs loader* 15k
Description: Load your Javascript files via Head JS. Caution: this plugin can cause major issues with the javascript on your site if not implemented properly. Please be sure to test on a development server first.

wp asset clean up 34k
Description: Make your website load FASTER by preventing specific scripts (.JS) & styles (.CSS) from loading on pages/posts and home page. WP Asset Clean Up scans your page and detects all the assets that are loaded. When editing a page/post select the ones you DO NOT wish to load.


 

How to torture impatient mobile visitors.

Apply the 10 big boo-boos decimating mobile WordPress speed.

  1. Use fancy decorative Google fonts. Don’t use a mobile font stack.

REFERENCE: https://pagepipe.com/zero-latency-fonts-for-mobile-speed-system-ui-font/

  1. Use a slider on your home page. And just for giggles add another but different slider to your product pages.

REFERENCE: https://pagepipe.com/sliders-always-slow-down-a-page-load-and-they-are-proven-ineffective-for-navigation-and-seo/

  1. Use lots of metric-type plugins including HotJar and Google Analytics.

REFERENCE: https://pagepipe.com/how-does-google-analytics-affect-mobile-page-speed/

REFERENCE: https://pagepipe.com/hotjar-adds-500-milliseconds-to-mobile-speed/

REFERENCE: https://pagepipe.com/use-faster-and-simpler-koko-analytics-for-speed-instead-of-slow-and-complicated-google-analytics/

  1. Choose a host from a biased affiliate review site. Don’t test TTFB of the server before signing up.

REFERENCE: https://pagepipe.com/find-out-what-your-server-ttfb-really-is/

REFERENCE: https://pagepipe.com/wp-content/uploads/2021/03/hosting-master-v3.3-opt.pdf

  1. Add any Live Chat plugin or service.

REFERENCE: https://pagepipe.com/dumping-livechat-for-speed/

  1. Put in a heavy globally-loading form plugin.

REFERENCE: https://pagepipe.com/do-lightweight-form-plugins-even-exist/

  1. Add a heavy and popular security plugin that writes frequently to the server htaccess file.

REFERENCE: https://pagepipe.com/free-discrete-plugins-replace-bloated-security-plugins/

  1. Use a pagebuilder — any pagebuilder.

REFERENCE: https://pagepipe.com/imitate-elementor-with-gutenberg-block-editor-and-be-faster/

  1. Use a heavy theme like Divi.

REFERENCE: https://pagepipe.com/switch-from-divi-theme-to-astra-for-best-speed/

  1. Add popups.

REFERENCE: https://pagepipe.com/top-hello-bar-knockoff-plugins-for-speed/

REFERENCE: https://pagepipe.com/faster-and-free-alternative-to-optinmonster-wordpress-plugin/

Anyone can ruin mobile user experience with lack of discipline.

Before adding plugins to your site, ask yourself, will this cool plugin make me rich or famous?

Are WP Super Cache and W3 Total Cache bad for mobile speed?

Performance benchmarks use scores from Pingdom.com, WebPagetest.org, or GTMetrix.com.

Oddly, no one mentions speed test scores don’t matter. It’s milliseconds that count! Or that Google PageSpeed Insights is a test designed to create site-owner anxiety. Boasting about a PageSpeed Insight 100 test score is ridiculous. We’ve seen 12-second pages get a 100 rating with this test. A joke. Many blog authors claim they find speed salvation using popular WordPress caching plugins.

On an optimized site, caching plugins make little difference in load time. The initial visit is the critical one for the first impression. Only 5 percent of PagePipe traffic is repeat visitors (500 visitors per month). That’s very low. But not uncommon.

We’ve inspected big sites (1 million+ visitors monthly) with high return-visitor rate (80 percent). The high return rate is often from sending frequent subscriber push notifications. These are swirling aggregated news sites. The recent content is brand-spanking new. There’s little benefit from caching.

Author’s Jonathan Sulo (Servebolt) and Tom Usbourne (GeneratePress) and our staff (PagePipe), agree. Caching plugins often break your site and cause problems more than help. It’s usually file concatenation reducing requests that are the biggest problem.

We install two plugins: Cache Enabler and Better WordPress Minify. That separates the function of minification. We then selectively deactivate an offending plugin on pages. Or disable it completely site-wide without sacrificing the benefit of the other plugin. Those are discrete plugins with few settings or none. They work. A do-everything caching plugin is dangerous in the hands of novices. Not to mention the site drag caused by the heaviest caching plugin like WP Super Cache (2+ million active installations) and W3 Total Cache (1+ million active installations).

OFFSITE LINK: https://wp-rocket.me/faq/problems-wp-super-cache/

Cache plugins speed up the requests that are cached, but slow down the requests that are not cached. Since a regular cache hit rate is somewhere between 10 and 25% a cache plugin will slow down the site for 75 – 90% of your visitors. – source

On an extreme optimized site, there may be a few 100 kilobytes of page weight and only a dozen requests. With no popular plugins, that site will load in under 1 second almost to anywhere in the world. No CDN necessary. No caching plugin. No minification plugin.

Far Future Expiry plugin allows setting a suitable cache expiry date. We recommend 1-year expiration.

Do we ever add plugins to improve scores? Yes. This is for the site owner’s psychological benefit when they examine test results. These include discrete plugins like:

  • lazy loading
  • minification
  • far future expiration
  • remove query strings from static resources

These lightweight plugins make scores look good. But their actual contribution to mobile speed is small. They don’t slow down a site, so why not make test results appear the best possible?

If your site is fast, adding caching satisfies fanatic obsessive-compulsive speed behavior. From which we suffer. We admit it.

Where is “caching” truth? There is none. All blog reviews of caching plugins are self-serving and biased. Especially benchmarks selling affiliate Hummingbird or WP Rocket plugins. Are we surprised by the cherry-picked results? Nope.

WordPress Plugins like W3 Total Cache work like all other page caching. They store a version of a pre-generated page to the file system or memory, and serve it to users until it expires. W3 Total Cache is being used by 1 million websites, but that doesn’t mean it is a good idea. Especially not if you use fast hosting.


W3 Total Cache is a very large plugin, and for most sites – this just adds a whole lot of unnecessary code to the website. More code, means more things can go wrong. …


W3 Total Cache talks about getting pages to load in less than 2 seconds showing off a theme like Twenty-sixteen. To make it clear; a similar test [on fast hosting] will be delivered in about 100 milliseconds without the use of caching, not seconds. –source

WP Rocket is a paid plugin ($49) advertised as a caching plugin. It’s a multi-function plugin doing much more than caching. WP Rocket claims they create pre-cached pages. This happens on plugin installation, and every time a page changes. Does this make a speed difference?

Caching pages every time is like achieving a 100 score. Superfluous. Caching makes no difference on an extreme optimization site for mobile users.

WP Rocket works or helps most sites. We’re sure they do what they say. But there are no documented benchmarks of performance improvement from their special pre-caching feature. This feature is a marketing tactic to improve product differentiation. It’s brilliant marketing. We remove WP Rocket and use free plugins to achieve the same or better results. All we have is experience of repairing client sites. And reducing their annual site overhead costs.

DISCLAIMER: We use caching and minification on PagePipe blog – but not on our store. Caching is not recommended with eCommerce plugins like Easy Digital Downloads and WooCommerce. Checkout-page breakage results.

Stackable Blocks Review – Does it stack up?

Stackable Blocks Review [Free Version]- Does it stack up?

A full-featured block library

Stackable is what we consider a “full-featured” block library add-on. Here’s why:

  • It offers 27 custom blocks in the free version. (This is on the high end).
  • It has a good selection of pre-built design templates (89 free and 264 premium)
  • It has UI Kits you can use to create consistently styled sections.
  • Global color editor.
  • Global typography editor.
  • Hide or show blocks based on screen size.
  • All blocks have margin and padding settings.

I’ll go into these in more detail shortly. But first, let’s talk performance.

Is it fast?

We tested 86 block plugins to determine their speed overhead. We looked at added page-weight, number of calls and milliseconds of load time.

Stackable passed with flying colors and is in our “top-tier” of fastest Gutenberg-related plugins. It added only 75 kilobytes to the page-weight, just 2 calls and 0 milliseconds in load time.

What about a real world test?

We used Stackable as the main block library on a client site: https://cryptogard.tax/

The home page speed tests look like this:

Yes, Stackable is fast.

Stackable Features Overview

Let’s take a look at some of the features mentioned above.

27 Custom Blocks

These blocks include things like:

  • Container
  • Columns and Grid
  • Testimonials
  • Pricing Tables
  • Accordion
  • and more

Overall, we’ve found their blocks to be quite nice. There are many options within each block type so you can customize them to your needs.

The layout of each block’s settings is also pretty good, and most similar to the Elementor page builder.

Pre-Built Design Library

Stackable offers 89 pre-built templates in the free version. These include layouts like hero sections, post-grids, testimonials, etc. They are organized by type.

I don’t find myself using these often, but they can be useful to get you started if you’re stuck. You can also use them to reverse-engineer settings if you’re not sure how to get the look you want.

You can remove the design library completely from your editor if you don’t ever use it. A nice touch which shows me that Stackable is putting some thought into their plugin.

UI Kits

UI kits are similar to Pre-Built Sections, except that they are organized by style and color, rather than section type. I think this is a great idea and could be a big time saver if you’re using templates.

Global Color Editor

The global color editor allows you to change the color palette of all your blocks across your entire site. So no matter what block you’re using – Stackable or otherwise – you’ll see your custom color palette. This is a huge time saver.

Global Typography Editor

Similar to the global color editor, this feature allows you to set the typography – font family, size, weight, etc – for your headings and body text within the Stackable settings.

Many themes already allow you to change your typography, so this feature seems less useful. But if your theme doesn’t let you change typography easily, this would be quite helpful.

Hide or Show Blocks Based on Screen Size

This feature adds a “Responsive” setting for each Stackable block that allows you to hide a given block (or group of blocks in a container or column) depending on screen size.

So say you have a section that you want to hide completely on mobile, you can do that with one click.

All Blocks Have Margin and Padding Settings

This may seem trivial. But there are many instances when you want more or less space between blocks.

Default margins and padding can be inconsistent – especially when you have multiple block libraries installed – so this allows you to get the spacing between elements just right.

Kadence, another block library we like, doesn’t have margin/padding settings for every block. This is a big weakness in our experience. Kadence does have some other awesome features, which you can read about in our Kadence Review.

Conclusion

Stackable is a well-rounded and well-conceived block library. It’s fast and feature rich. We recommend it.

Download the free version here.

Learn more about the premium version here.

Get WP Rocket plugin best paid features for free.

It’s another incredible speed myth. Self-appointed experts claim including a caching plugin on your WordPress site is essential. Many plugin reviewers declare, “Caching plugins make your WordPress site highly optimized for speed and performance.” Some even avow a 10X speed – improving your SEO.

This is an outrageous untruth. Total nonsense. First, speed does not improve SEO. Best case, only repeat visitors may get speed benefits from caching. But with some website, only 20 percent of their traffic is returning visitors. Not helpful for the other sad 80 percent. Second, caching plugins rarely improve speed on a well-optimized site. None of them.

Ever.

If a caching plugin helps a site, it means something. A tired, lazy, unskilled, or apathetic designer didn’t want to optimize. Admit it. Suddenly, paying $49 for a plugin doesn’t sound so bad to solve the problem. But in 5 years, that’s almost 300 tacos you lose. Cheap ones – but tasty.

As we’ve said before:

“The reason web builders see improvement from caching plugins isn’t from caching features. It’s from the activation of Gzip compression. And far-futures expiration, and minifying Javascript and CSS files. Those automated features built into the plugin have nothing to do with caching. In fact, most modern hosting already has Gzip activated on the server. On a well-optimized website, we’ve never seen speed benefits based on using a caching plugin. Even from the oft-recommended, free W3 Total Cache plugin. Or even WP Super Cache. Both popular plugins with millions of installs.”

What is Caching? It’s page components stored for future use. The images, files, and web objects are now on your local hard drive. When you open the page again, the browser has most files cached and ready. This takes less time than retrieving files from remote servers.

Note: Your browser caches pages whether you have a plugin installed – or not.

WP Rocket caching plugin authors claim your website will load at lightspeed. That is 186,000 miles per second.

Let’s save the world million of dollars in repetitive fees! We already feel better. Ready. Keep reading.

Note: Our PagePipe site creations go faster than a speeding bullet. The average bullet travels at 1,700 miles per hour. So WP Rocket already advertises better specs than ours. Metaphorically anyway. Light versus bullet.

We don’t recommend the paid WP Rocket plugin because you can get the same results with free plugins.


Here are some of WP Rocket’s other specs and claims:

  • Page Caching – They claim this improves SEO. Wrong.

PagePipe: Avoiding futile web myths about site speed >

How can we be so confident? We downloaded and tested 21 free plugins from the WordPress repository. Every free caching plugin we could find. That included testing WP Rocket – even though it’s not free.

Here’s how things turned out:

1We threw out the caching plugins that just didn’t work. Those four losers included: Easy Cache (15 second page load?), Next Level Cache, WP FFPC, and WP Spider Cache.

2We got rid of the plugins with the poorest retention – the 2 to 14 percent range. There were 9 of those: Batcache, WP Fast Cache, Gator Cache, WP Super Cache, Hyper Cache Extended, Hyper Cache, Bodi0s Easy Cache, AIO Cache, and Alpha Cache.

WAIT! We chucked WP Super Cache? It has over 1 million installs and 11 million downloads. Yep. Do the math. That’s only 9 percent retention. That plugin is getting old and on the decline. You can Google the topic and read about user-concern of abandonment. The author assures it’s not orphaned. But the herd is moving away from the plugin.

Warning: We couldn’t uninstall the plugin “Bodi0s Easy Cache” using the WordPress dashboard. We had to erase its folder from the server via Cpanel. Badness!

3We have 2 plugins that are either too fussy or too feature-sparse.” Those two are Super Static Cache and Cache Enabler*. They are out, too.

4There are plugins that are slow to load. Yes. Three plugins flunked when tested with P3 Performance Profiler Plugin. They were: Comet Cache, 43.8 milliseconds, W3 Total Cache 70.5 milliseconds, and WP Rocket 45.3 milliseconds. You’re thinking, those are insignificant times. Maybe, but they load on every single page of the site. We call that site drag. The thing is they were significantly slower than the winners. We’ll give you those times next.

Not again! Another big one bites the dust. W3 Total Cache plugin has a million installs and 6.6 million downloads. But it’s the slowest caching plugin and it’s retention is only 15 percent.

5The three winners had retention and good speed.

  • Simple Cache, 4.4 milliseconds and includes Gzip, expires, enable caching. Combine this with autoptimize plugin for minification (13.7 milliseconds). You have a great combination.
  • WP Cache.com, 7.2 milliseconds, just caching. So add to it Far-futures Expiration – includes Gzip – 0.8 milliseconds.
  • WP Fastest Cache, 8.4 milliseconds. Includes minification, Gzip, caching. Combine this with far-future expiration plugin (adds another 0.8 milliseconds).

You can substitute some of these free plugins listed below for WP Rocket’s other paid features:

  • Cache Preloading

Pingdom testing frequently gives a message called “Leverage Browser Caching.” Here’s the speed-error fix:

Install the Far Future Expiration Header plugin.

  1. Far Future SETTINGS
  2. Set the expiration to 365 days (yes, 1 year).
  3. Select all the file types you are using.
  4. Select Gzip compression.
  5. Save.

PagePipe: Fixing-pingdom-leverage-browser-caching-errors >


  • GZIP Compression – Gzip and expiration header. We know this makes sites go faster. We’ve tested this stuff. The expiry plugin above works great. Some Gzip plugins don’t work. But Far-future expiration plugin is a two-for-one  deal and works great. You just select a button an Gzip is automatically added to your .htaccess file on your server. Then all pages are activated.

Read about Gzip here:

PagePipe: Update on Gzip compression >


  • Browser Caching – JS, CSS, and images from page to page in browser cache. Sorry. No caching plugin improves  well-optimized sites. They do not show any speed improvement.

  • Google Fonts Optimization – claims fewer HTTP requests. We simply remove Google Fonts for speed.

Free plugin suggestion: Remove Google Fonts References >


  • LazyLoad – This is good because it delays loading of images below the fold. It’s a good trick. But it can give us lousy UX as slow images on mobile devices leave blank spaces. Images eventually appear when scrolling. (We use lazy loading wherever and whenever possible). Get lazy loading for free:

Free plugin suggestion:  Rocket Lazy Load >


  • Minification/Concatenation

Minification gives some improvement in getting good scores but doesn’t always improve speed. Minification can break your site. WP Rocket even warns about this on their FAQ page. So they’re human!

Free alternatives include:

Free: Better WordPress Minify plugin (our first choice).

Free: Autoptimize plugin (second choice)

If those fail try, Speed Booster Pack (but disable the lazy load. It causes site drag.)

If none of those work, forget using minification. It’s not worth the grief.


  • Defer JS Loading – page rendering errors eliminated.

We’ve written an article about this:
PagePipe: Google PageSpeed Insights: Render-blocking JS is the most annoying and unresolvable error message >


WP Rocket PRICE: $49 personal annual license fee. ($99 for business). But often on sale!


Secret plugin ingredient: the WP Rocket crawler.

Claim: WP Rocket developed an intelligent crawler. It’s called each time you create or update site content. This primes the cache in preparation for your first visitor. WP Rocket claims to pre-scan and store prebuilt pages from your site (using a crawler and CDN). CDNs don’t always help. They some times slow things down. From our tests, its other things about the plugin that matter more. These can be duplicated with free plugins.


Enough plugin bashing. A 4-second site can go to 2-seconds by activating WP Rocket. That’s pretty amazing. But we retort, “It must be a pretty cruddy site.” Does the 4-to-2-second miracle make WP Rocket better? No. Just a different, costlier solution.

We’ll keep our $49 bucks for tacos – and use free stuff. Thank you!

Dump Divi theme: Get Astra’s screamin’ speed.

Tons of articles rave comparing the merits and disadvantages of the Astra and Divi theme. They’re often biased by affiliate links (aka kickbacks) from one or both theme companies. They make money from the controversy.

We’re not here to debate which theme is better.

There is no debate for speed. We already know from our experience doing performance tuning on actual client sites.

Not a theory. Real-world experience.

We’ll show you how to fix the Divi speed problem for good.

Divi speed sucks.

Get rid of it!

Astra’s theme is super lightweight. If you can control your excitement to embellish with cool theme features.

Divi is the worst theme for speed. Often slowing a site by 1 second. That is half the 2-second performance budget. Yet they claim to be the most popular theme in the world with 2-million installations. They’re not free. They are pricey.

We always recommend removing Divi.

A few years ago I made a website with Divi, I was sucked in by the marketing and ease of use. I wanted to move away from the Divi theme because of mobile-speed issues – but knew that I couldn’t handle this myself due to the monster shortcode that is left behind when switching from Divi.

Luckily, I found Pagepipe.com and Steve and he agreed to lead the way on a Divi removal strategy. Picking Astra as the new theme, Steve removed all traces of Divi, sped up the site from about 2.7 seconds to under 1 second, and left me feeling like there were still some very good people in the world. I also no longer have to pay $89 annually for Divi – nor do I have to pay for expensive plugins. Thanks Steve, it is very much appreciated. Greg Artim, Pittsburg, Pennsylvania USA

Can Divi ever be fast?

But not PagePipe, it’s built with Twenty seventeen default theme.

Why Twenty seventeen? Isn’t that theme old and stale now? Our explanation is here:

REFERENCE: https://pagepipe.com/how-we-cheated-the-speed-tests-using-twenty-seventeen-theme/

We’ve seen one instance. But the web pages were bare-bones. In other words, Divi features were hardly used. That explains that.

REFERENCE: https://pagepipe.com/divi-theme-sucks-and-other-popular-paid-themes-are-slow-too/

REFERENCE: https://pagepipe.com/rebuilding-your-site-for-mobile-speed/

With Astra, we’ve built our own and client sites.

We know how fast free-Astra loads: under 50 milliseconds.

REFERENCE: https://pagepipe.com/extreme-astra-maximum-mobile-benefits-from-free-theme-features/

REFERENCE: https://pagepipe.com/should-i-use-generatepress-or-astra-theme-with-elementor-for-mobile-speed/

Here’s the biggest problem. When website owners get their hands on Divi they can’t stop adding heavy features. The same applies to Astra Pro.

We recommend Astra-vanilla (free) for speed (1-million active installations). No kickback from affiliate links. The real deal. Astra’s limitations keep uncontrollable web designers in check. They aren’t seduced into loading up pages with junk.

https://wordpress.org/themes/astra/

So why not switch to Astra and be faster immediately?

If only switching were that easy. Getting off Divi is like extracting intestinal parasites.

Large groups of egg-laying worms overwhelm the immune system. The worms kick-start a self-perpetuating cycle guaranteeing their survival.

That is Divi. Abdominal pain. Diarrhea.

I simply cannot stand  [Divi’s] pseudo eye candy bulky menus and “oh so funny” module names (WTF is a blurb module)? And even more so I cannot understand its success. It should simply not exist as it is a junky piece of software that i hope will vanish (just as all the other page builders) when WordPress incorporated its own system: Gutenberg. Still looking forward to the future. – Source

Why do we have such a low opinion of Divi?

Why rant about a bad theme choice?

What’s the big deal?

We’re often hired to solve speed-tuning. If Divi is the theme, fear-filled site owners imagine they can’t live without Divi. They worry. What happens when they remove Divi? Do their pages and post become nonsensical gobbledygook? They’re afraid the embedded images and other normality might vanish. Why that concern?

You know what?

Those horrible code nightmares are true.

Go ahead. Disconnect Divi.

It’s a total mess.

Example of client-side shortcode page residue after removing Divi theme. Ugly! There are 9 homepage sections of garbage shortcodes like this one.

Divi doesn’t use standard WordPress theme conventions. It isn’t compatible or swappable with any other standard theme. It’s built with hundreds of shortcodes. Whose lame idea was that?

So poor, addicted, stunted sites never stop paying for their Divi fix. Divi is like a complicated operating system built on top of WordPress. The Divi shell isolates the site owners from ever acquiring real skills. The value and ease of WordPress design is never realized. They can’t place a simple image on a normal page without a Divi crutch.

Handicapped by Divi.

We found a site owner with the courage and gumption to divest from Divi addiction. We jumped at the opportunity to document the journey to theme-freedom. We had something to prove.

The site was fast because he barely used Divi features. So why remove it? To prove a point. And to future-proof the site.

We wanted to show how even a dang-fast Divi site could be faster and lighter switching to Astra.

More shortcode residue from Divi.

Was it easy?

Well, it wasn’t as bad as we anticipated from what others told us.

We found a plugin. A golden plugin.

A plugin built to hide unused shortcodes – and the junk between them. And if we paid $22, we could have a pro version to remove the shortcodes for good.

We were – stunned. It couldn’t be that simple. But it was. One button? All the shortcodes removed?

Every shortcode removal solution we’d seen online required so much monkeying around. Convoluted cringe-worthy suffering. Our delight to discover a shortcut remover made us hesitate. Was the plugin claim authentic?

The free version of this magic plugin is:

★ ★ ★ ★ ★
Shortcode Cleaner Lite

Load Time: 1 millisecond

zip file size: 370k

Keep this plugin installed to hide the Divi shortcodes. Then the ugly shortcodes don’t appear on the front end anymore. Gone from sight! But if you remove the Shortcode Cleaner plugin, they’re all back. Could be worse.

If you pony up the cash for the pro version, you eliminate the shortcodes. Yes. From both the frontend and backend. If you remove the plugin, they’re still gone – forever. Beautiful tool.

First, we tested the free version. It doesn’t add weight or drag to pages. Good-enough results for most people satisfied with a “hiding” result. But we were on a mission to nuke Divi for good.

We got out our wallet.

We bought the pro version. And in a few minutes all the shortcodes we hated vanished from our client’s polluted website. Amazing.

Learn more about it on YouTube

We were free to switch to Astra free theme. Painless.

It also got rid of all other shortcode residue left on the site from dinosaur plugins long ago removed.

Was our speed mission complete?

No. We next substituted heavy popular plugins with much lighter plugins.

The difference? A reduction in weight from about 90 megabytes of plugins and theme – to only 20 megabytes.

We’re using 7 more plugin now than before. Do you think the site ran faster?

You know it did. Load time dropped in half.

The homepage went from 2.71 seconds to 1 second. Other pages were now loading in under a half-second. Stunning speed improvement. 500-millisecond load times – without CDN and without caching plugins. No site-breaking minification plugins either.

Are we done? No. We’re moving off erratic SiteGround servers to Rochen. Where will goodness end for speed?

This site is now in the top 1-percent of fastest sites on the web.
Did it cost more?

No. It cost less! Much less. No more annual renewal “rent” for the Divi theme. And lower-priced shared hosting.

Fixing painful server fluctuations.

What did we do about garbage hosting for this case study?

The client had two domains on SiteGround. On separate accounts. Oops! He unknowingly bought an account for each domain. It happens. Of course, he only needed one. But they neglected telling him that tidbit. His renewal fee was due in two weeks: $600.

Erratic TTFB on SiteGround hosting over a one-month period. Worst-case: 6-second page load time. Hey? Don’t they brag about speed? Maybe they don’t know the truth yet.

We looked at the drifting and erratic TTFB (time to first byte – server overhead) on SiteGround hosting. Average load time was 2.83 seconds. With our head in the oven and feet in the freezer – on “average” – do we feel fine?

Not really.

Average doesn’t show the speed peaks and troughs.

The chart rolls up-and-down like waves on a rough ocean. Load times saw-toothed up and down rhythmically from 2 seconds to 6 seconds. Is that wildness bad?

It’s horrible.

Goodness is a TTFB below 500 milliseconds.

The final speed scores

SiteGround

BEFORE
SSL and server caching activated
original load time
Divi Theme
1.46 seconds average

Note: This is the fastest Divi installation we’ve ever seen.

AFTER
After speed tuning on staging
w/o Google Analytic drag
Astra Theme
1.12 seconds average

NEW HOSTING

Rochen

after migration
Astra theme
Google Analytics installed
LiteSpeed activated
391 milliseconds average

Holy cow! That’s super fast.

Cost before:

  1.  Divi renewal fees. $89 per year
  2. SiteGround renewal $600.

No more repetitive annual renewal fees.


 

Cost after:

Rochen Growth level fees:
$119.40 for the first year.
(Renews at $18.95/month)

5 Websites
20GB SSD Storage
Unmetered Data Transfer

Note: The client chose paying for Astra Pro:
$47 annual rent.

So when you change load time on a desktop from 2.7 seconds to under 1 second, do mobile users notice? Does anyone really care?

No one notices fast pages. They’re transparent.

But a slow page?

Users hate slow pages.

Remote mobile often load 3 to 4 times slower than desktop pages. Think about it. In our case-study example, 70 percent or more of traffic is on mobile devices. Instant mobile user experience benefits.

ADDENDUM

So let me check. To change my site over to a new theme away from Divi.  Here’s what you’ve told me to do in this article:

1 – Download a new theme.
2 – Purchase and install Shortcode Cleaner lite plugin.
3 – Run Shortcode Cleaner lite.
4 – Switch to new theme.

Is that it?

No.

If life were only that simple.

1. If you have poor server quality with a slow TTFB, for example a 2-second TTFB, you’ll never get under a 2-second load time from switching themes. Duh!

2. You can’t delete or upload a new theme until you remove Divi and it’s accompanying plugins completely. So remove those Elegant Themes plugins.

3. If you bought the Shortcode Cleaner plugin.  Installing the pro version may be too big. You’ll  get this error:

The uploaded file exceeds the upload_max_filesize directive in php.ini.

If so, you need to install this plugin:

Yes. That’s right a plugin to upload big plugins!

4. But you may then see this error code:

The package could not be installed. No valid plugins were found.

Plugin installation failed.

5. Double check. Be sure you removed Divi and all the theme’s associated plugins. There may be several. Divi doesn’t work in “The WordPress Way.” They aren’t distributed through the theme directory. They don’t comply with WordPress theme rules of interchangeability. In fact, they deliberately block you from uploading other themes. They change how the Customizer works and other controls. Bad form. The don’t play fair.


 

DIVI-to-ASTRA THEME CONVERSION
–A TESTIMONIAL

Hey Steve!

One image says it all:

 

Final performance results: 1.383 seconds. Dump Divi theme.

Oh my goodness. Just wanted to thank you for your blog, your writing that provokes critical thinking, your resources, and email response.

The timing is perfect. Actually I was just about to set up my new business homepage (firestorm-digital.com) with Divi – just as I have built websites for years now. I just googled something like “make divi faster” and came across your site.

Three to four hours later, I read the entire thing and basically [dumped] the entire plan and built it based on your suggestions.

Went with Astra Theme and Elementor (free). Took the time to get into the new nuts and bolts. Went through your plugin suggestions. Moved over to GreenGeeks (by your recommendation). … I really like the simplicity of it now.

You changed my thinking and challenged my concepts. Successfully. Now I have a site that works and loads in under 2s. I know there’s not much on it. But the way I approach building the site has changed entirely. Mainly because of your work.

As a way to say thank you I bought your complete bundle. So thanks. If there’s anything else I could do for you just let me know.

Have a great day Steve and thanks again

Sebastian Thalhammer
Firestorm Digital
Austria


 

JUST FOR HARDCORE DIVI HATERS

https://www.sean-barton.co.uk/2017/12/bye-bye-divi/
https://www.sean-barton.co.uk/2017/12/bye-bye-divi/

This alternative plugin is not in the WordPress directory — but is free. We don’t use it. Let us know if it works for you.

Novice Elementor users produce substandard page speed.

This article explores page builder plugins – in particular, Elementor page builder. We examine inherent page speed hazards and fears. Speed problems aren’t Elementor’s fault. Undisciplined wannabee web designers are the big problem. Elementor Pro doubles Elementor (free) plugin site drag.


1Your page builder predictions seem apocalyptic and scary. Why so negative? Do you have a grudge against Elementor?

All page builders tempt inexperienced users to load up their pages with stuff that slows things down. Automattic’s goal is for Gutenberg block editor to kill all page builders within a few years. They are competing with drag-and-drop website builders like WIX, Squarespace, Weebly, and Shopify. Pagebuilder plugins will be collateral damage.

REFERENCE: Is Gutenberg faster loading than Elementor? Yes.

Pagebuilder efficiency encourages consumption of speed resources. It’s ironic rebound psychology called Jevons paradox.

REFERENCE: https://en.wikipedia.org/wiki/Jevons_paradox

Jevons paradox
1. Web design becomes more accessible to abusive novices.
2. Pagebuilder efficiency increases web speed consumption.

2Is this article authored by a jealous traditional web designer?

Here at PagePipe, we write free articles about creative methods to produce web-page speed. We also sell speed ebooks and services. We build speed websites for clients. We report what we learn. We have CSS and HTML coding skills. We prefer free theme and plugin alternatives for speed novices. We do not include any affiliate links or advertise third-party products on our site.

Speed is fundamental for good user experience. Metrics affected most by speed are dwell time, bounce rate and click through. These show user intent and engagement. That affects organic SEO.

3Are you looking at data from older Elementor sites? Is this information outdated or obsolete?

Because of this report’s popularity, we update it with new information. We currently have various test sites running Elementor (free) and Elementor Pro (paid). We track plugin updates. (Our original article appeared in fall of 2017).

4Does Elementor’s ability to change background images on mobile devices alter your opinion?

These device-sensitive features are not new. The November-2016-release of WordPress-authored Twenty-seventeen free default theme included them. It isn’t innovative technology. It’s common sense. It doesn’t differentiate Elementor.

5Does PagePipe use Elementor Pro?

Only on experimental sites. For business owners who need a page builder, we recommend Elementor. But we point out the benefits and potential dangers of adoption.

6Are under 2-second page loads possible with Elementor and GeneratePress on shared hosting?

With discipline and skill, yes. Say “no” to bloat.

7Are WordPress’ methods of reporting the number of active users flawed?

Yes, they are. But it’s all we have. Ask them to fix it, please.

We explain retention-rate calculations:

https://pagepipe.com/information-scent-deciphering-the-wordpress-plugin-repository/


Elementor is one of the more popular live page builders for WordPress. It has a free and paid version. Some claim it will change WordPress design. We bet the Gutenberg block editor changes the landscape more.

The Elementor plugin file weighs 5.7 megabytes compressed. And 21.5 megabytes decompressed in version 3.1.0. For comparison, WordPress core weighs 15.8 megabytes compressed (and 16.5 megabytes decompressed).

Elementor is now almost 5 megabytes heavier code when decompressed than the WordPress CMS platform it runs on. Ironic. And it’s still growing

Pagebuilder code functions slow down sites. Pagebuilder authors load variables from databases. This triggers many slowdowns. How much padding do you need? What color? Border or not? Round images or squares? etc. Configuration decisions and selections run in real time. These repeat the same redundant decisions on every page load.

1.2M of Elementor is Font Awesome. Why did they include that?

There’s speed overhead associated with Elementor page builder. It adds extra CSS and JS. But this speed difference is negligible for desktop audiences. For remote wireless mobile, it’s another matter. Read on.

One of the bad things about many page builders is that they use shortcodes. Once you stop using the page builder plugin – for any reason – it messes everything up. Elementor (and Beaver Builder) don’t do that. Yes, some features of Elementor use shortcodes. But only a few, and those are optional features … not necessary.

★★★☠☠
Elementor Pagebuilder
Active installs: 5,000,000+
Zip download file: 2.3M 4.8M 5.3M (and ever growing).
Original package weight was 1.1M.

It’s not uncommon for a page builder to add CSS and JS code to every page on your website (site drag). The average Internet desktop page weight being 2.3M to 3M. Most heavier mobile pages we test are around 500k to 750k. Our home page is 909k. The page you are reading now is 263k. You can see that an average page builder could be much heavier – without any content!

Elementor has lots of features and is easy to use – especially for novices. We aren’t fans of page builders. In our experience when themes include page builders, there’s always bloat. Not from the page builder itself – but by the site owner adding unnecessary junk. Pagebuilders also have a learning curve. Much like learning a new computer operating system. Sometimes, page builders add as much as an extra 500k of CSS files – and 500k of Javascript files. That’s 1M of page-weight overhead. When questions came about how fast or slow Elementor is, we decided to test and satisfy our curiosity.

Want to read a good article that compares how the major page builders affect WordPress speed. We didn’t write it. We wish we did. Read it at Primary Image.

Page weight matters most on mobile. Weight consumes connection resources. Mobile’s a different beast than desktop connections. Desktop is all-you-can-eat connections. So, in most cases, a 20k-weight difference makes little impact in load time. Except on a remote smartphone. Then it does. And it costs extra money for each page. Why does 20k even matter for extreme mobile performance optimization? Isn’t that a puny file size?

Our typical page weight for mobile speeds are in the 100k to 200k range. 20k addition is 10- to 20-percent increase. That doesn’t necessarily translate into a 20-percent increase in speed reduction. But, it’s revolting for a speed freak to consider an addition to every single page of a site (site drag). Of course, there are worse plugins. The 20k comes from HTTP requests for CSS and Javascript files. It may be worse with more features added – but we only tested for a best-case scenario.

Elementor delays page load time very little on an average desktop site. Viewer expectation is a 2-second load time.

An average desktop page speed (8 seconds) is unacceptable for mobile – or anyone for that matter. Average page weight (2.3M to 3M) is especially unacceptable for mobile users. Why? Because mobile viewers expect pages to load just as fast as a desktop. Less than 2 seconds! That necessitates building a 1-second page for mobile to achieve a 2-second load time.

We’re talking about building a 1-second page speed on shared hosting that typically has a 300-millisecond Time-to-First-Byte (TTFB). That is the server overhead or server delay before the page starts to render on screen. You can’t remove or change this. You can only switch to a better (more costly) host. If our performance budget is 1 second, we now only have 700 milliseconds left to load all page assets. About half of the weight is usually images. The other half WordPress core, theme, plugins, and written content. Again, we say typical. There are many tricks like optimizing images. Or stripping webfonts. Etc.

So is adding 20k to every page bad for mobile speed? Under these conditions? Of course.

OFFSITE LINK: https://wpjohnny.com/why-i-hate-pagebuilders-wordpress-review/

Elementor plugin natively adds 41 milliseconds to every page load. A typical plugin only adds 1 or 2 milliseconds. A bad plugin adds 250 milliseconds or more. It’s hidden in the HMTL (PHP), not Javascript. Is that bad? It depends on how much you need to squeeze your site.

Posts created with Elementor may have 400k of page weight overhead from scripts.

How much difference Elementor makes to speed and page weight is one of those, “It depends” answers.

In general, from tests, it doesn’t add any more than 40 to 75 milliseconds to global page load time. Using the premium plugin doubles the weight.

Elementor adds site drag. Plus it enqueues Javascript. This isn’t good news for mobile. Elementor negates some speed benefits of fast themes like GeneratePress or Twenty-seventeen default. Of course, most developers are unaware or apathetic to these problems.

Now with that said, Elementor only activates on pages requiring their customization. This is elegance in the name of speed. For example, we doubt blog pages require any customization.

If Elementor isn’t used on a page, the plugin isn’t activated. And jQuery isn’t enqueued either. This is miraculous good news. It means use Elementor only where necessary, not on every page. Plugins like Contact Form 7 activate jQuery everywhere. That’s the ugly norm. Elementor is smart. Plus you can use Elementor’s form builder instead of Contact Form 7.

Delivering icons as a font is a hack.

Author: Tyler Sticka

We don’t recommend page builders in general – even good ones. Why? Because site owners easily abuse them and make heavy pages. They can’t overcome the temptation to embellish. We feel page builders encourage negative UX behavior. It’s expressive design overkill. It’s like handing an open bottle of poison to an infant. They can’t resist – the site owner drinks it. Thus the skull-and-crossbones in the rating.

It looks like Elementor adds 4 or more HTTP requests. Minor. The downside to using Elementor is small for desktop sites – other than the learning curve.

We see page builders as a stopgap. Only because the best version of WordPress will be built in the future.

Good Offsite Link: https://pippinsplugins.com/wordpress-page-builder-plugins-critical-review/

The page builder ecosystem is a wild west right now and is in a gold rush. – Pippin Williamson

WordPress keeps incorporating features that make whole categories of plugins obsolete in a single day. This trend will continue. Automattic watches what’s emerging in the plugin directory. They’re not stupid. We don’t agree with this competitive business strategy. But the big fish will feign innovation by continuing to eat the little fish – either by acquisition or reverse-engineering. Gutenberg block editor intends to consume little fish.

The only detriment to using Elementor is 40-millisecond site drag added to every page of your site. And enqueuing jQuery by accident can negate gains on fast themes built specifically for mobile use. That’s low by comparison to say Yoast SEO Pro 240 millisecond bloat – and Contact Form 7 adds up to 50 milliseconds. Those are popular plugins. Popular usually means heavy and slow. A “nice” plugin loads in 1 millisecond. Is Elementor becoming a popular plugin? Yes. For us, that’s a bad sign. Yes, a plugin can be popular and bad. This is typical of popular caching plugins, too. Test and toss.

For extreme mobile performance optimization, we remove everything possible to reduce site drag.

But Elementor plugin uses selective activation. In other words, if a page isn’t built with Elementor, the plugin is not loaded. This is not typical, usually, plugins will load globally on every page and post whether they’re needed or not. This we call “site drag.”

So the goal is only to use Elementor on those pages where it’s absolutely needed for customization. This will reduce the number of HTTP requests (calls) significantly. For example, usually blog pages don’t require customization but a home page might use a lot of customization.

But we wonder, could a custom home page or catalog page be constructed with a responsive column plugin? One like Lightweight Grid Columns by Tom Usborne of GeneratePress theme fame (22k package size download).

Elementor plays nice because of selective activation.

We never want to invest in the Elementor learning curve – or any other page builder or builder theme. We see them as vulnerable. It has nothing to do with speed.

Dissolution of 5,000,000 Elementor sites is collateral damage for WordPress.

Why would WordPress incur that bad-PR and offensive risk? Read on.

Pagebuilder weakness isn’t about speed.

Even if Elementor plugin doubles the theme page weight. Does that matter? No. Why? Because heavy plugins like WooCommerce swamp potential small gains fiddling with Elementor alternatives.

80/20 rule. Pareto’s Principle.

We’ve assessed what it costs in time and money to get rid of Elementor on a site. It isn’t worth it. Elementor is a benign *growth*. No speed plugin surgery needed. Other problems with speed are much bigger and more toxic. Elementor is puny and not even worth scratching like a speed itch. It causes us no pain to ignore it.

NOTE: Elementor is only used on pages where it is activated. So that minimizes the need.

We could care less about Elementor. It’s not a tool we want to use. It’s fine if you use it to get web skills you need. It’s OK. No guilt.

We will and do touch Elementor on existing client websites. We never remove it – nor would we want to. What a mess that would be.

We recommended Elementor to a site owner in Germany. He had 5-second load times. He actually made the difficult switch from Divi theme to GeneratePress + Elementor combination. His load time was then around 1-second to London using the same host. Nice!

We recommend Elementor page builder – but we wouldn’t build with any page builder. This guy in Germany couldn’t code any customization. He needed a page builder. Our recommendation was Elementor. We don’t hate Elementor.

“I hired several WordPress ‘speed experts’ before. All failed to achieve decent results. Steve is an expert in his field. His advice helped me understand what was slowing my website down and fix it permanently. My site used to take 5 to 7 seconds to load – and after Steve worked his magic – it now loads in less than 1 second. Thank you!” supboardguide.com Hamburg, Germany

Another big point is: The slow release of Gutenberg phases retards page builder adoption.

Our speculation is not the demise of only Elementor. It’s the future demise of any WordPress Gutenberg block-editor lookalikes, copycats, or even simulators. Gutenberg doesn’t equal Elementor today. But it will in the future – that’s WordPress’ express goal. Not ending Elementor, they’re small potatoes. But nuking WIX, Shopify, and SquareSpace.

This is the answer to why WordPress will burn Elementor: MARKET DOMINATION. They want more. They want to take back the piece of pie WIX, Weebly, Shopify and SquareSpace took from them.

This narcissistic strategy hurts all page builder plugins and themes. Casualties.

People are discovering Gutenberg block editor is faster. Then we’ll all see what real WordPress landscape changes occur. That won’t happen until complete Gutenberg block-editor is finally released after a few phases. Face it, it’s a big undertaking. It could be a couple more years. Gag!

Gutenberg competition will be a spin-doctor excuse to drop non-profitable loser products. Divi theme, please!

People argue semantics about what is a *true* page builder. Like BeaverBuilder or Elementor or Divi. They think in error the two universes of Gutenberg and page builders are apart. Barely related at all. Wouldn’t that be dainty?

Pagebuilders are bad because human beings can’t control themselves and are seduced into adding too much. That’s bad for speed. This isn’t Elementor’s fault. It’s the result of human frailty.

From Gutenberg plugin page:

“Gutenberg has three planned stages. The first, aimed for inclusion in WordPress 5.0, focuses on the post editing experience and the implementation of blocks. This initial phase focuses on a content-first approach. …

These foundational elements will pave the way for stages two and three, planned for the next year, to go beyond the post into page templates and ultimately, full site customization.”

Full-site suck-o-mization? Do they mean a page builder killer? Yep.

There is no proven or verified SEO benefit from using Elementor.

There isn’t even a whisper it’s good for SEO. If so, it’s a myth or ploy.

The vaporous claim is Elementor produces “cleaner content” – and search engines will like that. Really? So we don’t have to write content anymore? Claiming “cleaner content” is insignificant. A flea on the back of an elephant.

“In SEO, [fanatics] create uber-optimized websites, ending up with a butt ugly design, and spending all their time optimizing and coding instead of creating content and doing marketing.” – Brian Jackson

REFERENCE: https://woorkup.com/elementor-page-builder/

SEO is most affected by relevant content – not silly SEO trickery. If the site content is a failure (unwanted or unneeded), no amount of SEO tweaking will save a site. Ever.

And especially not Elementor. Ridiculous claim.

By Google’s own admission – WordPress core does 90 percent of the heavy lifting for SEO compliance. No need for an SEO expert. Important SEO ranking factors are beyond the control of site owners – and Elementor. Except for producing good relevant content. Owners can do that. Tweaking keyword and snippets only get you in trouble.

REFERENCE: https://pagepipe.com/ignore-googles-200-seo-signals-including-speed-learn-writing-skills-for-good-page-ranking/

Content is the user experience. Good user experience causes good SEO. Return visits, reduced bounce rate, more clickthru, longer dwell time. Speed is the number one hurdle to good user experience and first impression.

Anyone who insists Elementor is a superior SEO tool is a bully.

If a client insists on tool choices, you’re no longer a freelance subcontractor. Now, you’re an EMPLOYEE. That changes the payer’s tax liability.

We’re using Elementor on some sites because we want to try it out. It’s an experiment. Insane curiosity. But Elementor is proving frustrating. The more we learn and work with it, the more we find it getting in the way. We’re starting to dislike Elementor when it buries simple customization three layers deep. That makes it difficult to verify changes. Repeating steps over and over to get results is unproductive. We don’t have time to fiddle with such nonsense.

The goal is efficiency. Elementor does NOT improve design efficiency. You’d do better buying a used second computer screen so you can do drag-and-drop of media files. Elementor is a barrier and limiting factor to creative flexibility. The uninitiated think Elementor sets designers free. Wrong! It’s handcuffing for the intelligent.

Don’t let client insistence shove Elementor down your throat. Learn it if you want. But our experience is Elementor is unneeded and slows down sites – and development time. It’s a crutch for the lazy. But then one could say that about any plugin or theme, too.

Any tool claiming to do “anything and everything” should be instantly suspect. Just like SEO claims and promises. Theoretical unproven benefits.

A quick summary of why Elementor is not “risk-free”:

1
It seduces you into adding features you don’t need. This causes site clutter. Visual noise. Elementor doesn’t magically give design skill or savvy. Or discipline.


2It’s a time waster. You hunt how to do things you did before on subconscious autopilot (like colorizing text). Simple decision-making becomes complex. It’s supposed to be easier. For us, it’s not. We end up talking more about Elementor alternatives. If we were design virgins, we’d think Elementor the greatest – or even the best. It’s disappointing for experienced designers. The delight factor is feeble.


3Elementor keeps getting more and more convoluted. It’s in constant change as they update features. Complication increases technical fragility and learning curve. They can’t stop adding junk. Their gold-rush panic and feature obsession make us have to think.


4Elementor has a short shelf-life. WordPress (Matt Mullenweg) has no qualms admitting page builders are obsolete collateral damage. When Gutenberg block-editor reaches stage 3, it’s a done deal. Their intent is replacing all page builders. Will Gutenberg be faster? Yes. Will it be better? We don’t think so. All page builders are a bane for intelligent designers. It’s a substitute decision-maker for web-design weaklings. Most of our sites have “Disable Gutenberg” or “Classic Editor” plugin installed.

REFERENCE: https://gutenberghub.com/gutenberg-vs-elementor-html-bloat/


5
There is no SEO benefit – and no speed benefit – and no usability benefit.

“The home page has to load in 2 seconds, product pages in 2.5 seconds and all other pages in 3 seconds.” – Brian Jackson

REFERENCE: https://woorkup.com/elementor-page-builder/


6The authors of Elementor are in a Parana-fish state of mind. They’re working themselves compulsively into potential collapse from frenzied burnout. Out of control growth. They wrongly believe quantity translates into quality. It never does.


7Elementor loads unneeded CSS and JS or code in general that is not in use. They need to add global control to enable/disable widgets/elements. This is dequeuing. Then if we never use a widget, we can disable it. This feature does not exist yet making Elementor inefficient. Doing this automatically rather than disabling widgets manually would be even better. A large percentage of the CSS loaded is unused, heavy, and impacts mobile page size and performance.

Are we using Elementor? Yes. On test sites. Why? So we can answer questions about “How good is it?” Do we recommend it? No. Avoid it if you can. If you don’t have design chops, then accept you’ll rebuild the site within a few years. Go ahead. Admit you’re defeated as a web designer. Are you getting a productivity tool – or complicating your life?

“I’m working with an SEO guy and he’s kind of insisting I install and use Elementor. Which means a learning curve for me …

… I can build a site much quicker myself. … All he wants it for is something to do with his conversions and adwords” – a Scottish developer

The more we use Elementor the more we don’t like it. That’s because we write CSS code for customization. Elementor gets in the way and slows us down. But others who are non-coders think Elementor is the coolest thing since sliced bread.

Elementor isn’t simpler or faster to use for us. Elementor buries simple edits down layers of screen changes. Then we have to click back up through the layers. We’ve come to hate the process.

@michaelnorthern , yes unfortunately Elementor is becoming bloated. They implement half-baked features and then leave them without polishing only to be able to state that they have that feature. This trend has been going very long time. I was banned from the FB group for critiquing them for their focus on marketing/selling more than on fixing important issues and improving the core.
And now with competition like Brizzy and Oxygen they will have more and more abandonment.

Elementor is an anti-productivity tool for us – a waste of resources and time.

Our feeling is the Elementor authors are doomed. Destined to burnout. Their kingdom gets fragile as it grows in complexity. Third-party addon plugins for Elementor are hack jobs by opportunists. We’re not impressed with the community. There’s a churning of updates on Elementor plugin – and lots of arguments and debating on forums. This chaos isn’t a good indicator of longevity.

Elementor is a crutch. On a simple blog rebuild, we didn’t need Elementor and could keep things simple. Building felt like silk. Elementor makes a mind trip on the lumps. Elementor is seductive to WordPress novices. Once site owners get bitten by Elementor, they forget about reducing speed overhead. “Oh! Look we can use Elementor. Goodie! Then I won’t have to think.” Strategy is what creates faster websites.

Will we continue to work on Elementor sites? Yes. We also work on WooCommerce plugin sites. Woo is heavier than any other free plugin we’ve encountered to date.

Design is a compromise.

A lame plugin called “WP YouTube Lyte” came out in March of 2018. Other lazy-loading video plugin alternatives are better and don’t need an API.

LYTE by default uses WordPress “the_content”-filter. Pagebuilders (Elementor) don’t apply that filter to their content. So LYTE plugin doesn’t work on Elementor. Neither do other lazy load for video plugins.

Elementor breaks YouTube video lazy load plugins. Why? Because Elementor renames things different from standard WordPress operation. This is poor.

https://wordpress.org/plugins/wp-youtube-lyte/

MORE READING:
https://pagepipe.com/should-i-use-generatepress-or-astra-theme-with-elementor-for-mobile-speed/

https://pagepipe.com/how-page-builders-encourage-slow-page-loads/

OFFSITE LINKS
6 Disadvantages of WP Page Builders and Why I Now Loathe Them

https://wpjohnny.com/why-i-hate-pagebuilders-wordpress-review/

https://gutenberghub.com/gutenberg-vs-elementor-html-bloat/


Harness block-editor power.
Build fast, good-looking websites.
No page builder needed.

blockclones.com
Be fast – without being ugly.


A speed comparison of WordPress Link Cloaking plugins

Affliate links are a way to monetize a WordPress website. We don’t do monetization on PagePipe – but many websites do.

Affiliate marketers use link cloaking plugins to create and shorten external affiliate links. You insert these links into posts, pages, and comments. They are a type of hidden page redirection and mask affiliate partner links from site users. Is it a “Black Hat” trick? Maybe? Why? Because visitors are clueless where they’ll be heading. It’s a way to fool humans.

All plugins cause some load time delay. This occurs in HTML code with at least single-digit milliseconds. A heavy plugin may cause 50 to 70 milliseconds of delay.

The link appears benign as an internal site link – when really it’s a mildly-deceptive offsite link. Some affiliates have a advisory note telling people about affiliate fees or credits if you click a link. This “advertiser disclosure” is often in fine print at the bottom of a long scrolling page. It’s not hidden but it’s not always plain either. The link URL has a long query string embedded in it to earn credit for affiliate commissions. Link cloaking also shortens long URLs to simple “pretty or tiny” links. Such as ‘your-domain-name.com/go/link’.

Affiliate links don’t say, “Click here to download this great thing.” Instead they say something like, “Earn 50,000 bonus miles” or “Get 5% cash back.” They are promotional deals and sound like promises of free money – but you must buy something first.

Click tracking and affiliate link cloaking supposedly sell and convert better. Most cloaking plugins collect lifetime-click statistics. A central dashboard helps you manage all the affiliate links on the website. You can create, edit, delete, and manage links by 301 redirects.

You can send clickers to destinations without them even knowing where they are going to land. Is this fair? We think not. Even so, your clients may insist on this feature. Can you create and manage these links with a WordPress plugin? Yes. You can. So which free plugin solution is the fastest for mobile connections?

SEVEN BEST FREE CLOAKING PLUGIN CANDIDATES
RANKED BY MILLISECOND LOAD TIME

All seven are easy to install and have similar functions and controls.

[table]

Link Cloaking Plugin,Load Time ms,Installs
,
Affiliate Links Lite,3.1,5000+
Linker,3.2,2000+
Thirstyaffiliates,6.6,30000+
Premium Link Cloaker Lite,8.9,10+
Easy Affiliate Links,9.1,10000+

[/table]

We deemed Affiliate Links Lite the “best.” Here’s why:

  1. Affiliate Links Lite plugin is the lightest and fastest.
  2. Affiliate Links Lite includes the exact same control features as the other fast plugins. Features include: Title, Category, Date, Link URL, Link Target URL, Link Description, and Hits. And there is an additional control panel for “configuring  link redirection.” Overall we’re impressed.

Affliate Links Lite plugin author boasts these benefits:

  • Boost your SEO by hiding affiliate links from search engines.
  • Protect your earnings by masking referral links.
  • Increase your revenue by analyzing your link traffic and stats.
  • Save your time by using affiliate links easily and with no hassle.

PagePipe Note: Claiming SEO benefits from any plugin is nonsense and untruth. But some of our favorite speed plugins are equally misguided. So we’ll let it slide. The other benefits are weak at best. But if your web-project committee insists link cloaking features are needed, this plugin is the painless way to appease them.

★★★★★
Affiliate Links Lite
Active installs: 5,000+
Zip archive: 200k

TEN OTHER PLUGINS WE TESTED THAT FLUNKED

FAILED (Wouldn’t work with PHP 7.1 or wouldn’t load)
Affiliate Link Cloaking
WP Affiliate Linker
Clickmeter Link Shortener and Analytics

FAT (Fat plugins had double-digit millisecond load times. )
Shoutcodes Lite
Link Cloaker for Affiliates
WP Auto Affiliate Links
Pretty Link
Shorty Lite

OLD (Crusty. Not updated for many years.)
Simple Link Cloaker
Custom Affiliate Links Cloaker

NOTE:  Some rejected plugins are especially bad for speed. The worst being: Link Cloaker Affiliates which causes heavy site drag. It loads down every page and post with an extra 339k of page weight. The other two worst offenders for ruining speed weren’t so bad. They added extra HTTP requests: WP Auto Affiliate Links – 2 calls, and Shoutcode Lite – 3 calls. But that still disqualifies them from the fast list.

What is the fastest free WordPress theme?

Which WordPress theme would we choose for best mobile speed? You can’t judge by looking at the theme on a desktop screen – nor by a demo page. You have to test with either iPhone simulators or web tools like Firefox browser addon:

Web Developers Toolbar → Resize → View Responsive Layouts

Or real hardware devices. No one owns that much hardware.

And how a theme looks – the “Out Of the Box Experience” (the oo-bee) – is nothing like the beautiful demo page. When you first install your new theme, disappointment!

Unfortunately, theme selection is often based solely on looks (aesthetics). Demo-page performance is deceptively “tuned and tweaked.” Premium themes are available for sale from marketplaces and individual WordPress developers. Purchaser speed-evaluation or testing is rarely done at all. It’s a faith-based buy. Speed is an after-the-fact repair job. This is “consumer-like” impulse buying. There’s buyers remorse for a non-returnable theme product. We’ve been there. We sympathize.

Our speed philosophy starts with a stripped-down, free theme. Then add only necessary features with free plugins. This is the foundation of good speed design. These kinds of themes are sometimes called: stripped-down, bare-bones, generic, basic, naked, essential, fundamental, or “bootstrap.” Those key phrases return pages full of affiliate links to theme-publisher houses. The blog author gets a kickback. Bloggers aren’t motivated to help you – as much as help their wallet.

We’ve found free themes in the WordPress directory often get a bad rap. Paid-theme publishers claim free themes have inherent flaws. This is advertising hype (aka lies). These imagined flaws include:

  • Lack of Updates
  • Security Problems
  • Lack of Support
  • Lack of Features
  • Lack of Customization

Nothing could be further from the truth. You can get the same lousy service from paid authors. Some of the biggest and best authors in the business fall flat on their faces sometimes. Even WordPress makes security mistakes and suffers from favoritism and apathy. Don’t believe myths that “premium” themes are better – or delivers better guarantees.

HOSTING

Many blog thought leaders say the right web hosting is critical. Even more critical than theme and plugin selection. This isn’t true. And you can bet whatever host they recommend is an affiliate link, too. (More kickback money).

We’ve only seen short duration when hosts provide consistent and reliable services. And we aren’t just talking shared hosting. We mean all hosting. From SiteGround to BlueHost to HostGator to DigitalOcean to GoDaddy. It doesn’t matter if they’re solid-state disk drives or old, mechanical, magnetic drives. “Reliable and repeatable” speeds drift all over the map. Why? Ask them. They won’t give you a straight answer.

Worst-case performance today – is tomorrow’s average (poor) performance. Hosting companies get juggled around from owner to owner. With each new owner, comes policy changes. Different management brings either better or worse predictable performance. It’s hard to know. It’s always random. If you had a different experience, please email us.

So the answer is: build the best and fastest strategic website to run well even on crummy hosting. That way you aren’t disappointed. We’re convinced, with even expensive web hosts, you don’t get what you pay for. We want cheap, shared hosting. We prefer not to share our server with too many other people. (For example, PagePipe shares with 24 other web domains). Use YouGetSignal.com to find how many domains are on your server.

Time to First Byte Specifications

We want to get a good TTFB (time to first byte). This is a measurement in milliseconds. It’s how long a user’s browser waits before receiving it’s first byte of data from the host server. It includes “network latency.” Data makes trips back and forth between server and browser. A long wait slows down seeing the page. Theme selection doesn’t affect TTFB. It is completely host dependent. But if your theme is too slow and your TTFB is slow, also, you’re doomed to always have a slow site.

  • 100 to 200 milliseconds TTFB is excellent.
  • 300 to 500 is good.
  • 500 to 800 is average.
  • 800 to 1000 milliseconds is poor.
  • Above 1 second is not “happiness.”

One client using BlueHost shared a server with over 2,000 other domain names. They wondered why their TTFB was always 4 seconds. Ouch!

TTFB is not web speed. It’s server responsivity. You can measure TTFB online with WebPageTest.org or with http://www.ByteCheck.com/

An offsite link about cheap hosting.

PERFORMANCE BUDGET

When you design a site for strategic speed, you use a performance budget. The industry-standard budget for best practice is under 2-second page load time. If your TTFB is 800 milliseconds, that server overhead reduced the amount of budget to 1.2 seconds. If TTFB is 100 millisecond, you have 1.9 seconds of pure luxury. That sounds like a small bonus. But believe us, you can add many extra features in 700 milliseconds.

Did we search for a shared host with 100 to 200 millisecond TTFB? Yes. And we found one. And even tested it: iPage.com We don’t get a kick back. We’re not an affiliate – so only click the link once. Save electricity. Did we switch to iPage? Nope.

Read about fast, web-hosting reviews offsite at: Woodstitch

More about TTFB improvement offsite at Kinsta.

NOTE: On these two links above, their reporting is honest. But it didn’t always match our experience in every regard. So test for goodness sake!

SPEED NOTE: After reading Brian Jackson’s article at Kinsta, we decided to try Cache Enabler plugin again. We saw no benefit before – as a caching plugin – and unknowingly tossed it. But Brian was claiming it improved TTFB. We found it hard to believe. This time we watched a video on how to set it up. TTFB dropped from 600 milliseconds to 350 milliseconds. That speed benefit happened across the board on every theme tested. Fantastic! We turned “GoDaddy-quality” into “iPage-quality” hosting with no extra cost! Thanks, Brian.

THEME OVERLOAD

There are 4,476 free themes in the WordPress theme directory (2017). Of those, only 1,470 are responsive. All the rest are fixed-width junk. No one should design today with a theme that doesn’t adapt to small-screen size. That limitation immediately reduced the number of candidates.

We had three criteria for the remaining 1,470 free responsive themes:

  1. Updated in 2017. Too many changes occurred in WordPress during the last quarter of 2016 and the first quarter of 2017. Some were functional and some security issues. We only wanted current and active themes supported by conscientious authors.
  2. The zip package size must be under 1M download. An arbitrary cutoff based on our experience unpacking, examining, and testing themes. It’s our rule of thumb. Only theme authors who care about speed keep the download package small and tight.
  3. They can’t be a child theme.

That reduced our database or sample size to 155 themes. That’s all! Those 155 themes went into a spreadsheet and sorted by decompressed package size. We then examined the contents of the TOP 10 smallest packages. And we also considered the number of active installations (popularity).

These themes by nature are plain and unadorned. Boring but functional. The principle goal is communicating and publishing. We want web content readable on a small device. Expressive aesthetics are second priority. It boils down to reading. People rarely view portfolios seriously on phones.

Speed Strategy requires:

  • Focus on content and interactions. Not on details, images and elements (space-filling prettiness).
  • All elements must have purpose and value.
  • Design for user experience – easier content consumption.
  • Test on a small screen first and later a larger screen.

We loaded sample content “test-data.xml” from WordPress’ Theme Data Test page.

(Use WordPress Importer plugin and Dashboard > Tools > Import).

We installed the following free, speed enhancing plugins:

We then installed the TOP10 themes candidates on a cheap, shared-hosting site (GoDaddy). And checked each resulting load time with Pingdom.com:

(Sharing with 25 other domains. TTFB: 500 to 600 milliseconds. Install Cache Enabler plugin and subtract 200 milliseconds from the load times below.)

[table]
theme,installs,fonts removed,load time ms
,,,
Pacify,1000,Lobster/Raleway,671
Basic,10000,PT Serif/,760
Generic,500,helvetica/Georgia,761
Grace,1000,open sans/raleway,835
Hexo,700,meriweather/lato,935
RedPro,300,lato,984
Triad,1000,open sans,1000
Techism,1000,open sans/helvetica,1030
Emphasize,1000,open sans,1250
Enough,1000,ubuntu,1390
[/table]

We stripped the webfonts using Remove Google Fonts References plugin. We prefer websafe fallback fonts instead. Removing webfonts reduces 160 to 260 milliseconds from the page speed. Those are the final speed numbers shown above. We recommend this extreme method for mobile performance. Most people can’t tell font differences on small screens anyway. It’s a waste of resources. Most designers are underestimating the effect web fonts have on mobile speed.

Google Fonts is an open-source, third-party, font directory. According to BuiltWith, over 44% of the top 10,000 websites use Google Fonts on their websites. Slow. They need linking to an external asset on a distant server. You might see errors or warnings that the resources are missing a cache validator. Or that they require expires headers. These are fixed at the server level, and when they are on a third-party server you have no control over fixing them. Don’t use Google Fonts. Easy speed solution.

THE WINNER

We then focused on the TOP3 themes popularity: Pacify theme (1000 installs), Basic theme (10,000 installs), and Generic theme (500 installs). Basic Theme had something the other two didn’t: 10,000 installs and lots of functionality. Popularity doesn’t count much in our book. But in this case, the theme will have a longer shelf-life potential. Basic Theme is our final choice.

https://wordpress.org/themes/basic/


Faster and free alternatives to popular OptinMonster or SumoMe WordPress plugins.

OPTIN-MONSTER’S REBUTTAL IS AT THE PAGE BOTTOM

Like many people, you may hate website popups. What’s a popup? It’s that annoying type of window – or web element – opening over the top of content without your permission. Popups usually contain advertisements, chats, or a request you signup for a newsletter or email list. It may cover the entire page or just a corner. Popups can occur instantly or be timed. It may happen only once or incessantly on every single page and post.

The popup problem is mainly about usage. They’re an intrusive, in-your-face, artificial-urgent-appeal to divulge your email address or engage in a sales pitch. They happen when you arrive on a page – or as you’re leaving a page (called exit intent).

Demonstration of “exit intent” and a large popup using OptinMonster. Bad UX! This thwarts the user. Frustration and annoyance!

Popup plugins will *not* force people to sign up. But the goal is collecting leads and generating more sales. Sounds noble.

Even though some popups are inoffensive and look nice, most deliver a bad user experience. They often cause so much animated shaking-shuddering-swinging screen action it ruins all good user experience. They then are frustrating and annoying – and even as disturbing as sparking a blue-static-arc on a cold metal doorknob. Painful and jarring.

We rarely see popups used in inoffensive and unobtrusive ways. Site owners simply abuse popups thinking the more *visual noise* the better for communicating or grabbing attention. It’s not fun – it’s usually repellent. It’s garishly ugly. It’s shouting indoors.

The worst and biggest popup offender is OptinMonster plugin, first created in 2013. It uses an API that adds 385 milliseconds of load time to every page. And costs a minimum of $9 per month. What? The pro version is $29 per month. That’s terrible. There is no free version. Yet this plugin resides in the free WordPress plugin directory. What the heck is OptinMonster doing in the free plugin directory?

OptinMonster smacks of slowness with a 1.1 megabyte zip download and requiring an API (application programming interface). It has a whopping 4 million downloads with 1 million+ active installs. With those numbers it, must be good. Right? But these guys are robbing people. Why isn’t anyone complaining? Why no one is complaining defies reason.

Perhaps we made a mistake. Are we sure OptinMonster isn’t free? Yes. We double checked. And while it appears free, it’s not.

If you download OptinMonster and install it, you can’t use it until you install the API. It does nothing. You’re locked out. So you click a link and you’re taken to a typical 3-tier plan where you select how much you’ll pay per month (but it’s an upfront annual payment). Then you get your API key to use the so-called *free* plugin. That’s not free in our opinion. Do you think it’s free – just because it’s in the free plugin directory? This is a bait-and-switch ploy. Only there isn’t even any tasty bait to chew on.

So a little math: $9 x 12 months = $108 per year (minimum) x 1 million active installs = $108 million dollars per year. Now we suppose some installations don’t have APIs activated and are just laying there dormant. But that’s still a lot of cash. Those poor users could get something with less “in-your-face” and a more pleasant user experience for free.

We have yet to see an OptinMonster plugin review that isn’t an affiliate link. The reporting is self-serving and biased.

What is the better, faster and free popup plugin?

Holler Box (125k download) does all the essential OptinMonster functions for free – plus some – and doesn’t weigh a ton. Hollarbox is lightweight and loads fast. hollerwp.com/

★★★★★
Holler Box – WordPress Popup Plugin for eCommerce
Load Time: 20 milliseconds

This small plugin uses only 3 calls (HTTP requests). 2.8k, 3.6k, and 3.8k loaded in parallel. That’s about 10k. Estimated load time: less than 40 milliseconds. But not on every page – only where it’s used (selective activation). Holler Box is a nice, lightweight plugin built correctly for mobile speed.

So don’t put a monster on your page.

We also want to mention this alternative plugin:

Easy WordPress Subscribe – Optin Hound
Active installs: 2,000+
Zip file size: 475k

Load Time: 40 milliseconds

Opt-in Hound only adds 2 local script calls with 7k page weight. Less than 100 milliseconds of drag loaded in parallel with other assets. Very fast.

Our recent speed tests show SumoMe pop-up plugin adds 800k of page weight globally (site drag) and 1.7 seconds of assets loaded in parallel with 20 HTTP requests. Avoid this slow plugin! Active installs: 100,000+, zip file size: 1.6M.

Also, have you noticed just how many websites desperately want you to sign up for their newsletter? … this is also super popular with retailers. From Barnes & Noble to Aritzia, Fluevog to Linus Bicycles, these things are seemingly everywhere. Get a nominal coupon in exchange for being sent an email you won’t read every day until forever — I don’t think so.

REFERENCE

A kind letter from Angie Meeker about OptinMonster improvements:

Hey Steve,
Angie Meeker here from OptinMonster, Customer Success and Operations Manager. I was checking out your article on our WordPress plugin that was updated in May. It looks like you haven’t seen yet that we do indeed offer a free plan so I wanted to make sure you understood why you aren’t seeing it yourself. 

If you already have the plugin installed and connected to your existing OptinMonster account, you won’t see that option because, of course, you already have an account. However, if you install a fresh version of the plugin (perhaps on a Local site), you’ll see the options to either connect to an existing account, or register a free one.

Our Forever Free plan is available only to users of our WordPress plugin, and includes 2 campaigns, five campaign types and up to 500 campaign impressions per month. Our Forever Free subscription includes all of the features of our Basic subscription. It’s a great option for users just getting started with lead generation or who are still building traffic to their websites. You can see detailed screenshots of the process to register a new free account here: https://optinmonster.com/docs/how-to-install-the-optinmonster-wordpress-plugin/

We launched this plan in October 2020. You can see from our reviews on WordPress.org that users are loving the free option: https://wordpress.org/support/plugin/optinmonster/reviews/. We even offer to build their first campaign at no cost, even for free users.

I think some of the confusion may come because OptinMonster is a SaaS product, not simply a WordPress plugin. For years, our free WordPress plugin has unlocked additional functionality for our users who choose WordPress as their CMS. Using the plugin…

  • They have the option to target categories and tags even when their permalink structure doesn’t allow it from within our SaaS product.
  • They can use WordPress shortcodes in any campaign. That means they can use the shortcodes from their favorite form builder to add complex, custom forms to their OptinMonster campaigns, or even WooCommerce shortcodes.
  • It provides deeper integrations with ecommerce platforms like WooCommerce, and provides a way for other developers to extend the functionality of OptinMonster within the WordPress ecosystem.
  • It even lets you place inline campaigns using a widget, or a Gutenberg block. 

All of that extended functionality is wrapped up in our WordPress plugin. For that reason, the plugin has resided in the WordPress plugin repo for years as a totally free plugin, in the same way HubSpot, MailChimp, SalesForce and many other SaaS products have connector plugins that provide additional functionality at no cost. Then, recently, we added the option to also register a free OptinMonster account through the plugin directly, as an added benefit for the WordPress community.

We do offer monthly subscriptions in addition to annual ones. Annual pricing is found at https://optinmonster.com/pricing and monthly pricing at https://optinmonster.com/pricing/monthly. The monthly pricing link is found in the FAQ at the bottom of the pricing page: https://a.supportally.com/Ns34JU

And, we’ve also made significant improvements to the plugin’s load times since early this year, too. That said, anytime we get a report of someone’s site loading more slowly because of the plugin, we’re happy to take a look to see if we can help. Oftentimes, we’re able to help resolve those issues directly.

If you have any questions about OptinMonster or need clarity on anything I’ve shared above, feel free to hit reply and let me know. I’m happy to help.

Whether you choose to update your article as a result is entirely up to you. Of course, I hope you will :-) but more importantly, I wanted to share some resolutions to your key questions. You took the time to investigate OptinMonster which we appreciate, and we clearly could have done a better job at making the answers to your questions more obvious when you did.

Best wishes for your success,
Angie

So does PagePipe now advocate or affiliate with OptinMonster? Sorry. Still no plugin love from us.

We love Angie but we do not love OptinMonster. We thought it fairest — since Angie worked so hard explaining.

We think popups are a bane for user experience and speed. We hate popups. They’re annoying and intrusive. So even free and theoretically faster isn’t good enough. We don’t want plugins that use APIs. They cause server delays.

Afraid you’ll get hacked? Secure your site with free and fast plugins.

While studying site security and speed, we tested the iThemes Security plugin. It’s claimed to prevent malware injection. We’re sure it works but the plugin is major overkill. We duplicate it’s core features with lightweight, fast-loading, standalone free plugins. Beneath the surface, this large, 3.1M plugin contains a lurking, greedy speed bite. Chomp!

B
ut iThemes Security plugin only adds a mere 36 milliseconds. Using Pingdom.com, there’s no detectable difference in load time. With this security plugin onboard, there’s not even an extra call (HTTP Request). The plugin appears pretty safe and benign for speed. And it’s popular! (1,000,000+ active installs) What could go wrong?

iThemes Security, WordFence, and Sucuri Security are all popular security plugins. That’s an immediate red flag that they’re slow. Why? It’s crazy. But the speed results for popular plugins always turn out slow in tests. Same for themes. People just go for the heavy plugins loaded with the most features. Overkill. The herd starts following the path thinking active installs must mean goodness. Nope.

Sucuri Security – Auditing, Malware Scanner and Hardening

Remove and add substitute recommended discrete plugins.

SECURITY
Change your WordPress login password to anything that has a total of 16 characters, numbers, or symbols. Make it lower and upper case for a few characters.

“Avoiding both types of attacks is dependent on the complexity of your password. Ideally, your passwords would be at least 16 characters, and contain a combination of numbers, symbols, uppercase letters, lowercase letters, and spaces.”
REFERENCE: https://www.cnet.com/how-to/the-guide-to-password-security-and-why-you-should-care/

Nine-character passwords take five days to break, 10-character words take four months, and 11-character passwords take 10 years. Make it up to 12 characters, and you’re looking at 200 years‘ worth of security – not bad for one little letter. Source

Here’s another offsite link that talks about password strength and it’s importance. https://www.bestvpnrating.com/password-security-tips

Hey! Backup your site.

For security with free plugins:

Please install: Limit Login Attempts Reloaded
https://wordpress.org/plugins/limit-login-attempts-reloaded/
Increase the login failures to 17. Yes 17 is good enough.

Please install: Email Address Encoder
https://wordpress.org/plugins/email-address-encoder/
No settings needed.

Please install: Change Table Prefix
https://wordpress.org/plugins/change-table-prefix/
Change the prefix to something other than the default “WP_” such as “AS_” or something random. WARNING: Don’t use this if you are migrating your site. It will screw up your database. If you use GreekGeeks Hosting, they take care of changing the database name for you during migration. Nice.

OFFSITE LINK: https://wpmudev.com/blog/wordpress-database-prefix/

Remove Sucuri Security – Auditing, Malware Scanner and Hardening plugin
It uses too many server resource and slows down the server. It’s a complicated plugin. The above 3 discrete plugins will suffice for security and speed.

Nowadays, there’s a herd-panic or paranoia about WordPress security and getting hacked. It’s easy to get caught up in the frenzy – and go plugin crazy. All that’s required are a few simple things. First, change your login from the default “admin.” Duh? Use something a little more challenging for bots. Don’t use “password” as your password. These are obvious right? Right.

Then add a plugin to prevent brute-force attacks. Use, Limit Login Attempts Reloaded. It works with PHP version 7.x and newer.

Only 8 milliseconds for extra site security with four recommended plugins:

PagePipe uses the following simple security plugins. We predict load time in milliseconds using P3 Plugin Performance Profiler (by GoDaddy). NOTE: P3 plugin will slow down your site. Don’t leave it installed!

1Limit Login Attempts Reloaded (1ms)
Active Installs: 900,000+
package download size: 107k

Brute-force attacks are the simplest method to gain access to a site. The hacker tries usernames and passwords, over and over again, with a “bot” until they get in. This lightweight plugin prevents brute force login attacks using .htaccess. .htaccess is a configuration file on web servers running Apache Web Server software.

Time-limited number of login attempts block the hacker’s IP address.


2Change Table Prefix (1ms)
package download size: 11k

Protect your website from SQL injections. Replace your database WordPress default prefix (WP_). Use any other alternative prefix in a single click. An SQL injection is a computer attack. Hacker’s can embed malicious code in a poorly-designed applications. Then pass it along to the backend database. Anything can then happen on your site.


3Email Address Encoder (2ms)
package download size: 12k

A lightweight plugin to protect email addresses from email-harvesting robots. The plugin encodes addresses into decimal and hexadecimal entities. No configuration required.


4Block Bad Queries (BBQ) 4ms
package download size: 77k

A simple, super-fast plugin that protects your site against malicious URL requests. Hackers can redirect user requests from your site to an illegitimate site. No plugin configuration required.


Testing iThemes Security plugin: What went wrong?

After installing iThemes Security plugin, we got a GoDaddy email notification. It said our hosting account exceeded its resource limits.

Email warning from GoDaddy hosting (shared Linux, magnetic drives).

The recommended solution by our benevolent host, of course, is buy more server goodies. But the better answer – they don’t tell you – is simpler and cheaper than that.

Once again, we observe that plugin file weight is indicative of resource consumption. If not page load time, then RAM or MySQL databases are gobbled up. This isn’t always the case. But a fat plugin is suspicious and requires testing. To find out how your site is using resources, click the C-Panel icon “CPU and Concurrent Connection Usage.”

After the “warning,” we checked Cpanel (CPU and Concurrent Connection Usage). It said RAM usage jumped from 89M normal to the 512M maximum available. We’d never encountered this problem before. The “spike” in the Cpanel Memory data occurred when we installed the iThemes plugin.

We completely uninstalled that nasty security plugin. Ram usage immediately began dropping down. An hour later the RAM usage was 221M. By 1.5hrs, it was 128M. We were finally drifting back into the green zone. Are we the only ones to ever see this weirdness? No. Read on.

In the production notes:

“Enhancement Jan 2016: Updated the File Change Detection feature to attempt a max memory limit of 256M rather than 128M as some users experience out of memory issues which could be fixed with the higher memory limit.”

So what? What’s the big deal?

When you exceed server limits, many hosts at least will start throttling your site. Or worst-case, take your site offline for hours to days. They claim they’re protecting other sites hosted on the server from your malfeasance. You’re dragging everyone else down with you.

Bandwidth throttling is the intentional slowing by your Internet service provider. This helps limit network congestion and server crashes. But it’s also often a lame excuse to justify poor performance. And sloppy cramming  of thousands of domains on a server. You can’t control this. But you can avoid memory-hog plugins – like iThemes Security.

Is iThemes Security the Lone-Ranger plugin that consumes RAM? Nope.

There are a bunch of plugins we know of (and many others we don’t). But they aren’t security plugins.

Here are some examples:

Checking broken links one by one is not physically possible, even for a small site. There are many free and paid tools that check for broken links. You can get the Broken Link Checker plugin (active installs 500,000) and check the health of your links with it.

Update: We now recommend a different newer link checker plugin. Read about it here:
REFERENCE: https://pagepipe.com/dont-slow-down-your-site-with-a-broken-link-checker-plugin/

But Broken Link Checker is a RAM hog. You’ll see two spikes on the graph below. The first is when we switched on Broken Link Checker and it started it’s automated crawling of the site. The second peak is UpDraft Plus (1 million active installs) doing an automatic site backup. We keep Link Checker deactivated and only run it once a month.

What if you’re running Link checker? And doing a backup? And have a hog security plugin running all together? You’re doomed. What can you do!?

Well, on the C-Panel dashboard is a icon that looks like this:

Click it. You’re taken to a dropdown menu. There you can select the version of PHP (Hypertext Preprocessor), a server-side scripting language. This is the code used to run WordPress.

Our PHP version was set to 5.3. We reduced WordPress memory usage by upgrading from PHP5.3 to PHP5.5. The newer versions compress better and run faster. And this speed improvement is free. Version 8 is the latest and greatest. And supposed to really be fast – but not all hosts provide it yet. How much improvement did we see?

Changing the PHP version reduced RAM usage by 20 to 30 percent. This keeps us safe. Now we idle around 70M. We’re staying far away from the 512M rail. But when we do daily backups, we push up the usage. We improved this with better backup plugin settings. We could do manual backups when we create new content. But instead we compromise and switch from daily to weekly backups to reduce the load. That works for us.

MORE ESOTERIC SECURITY FOR SPEED GEEKS

These are non-essential security measures for the fearful. Many “security” measures do nothing for security while missing out on important things like login protection and password strength.

Want to complicate your life in the name of absolute security so you can pass an odd security test? Like https://securityheaders.com/ Try one of the futile header modification plugins below. We’re not using them. We tested them and found them over the top in complications. We accept our big fat “F.” Do we care?

content security policy
Content Security Policy prevents content injection attacks by specifying valid sources of content for a site.

content security policy Pro
This Content Security Policy plugin will help the setup the Content-Security-Policy HTTP response header and block the XSS vulnerabilities.

eazy http headers
Eazy HTTP Headers provides three check boxes for settings on the general settings page.
Two of the check boxes, activate two functions built into WordPress, send_frame_options_header() & send_nosniff_header(), while the other sets a header for X-XSS Protection.
This allows you to control your sites HTTP Headers for X-Frame-Options & X-Content-Type-Options using functions built into WordPress functions.

The Eazy HTTP Headers Settings section is on the general settings page.

http headers
HTTP Headers gives your control over the http headers returned by your blog or website.

http security
Set up header instructions included in the HTTP protocol for website security improvement.

This plug-in provides enabling of the following measures:

* HSTS (Strict-Transport-Security)
* CSP (Content-Security-Policy)
* Clickjacking mitigation (X-Frame-Options in main site)
* XSS protection (X-XSS-Protection)
* Disabling content sniffing (X-Content-Type-Options)
* Referrer policy
* Expect-CT
* Remove PHP version information from the HTTP header
* Remove WordPress version information from the header

security header optimization
Advanced HTTP security header optimization toolkit. Content-Security-Policy, Strict Transport Security (HSTS), Public-Key-Pins (HPKP), X-XSS-Protection and CORS.

The plugin provides Content Security Policy Management with support for Reporting API and legacy policy conversion based on browser sniffing.

The plugin supports most security headers, including Strict Transport Security (HSTS), Public-Key-Pins (HPKP), X-XSS-Protection and all Cross-Origin Resource Sharing (CORS) related headers (Access-Control-Allow-Origin).

security headers
SetTLS headers for HSTS.

TLS is growing in complexity. Server Name Indication (SNI) now means HTTPS sites may be on shared IP addresses, or otherwise restricted. For these servers it is handy to be able to set desired HTTP headers without access to the web servers configuration or using .htaccess file.

This plug-in exposes controls for:

* HSTS (Strict-Transport-Security)
* HPKP (Public-Key-Pins)
* Disabling content sniffing (X-Content-Type-Options)
* XSS protection (X-XSS-Protection)
* Clickjacking mitigation (X-Frame-Options in main site)
* Expect-CT

HSTS is used to ensure that future connections to a website always use TLS, and disallowing bypass of certificate warnings for the site.

HPKP is used if you don’t want to rely solely on the Certificate Authority trust model for certificate issuance.

Disabling content sniffing is mostly of interest for sites that allow users to upload files of specific types, but that browsers might be silly enough to interpret of some other type, thus allowing unexpected attacks.

XSS protection re-enables XSS protection for the site, if the user has disabled it previously, and sets the “block” option so that attacks are not silently ignored.

Clickjacking protection is usually only relevant when someone is logged in but users requested it, presumably they have rich content outside of WordPress authentication they wish to protect.

Expect-CT is used to ensure Certificate Transparency is configured correctly.

simple iframe buster
You can set the X-Frame-Options header to SAMEORIGIN. Also enqueues a javascript based iframe blocker.

Provides a method of adding X-Frame-Options to the http headers for sites hosted in an environment that does not grant access to
the webserver config, .htaccess or lack mod_headers type facility.

+ Sets X-Frame-Options to SAMEORIGIN
+ Enqueue iframe blocking javascript

wp content security policy
Block XSS vulnerabilities by adding a Content Security Policy header, plugin receives violations to easily maintain the security policy.

Content Security Policy (CSP) is a W3C guideline to prevent cross-site scripting (XSS) and related attacks. XSS allows other people to run scripts on your site, making it no longer your application running on your site, and opens your whole domain to attack due to “Same-Origin Policy” – XSS anywhere on your domain is XSS everywhere on your domain.

CSP tells your browser to push least-privilege environment on your application, allowing the client to only use resources from trusted domains and block all resources from anywhere else.

Adding CSP to your site will protect your visitors from:

* Cross-site scripting (XSS) attacks
* Adware and Spyware while on your site

This plugin will help you set your CSP settings and will add them to the page the visitor requested. Policy violations will be logged in a database table which can be viewed via an admin page that supplies all the violations, along with counts. Buttons easily allow you to add the sites to your headers or to ignore them.

This plugin also allows you to ignore sites that repeatedly violate your policies. For example, some tracking images will show as violating your policies, but you still don’t want them to run, therefore you can block the site from showing up in your logs – note, however, that the browser will still call your server and your server will still spend resources processing the call.

The Herd Mentality of “Essential” WordPress Plugins.

If you search the phrase “Essential WordPress Plugins,” you’ll get about 1.8 million results. They all tend to regurgitate suggestions for the same old plugins. Copycat content. No wonder the identical plugins keep getting more installs. Even when better alternatives exist.

Sorting and testing all the new plugins is too much work. So people don’t test. They assume. The assumption is “popularity” is good. For plugins, that is usually decided by looking at the number of active installs. Active installs is not a sign of quality or performance. It’s a standard of herd mentality.

Herd mentality, or mob mentality, describes how people are influenced by their peers to adopt certain behaviors. Examples of the herd mentality include nationalism, stock market trends, superstition, and home décor. —Wikipedia

Many recommended “essential” plugins have negative speed repercussions.

Our rule of thumb is: the more popular a plugin is (active installs), the higher the probability it’s a slow loading plugin. Why? We don’t know exactly why this correlates. But it holds up in our speed testing.

It’s the quality –not quantity– of plugins that slows down a site. Speed testing free plugins and themes is our specialty.

PagePipe.com (our blog) has 53 active plugins. It loads in under a half second in the USA and about 1.2 seconds for Europe (Pingdom.com). It can vary. That is using the cheapest, shared, old-magnetic GoDaddy hosting located in Arizona. No CDN. It will go even faster when GoDaddy updates to PHP 7.1 – but they’re running on outdated version 5.4. We share our server with 24 other domains. Why? We want to prove a point: You can use “speed strategy” rather than throwing money at load-time problems.

Our Mantra is avoid popular plugins. High number active installs means they’re the slowest.

We don’t know why “popular = bloated.” We speculate the plugin authors are content and apathetic to speed and quality. Popular plugins existed first and use old unoptimized coding techniques (obsolescence). They tend to get heavier with revisions instead of lighter (kludges).

The authors of old plugins don’t have competitive motivation to be lean for speed. This isn’t true for newer, less-installed, lighter plugins. Speed (load time) is now a desired feature we’re seeing more because of mobile devices. But fresh, fast plugins are not easy to find. There are 50,000+ plugins in the free directory. Wow! An ocean. We’ve calculated the directory growth rate and it’s 20 percent annually. That means 10,000 more plugins potentially in 2017.

What is more characteristic of “goodness” is retention rate. That’s calculated by taking the active installs and dividing by the number of downloads for all time. A plugin with a retention of 20 percent is pretty good. If it’s 5 percent or less, it’s a danger sign. They were tried – and dumped.

Slow plugin’s download file size is a clue. Bigger files load slower. There are some exceptions – but they are few.

Typical erroneous herd plugin suggestions

Jetpack
Always recommended by unknowing blogs.
https://pagepipe.com/the-truth-about-jetpack/

Anti-spam
Myth: A plugin to protect your site from spam comments is vital. Prevents user registrations from bots.
The usual recomendation is Akismet (installed with WordPress).
We say: Disable comments with a plugin. And get rid of Akismet, too. They’re a waste of time. Read more here:
https://pagepipe.com/does-akismet-plugin-help-or-hinder-wordpress-page-speed/

Sitemaps
Google XML Sitemaps are supposed to help SEO. We’ve found they are unnecessary. Google is quite capable of crawling your site fast. The best reason to include a sitemap is for visitors to find things. This is called “findability.” So we recommend using an HTML sitemap. But we’ve found a nice plugin that does both:
Simple WP Sitemap, Active Installs: 30,000+, download size: 115k.

Schema
All In One Schema.org Rich Snippets plugin. Fiddling with snippets is unproductive. Read more: https://pagepipe.com/speed-up-yoast-seo-plugin-remove-it/

Caching
Myth: Caching plugins speed up your site and make it quicker to access.
The usual recommendation is either W3 Total Cache or WP Super Cache plugin. We’ve find no speed improvement from caching plugins on well-optimized websites. In those conditions, there is no measurable benefit from caching. Except for one caching plugin, and it didn’t improve caching, it improved TTFB which is a server-side improvement in speed.

Cache Enabler, Active Installs: 20,000+, download size: 17k

Usually improvement from caching plugins is from some other function that is not caching related – like enabling Gzip code compression.

Lazy Loading Images
The usual recommendation is BJ Lazy Load. It is not our preference for speed. We’d recommend:
Rocket Lazy Load, 8,000+ installs, download size: 361k.

and for YouTube and Vimeo videos:
Lazy Load for Videos, 6,000+ active installs, download size: 254k.

Contact form
Myth: A contact form is the standard now for most sites.
The usual recommendation is Contact Form 7.
We don’t believe contact forms are necessary. They slow down your site. Use a large-size, email text link instead with Email Address Encoder plugin, 80,000+ installs, download size: 5k.
https://pagepipe.com/contact-form-7-plugin-causes-global-site-drag/

Gallery
Myth: Gallery plugins enhance or replace WordPress native galleries. These are also called “slider” plugins.
They always slow down a page load. And they are proven ineffective for navigation and SEO.
https://pagepipe.com/what-slider-is-the-fastest-loading/

Image optimization
Myth: Plugins always help compress the file size down to a sane level.
The most common and worst recommendation is Smush Image Compression and Optimization plugin. Read more about better alternatives:
https://pagepipe.com/smush-plugin-doesnt-really-help-with-speed/

For significant image optimization, we recommend:
Imsanity, 200,000+ active installs, download size: 152k

Search Enhancement
Myth: Plugins can increase the power and relevance of your searches to users.
The most common recommendation is Relevanssi plugin.
Read why the Relevanssi plugin author says not to use this particular plugin any more:
https://pagepipe.com/plugin-popularity-is-rarely-an-indicator-of-good-value-for-speed/

SEO
Myth: SEO plugins will help your site rank higher in search engines.
The usual recommendation is either “All in One SEO Pack” plugin or Yoast SEO.
SEO plugins are a waste of time. Read more about why you shouldn’t install an SEO plugin:
https://pagepipe.com/speed-up-yoast-seo-plugin-remove-it/

Security
Myth: WordPress security plugins don’t affect speed.
The usual recommendation is iThemes Security (formerly Better WP Security).
Most people don’t know security plugins slow down your site and use up server resources.
https://pagepipe.com/do-security-plugins-slow-down-wordpress/

Social sharing
Myth: A social sharing plugin improves site traffic and SEO.
We don’t believe social media marketing is a vital part of content marketing these days. It’s a controversial topic. But from our research, it is usually unproductive. Only 12 likes on your blog page isn’t very convincing or credible. It’s hard work to generate beneficial traffic from Facebook – an unproductive waste of time.

Most Facebook widgets and counters drastically slow down your site. Are you really getting a good return on your time investment with social media links? We’ve seen one-second wait times for Facebook counter widgets.

Broken Link Checker
This plugin slows down your site by consuming server resources. Broken Link Checker plugin is a RAM hog. It’s best to leave it disabled and only run it manually – not automatically. We keep Link Checker deactivated and only run it once a month.

Redirection
We see nothing wrong with this plugin suggestion other than it’s heavy. It automatically adds a 301 redirection when a post’s URL changes. The Redirection plugin has 700,000 active installs, and the download weighs 516k.

We use:
Simple 301 Redirects, Active Installs: 200,000+, download size: 5k. Much lighter.

MailChimp for WordPress
We actually use MailChimp. It does cause site drag. But we use:

Yikes Easy Forms for MailChimp plugin, 50,000+ installs, 3.7M download
3 HTTP requests, 4.5k page weight,  93 milliseconds load time.
This plugin is coded so minification is a big benefit. Concatenating and minifying with Autoptimize plugin reduced load time to 36 milliseconds for all theme and plugin CSS files. Bonus!
https://pagepipe.com/is-mailchimp-a-good-choice-for-speed/

Anti-spam: Disable comments and get rid of Akismet, too.

Anti-spam
Myth: A plugin to protect your site from spam comments is vital. Prevents user registrations from bots.
The usual recomendation is Akismet (installed with WordPress).
We say: Disable comments with a plugin. And get rid of Akismet, too. They’re a waste of time.

Comments are a unique and tightly integrated feature of blogging. But the Internet has changed. It’s an uglier, more cruel environment.

Trolls are people who leave hateful or disrespectful comments for no apparent reason except for the attention that they receive.

Akismet is part of a cloud-based spam-filtering system. It checks your blog comments against the Akismet Web service to see if they look like spam or not. It’s THE number-one most popular plugin with over 52 million downloads (not installs). It’s preinstalled by default on every WordPress self-hosted option. Now you understand why it’s “popular.”

The plugin download weighs 57k zipped (182k decompressed). Small for a popular plugin – not the usual enormous size. Load time: about 8 milliseconds (tested with P3 plugin).

We don’t use Akismet anymore. Not because it might let spammers hack the site or may delete legitimate comments. Not because flagging comments as spam lets the spammers leave their garbage and the blog owner has to review each comment. Not because it’s a waste of time. Not because of false positives: Akismet has a reputation for flagging good comments as spam.

Not because all that Akismet junk uses up our bandwidth, disk space and clutters up our WordPress database with comment metadata.

We ax Akismet immediately because of two reasons: it’s not free and comments are stress producing.

Akismet is not free. Many plugins are free that do the same thing.

“Now Akismet spam catching technology is free for non-commercial personal blogs but if you maintain a corporate blog or run a network of blogs, you are required to buy a commercial license of Akismet that starts at $5 per month. Professional bloggers, or anyone who makes more than $500 per month in advertising revenue from a WordPress blog, is also required to pay $5 per month for the Akismet license.” – http://www.labnol.org/internet/blogging/how-wordpress-makes-money/7576/

If you make money selling anything and use Akismet – ads, books, downloads, services, or products, you owe $5 per month to Automattic as of March 2016.


Builtwith.com sells stats and a list of Aksimet users: “Get a list of 421,388 websites using Akismet which includes location information, hosting data, contact details, 108,071 currently live websites and 313,317 sites that used this technology previously.” There are 100k current users who pay – sounds possible. That’s $6 million dollars in repeat annual income. That’s realistic numbers.

Official prices: https://akismet.com/plans/

Plus version is $5 per month, per site. Claim: Spam protection for professional or commercial sites and blogs.

Premium versions is $9 per month, per site. Claim: The complete security solution that protects you from more than just spam.

WordPress has been pushing the Akismet plugin forever. Is it worth the price? No! There are better, free, alternative plugins. And you don’t end up on a mailing list.

AKISMET ALTERNATIVES: FREE PLUGINS

Despite its popularity, Akismet really doesn’t perform better than similar spam-prevention plugins. Here are Akismet alternatives that outperform Akismet in any benchmark:

Bad Behavior plugin
There have been some troubles with old versions of this plugin so make sure you install the latest for security reasons. Bad Behavior prevents spammers from ever delivering their junk, and in many cases, from ever reading your site in the first place. Spammers are shown an error message instead of your website. There is an error key in the error message that humans can use to gain access to your website should they be blocked accidentally. (60,000+ installs, 175k download size).

Antispam Bee
This is the most widely known and used alternative anti-spam plugin. Antispam Bee has many options and features and is also easy to use. It’s reported to be very fast and also offers a spam counter on the dashboard. (700,000+ installs, 84k download size). This the plugin we prefer.

AVH First Defense Against Spam
The AVH First Defense Against Spam plugin gives you the option to block the spammers by the Area Name or the I.P Address. This plugin checks for any spam activities using Spam databases such as Honeypot and StopForumSpam. (10,000+ installs, 138k download size).

Anti-spam plugin
Anti-spam plugin blocks spam in comments automatically, invisibly for users and for admins.

  • No captcha. Spam isn’t the visitors’ problem.
  • No moderation queues. Spam isn’t the administrators’ problem.
  • No settings page, forget about spam completely and keep the WordPress admin section clean.

Plugin is easy to use: just install it and it works. (100,000+ installs, 10k download size – tiny!). Plugin blocks spam only in comments section. Load time: about 2.5 milliseconds (tested with P3 plugin) Faster than Akismet.

Cookies for Comments
This plugin adds a stylesheet or image to your blog’s html source code. When a browser loads that stylesheet or image a cookie is dropped. If that user then leaves a comment the cookie is checked. If it doesn’t exist the comment is marked as spam. The plugin can also check how long it took a user to enter a comment. If it’s too fast it’s probably a spam bot. How fast can a legitimate user enter their name, email, web address and enter a well thought out comment? (30,000+ installs, 8k download size). Load time: about 0.8 milliseconds (tested with P3 plugin) Faster than all other plugins!

If you use wp-minify make sure you add the Cookies for Comments CSS file to the list of CSS files that shouldn’t be minified.

No Spam At All
No Spam At All prevents spam comments on your WordPress blog. The plugin filters out comments that are posted by robots. Go from 3,000 spam comments per day to zero spam comments per day. If you have bulk of pending spam comments, No Spam At All will help you manage the comments with just one click. (900+ installs, 78k download size).

THE BEST SPAM SOLUTION

Comments are making the Internet worse. So we got rid of them. We are free! Peace of mind.

Note: Christian, our favorite editor, thinks this is a lame solution/excuse. We love his remark, “It’s a lot like saying, ‘I’m worried about some fatal illness, so I’m going to kill myself before that can happen.’” Christian keeps us honest.

Decision based on science. Researchers have found that when readers are exposed to uncivil, negative comments at the end of articles, they trust the content of the pieces less. (Scientists dubbed this the nasty effect.) Negative comments accompanying an article caused readers to hold the article in lower esteem. In an increasingly competitive environment, websites can ill afford to have their content and brands tarnished this way.

Stop the harm caused by comments to readers, writers and site brand. Comments should be heavily moderated to promote civil, intelligent conversation; otherwise, they should be removed. If you don’t want to take the time to do it yourself, hire a virtual assistant to moderate your comments for you.

What you blog about will determine whether comments are useful or not. It’s not a one-size-fits-all thing.

Christian notes again: “Lots of people love reading negative blog comments.”

The Rising Trend of Turning Comments Off

The burden of moderation, spam, and the availability of other conversation “outposts” (like Facebook) are the main reasons for closing comments.

WordPress users are constantly on the hunt for better tools to help manage commenting and mitigate the unrelenting onslaught of spam. Publications turn comments off for different reasons, but it’s rarely due to the fact that they do not appreciate the comments left by genuine community members. Oftentimes, the burden of spam moderation becomes greater than the benefit of conversation on posts.

CONTENT MODERATION

The intensive resources required for fair and effective moderation, and the human toll moderation takes on the moderators, most are deciding it isn’t worth the trouble to leave comments on. Most bloggers would rather devote time and energy to working on stories and interacting with readers on social media or via email. Comments have too low of a return on investment any more (ROI).

You don’t have to deal with spam, vitriol, and people who wrongly assume your blog’s comments are a support forum.

We prefer “no comments” to a curated list of positive comments.

The solution for sites where interaction isn’t critical? Turn the comments off. Trolls, spambots, and a “fractious minority” detract from intelligent conversation and sharing. While there are provisions for turning off comments in WordPress, we like these plugins below and use them often when retrofitting old sites.

PLUGINS TO TURN OFF COMMENTS

No Page Comment
An admin interface to control the default comment and trackback settings on new posts, pages and custom post types. (30,000+ installs, 23k download size).

★ ★ ★ ★ ★
Disable Comments

Load Time: 60 milliseconds

Disable Comments
This plugin allows administrators to globally disable comments on any post type (posts, pages, attachments, etc.) so that these settings cannot be overridden for individual posts. It also removes all comment-related fields from edit and quick-edit screens. (900,000+ installs, 79k download size).

Comments Disable – AccessPress

Load Time: 40 milliseconds
Disable comments on site globally with just one click. Comments can be disabled according to post type. (4,000+ installs, 115k download size).

WP Disable Comments

Load Time: 0 milliseconds

This plugin allows administrators to disable comments, trackbacks and/or pingbacks on a site or a network. The goal of this plugin is to be as comprehensive as possible and at the same time provide the flexibility to just as much as you want to. (6,000+ installs, 100k download size).

SPECIAL TECHNICAL NOTE

If you remove the “Disable Comments” plugin, and you want to get comments back “on”:

1. Remove the Disable Comments plugin.

2. Change the default article settings under WordPress “Discussion” to “Allow people to post comments on new articles”

That makes it work on new posts. But …

Found this on a technical blog:

“The setting at Settings > Discussion only enables the *default* for *future* posts, it does not effect existing posts in any way.”

It can be done manually now one-by one. On new posts, it is automatically activated. Tedious.

THE SECRET: How to globally and retroactively activate comments on old posts.

The solution:

  1. Posts > All Posts
  2. Change default from 20 posts per page to 200 in the admin screen. Go to Screen Options in the top right corner and change the number of Posts Displayed per page.
  3. Select the posts to edit with “all” checkbox at top of list.
  4. Click on the Bulk Actions dropdown menu.
  5. Select Edit (same dropdown) and click Apply. No changes happen yet.
    In the Comments dropdown, select Allow. Then Update.
  6. Done after a wait.
  7. Reset default to 20 posts.
  8. Do random check of a post. Bingo. They are back. :)
  9. Clear all caches including CDN.
  10. Backup to preserve the new changes.
  11. Done.

Whew!

Some plugins Autoptimize eliminates for speed.

Autoptimize is a multipurpose plugin. In most cases, we hate multipurpose plugins like Jetpack or Yoast SEO. They’re bloated, slow, and heavy. We especially dislike including features that concatenate JavaScript, CSS, or HTML files. These minification plugins often break sites.

REFERENCE: https://pagepipe.com/concatenation-is-the-site-killer-not-minification/

Our preference is discrete plugins with one function and no settings. Why? You can selectively deactivate (bonus) – and they usually load in under 1 millisecond.

Note: Don’t use the recommended WebP images suggested by Autoptimize. They don’t help much and won’t work cross-browser. We aren’t fans of WebP format developed by Google zealots in 2010. Not cool. Really.

Autoptimize loads in 18 to 25 milliseconds. That’s the equal of installing 18 discrete plugins. But if you *need* Autoptimize, there’s an upside. Keep reading.

 It’s an odd plugin – but not obscure. Autoptimize is popular with over 1 million installs. Most often, it’s installed for minification benefits reducing requests. But many cool features go unused. Most people use the default settings and figure that’s good enough. And usually, it is. But there are bonuses if you want them for speed.

There’s an opportunity to remove 7-speed plugins when using Autoptimize plugin

  • a3 Lazy Load
  • Cache Enabler (or other caching plugins)
  • Disable Emojis
  • ShortPixel Optimizer
  • WP Remove Query Strings from Static Resource
  • Remove Google Fonts References
  • Any minification plugin like Better WordPress Minify plugin or others.

The Autoptimize plugin recommends using Cache Enabler plugin in tandem with it. Please test your speed without it first. We like Cache Enabler but it isn’t always necessary on a well-optimized site.

Enable the Autoptimize features as shown in the following screens:

Click to enlarge.

Click to enlarge.

Click to enlarge.

Dump ShortPixel plugin, too.

Autoptimize recommends ShortPixel Optimizer plugin. If you’re using ShortPixel, remove it. And then install free Imsanity plugin for image optimization. ShortPixel costs money. Oh? Didn’t they tell you that? Read the plugin fine print.

REFERENCE: https://pagepipe.com/how-to-optimize-images-for-mobile-speed-with-imsanity-plugin/

Click to enlarge.

Click to enlarge.

Is there any lightweight firewall plugin substitute for WordFence Security plugin?

“Wordfence is slowing down our site. What’s PagePipe’s suggestion?”

Removing the WordFence Security plugin speeds up your site. When you pull it, how do you protect your website – and still get fast speed?

We remove WordFence from sites during “plugin surgery” (site-origin optimization). Let us tell you why:

On a recent project, WordFence Security plugin caused 545 milliseconds of “site drag.” The plugin was one of 20 installed. It alone was 46 percent of the plugin speed overhead. That’s when a plugin does global loading on every page and post. It slows down the entire site.

Selective plugin activation tricks won’t work for security plugins.
REFERENCE: https://speedhospital.org/speedswitch/

WordFence Security is a heavy plugin. In our case study, it consumed 25 percent of the 2-second performance budget. This is an unpublished technical specification. The plugin author is under no obligation to share speed consequences. This is a convenient sin of omission.

Could we predict this plugin would be slow without installing it?
The answer to that is:

Yes.

Here are the biggest indicators:

1. WordFence Security is a popular plugin. It has 4-million active installations. The natural assumption is it must be the best. We have found a direct correlation between popularity and speed. The more popular a plugin is – the slower it is. Is it always that way? So far. Until WordPress requires accountable publishing of speed impact in read.me files (Maybe never?).

2. The WordFence Security zip package size is 4.9 MB. Super fat. Uncompressed it’s 13.6 MB. For comparison, how big is the WordPress core download? 16.5 MB zipped download. (52.9MB unzipped). That puts the plugin heaviness in perspective. It’s about 25 percent of the size of the system you’re running on.

How big was the original WordFence Security version 1.4.1 zip file size? 1MB. Did the decompressed super file size increase significant features? We doubt it. The extra bloat is marketing popups and nag screens. These *encourage* upsales and addons to the Pro version. They’re annoying.

WordFence Security plugin is a Swiss-army knife plugin. It does everything. We prefer discrete plugins that perform one simple function with few or no settings.

Are there better lightweight plugins that block malicious file upload?

Yes. We sell this $9.95 ebook:

https://pagepipe-ebooks.com/police-me-speed-knockoff-inspired-by-ithemes-security-plugin/

But since you asked, here’s what we’re using today for security:

1. Limit Login Attempts Reloaded prevents a brute-force attack: https://wordpress.org/plugins/limit-login-attempts-reloaded/
No settings needed. But we usually change the “4” attempts to “17.”

2. The Change Table Prefix plugin protects your website from SQL injections: https://wordpress.org/plugins/change-table-prefix/
It requires a setting is to change the prefix. We don’t use this on sites that have been migrated. It often will nuke the site. White pages. Many hosts now automatically change the database prefix for you when you migrate to their services.

3. BBQ: Block Bad Queries plugin protects your website against malicious URL requests. Hackers can redirect user requests from your site to an illegitimate site. No configuration required.
https://wordpress.org/plugins/block-bad-queries/

4. Deactivate XML-RPC Service plugin: Disabling WordPress XML-RPC is a precautionary measure against brute force attacks. No settings. https://wordpress.org/plugins/deactivate-xml-rpc-service/

NOTE: This plugin is not longer needed when using Limit Login Attempts Reloaded plugin. It has this security feature built-in now. No setting required.

5. The Email Address Encoder plugin protects email
addresses by hiding them from email-harvesting bots.
No configuration required. But we recommend selecting: Notices and promotions: Hide notices and promotions for all users. This prevents annoying nag screens.
https://wordpress.org/plugins/email-address-encoder/

These 5 discrete plugins will add only 9 milliseconds to your site.

But here is the biggest tip of all – and it has nothing to do with plugins:

Change your WordPress login password. Make it anything that has a total of 12 characters, numbers, or symbols. Make it lower and upper case for a few characters.

For example:
BlueMou$e61=

Nine-character passwords take five days to break. 10-character words take four months. 11-character passwords take 10 years. Make it 12 characters, and you’re looking at 200 years worth of security – not bad for a little letter.

How to fix Twenty Twenty default theme’s font speed problem.

What you should know about the Twenty Twenty theme – and potential mobile speed problems.

We tested the Twenty Twenty default theme. We strip the theme and WordPress core, using our usual plugins. We describe that process in this video about the Twenty-nineteen theme:

REFERENCE: https://pagepipe.com/under-1-second-page-speed-with-twenty-nineteen-theme-and-heavy-video/

Default Twenty Twenty theme demo.

There is one gotcha we’ve never seen before. Read on.

In the Twenty-nineteen theme, the developers were kind enough to use a mobile system font stack. Great for speed. It’s a 385k zip file download.

But in Twenty Twenty, there’s a font in the stack called “Inter.” It’s a variable font. This isn’t an accepted technology yet. There are known issues with variable fonts in Chrome. In particular, on Microsoft Windows.

The request for “Inter Var” isn’t for a Google font. Inter font is a Google font now but still seeing the same troubles in speed waterfalls. Plugins can’t remove it. Nor is it a system font. We’re not sure why they used it except they thought it was cool. It’s a speed liability. To remove it, you have to add custom code to the customizer:

h1, h2, h3, h4, h5, h6, p {
font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", Helvetica, sans-serif;
}
body {
font-family: -apple-system, BlinkMacSystemFont, "Helvetica Neue", Helvetica, sans;
}

But even that custom CSS fails. To remove the 800-millisecond delay caused by this font, we deleted the code from the theme style.css file. Even if you use !important to force it.

BEFORE removal of Inter Var


AFTER removal of Inter Var font. 800-milliseconds faster load time.

We don’t appreciate being experimental guinea pigs for faddish slow font features like variable fonts.

After stripping the theme and core, load times on shared hosting are about a half-second. There are only 5 requests per page.

Adding Autoptimize plugin creates no gain in reducing the number of calls. jQuery is not activated by the theme. That’s a nice speed bonus.

Twenty Twenty theme is a 638k zip file download.

★ ★ ★ ★ ★
Twentig

Load Time: 140 milliseconds

We’re happy to report a plugin called Twentig is now available in the WordPress plugin directory for free. The plugin allows you to remove the Inter font eliminating the over 500-millisecond slowdown on all pages and posts. The lightweight plugin download folder weighs only 36k. Site drag is under 1 millisecond. Beautiful for speed. That stinking font is finally GONE! Fast system fonts instead.

Customizer > Twentig Theme Options > Fonts > Body Font > Select UI System Font

Here’s another great plugin to remove the dead-weight font:

https://wordpress.org/plugins/options-for-twenty-twenty/

What about the Chaplin theme?

Twenty Twenty is based on Chaplin, a theme with high flexibility and support for extreme customization.

Chaplin has a zip package download size of 1.2MB. Our cutoff for evaluation is 1 megabyte. It smells sort of interesting. The biggest heavy boat anchor is including Font Awesome. That’s bad for speed. If they left that out, the theme has real speed possibilities. Test results:

Pingdom SF: 118k, 526ms, and 10 requests.

Demo page: Chaplin theme.

That is with loading Merriweather – the theme default Google font. But you can change the font to Arial in the Customizer. Or leave the two font fields blank and then a mobile font stack is used. That’s the best choice. It should be the default. And the theme loads jQuery globally. Not a good choice either. But livable since many plugins activate jQuery, also.

Activating Autoptimize plugin took the Chaplin theme test results down to:

71k, 461ms, and 7 requests.

We observe that Font Awesome is not enqueued by default. But from experience – if it’s used even once – it globally loads at least 75k on every page. So avoid that trap.

Of the two themes, we prefer Twenty Twenty with Inter font defeated in CSS for speed.

But Chaplin has beautiful Customizer features like:

  • disabling comments
  • default related posts
  • deactivating author and date metas (for evergreen content).

Very nice and tempting.

We like what we see in Chaplin. We’re impressed. It’s an underrated theme. Lots of nice features eliminate extra plugins reducing the speed overhead.


Addendum

I wanted to thank you for the article you wrote about the new WP 2020 theme. It’s the only article I’ve found really talking about the speed issue with the Inter Var font.

I tried deleting the font settings on Line 253. However, I see multiple other instances where inter-var shows up in the code. (It seems like deleting line 253 may have interfered with some automatic color-adjustment when using a color background.) Is there a straightforward way to removing the Inter Var font? Thanks again!  PS- The Woo Storefront theme (which was very customizable and still highly limited) was much faster than 2020. My dad even said “huh, your site is noticeably slower on mobile” and he’s not a tech guy at all. —Travis Burch

To remove it, we used the WordPress Theme Editor. (Appearance > Edit Theme > style.css).

We tried using the Customizer to change the CSS. It didn’t work for us. We don’t know why. That’s abnormal. Everywhere font-family: “Inter var” exists has to be manually removed.

When the theme updates that junk returns to the code. Annoying. There are ways to prevent updates with a plugin. That would be a clunky workaround.

For this reason, we now think Twenty-twenty theme sucks for speed. But were still experimenting.
OFFSITE LINK: https://www.machmetrics.com/speed-blog/average-page-load-times-for-2020/

Popular Plugin Thoughts & Myths

Sitemaps
XML sitemap functions are included as part of WordPress core since August 2020. Google XML Sitemaps are supposed to help SEO. We’ve found they are unnecessary. Google is quite capable of crawling your site fast. The best reason to include a sitemap is for visitors to find things. This is called “findability.” So we recommend using an HTML sitemap. But we’ve found a nice plugin that does both:
Simple WP Sitemap, download size: 115k.

or

Hierarchical HTML Sitemap, download size: 9.1k

Schema
All In One Schema.org Rich Snippets plugin. Fiddling with snippets is unproductive. Read more: https://pagepipe.com/speed-up-yoast-seo-plugin-remove-it/

Caching
Myth: Caching plugins speed up your site and make it quicker to access.
The usual recommendation is either W3 Total Cache or WP Super Cache plugin. We’ve find no speed improvement from caching plugins on well-optimized websites. In those conditions, there is no measurable benefit from caching. Except for one caching plugin, and it didn’t improve caching, it improved TTFB which is a server-side improvement in speed.

Cache Enabler, download size: 17k

Usually improvement from caching plugins is from some other function that is not caching related – like enabling Gzip code compression.

Lazy Loading Images
Lazy loading is included in WordPress core since August of 2020. The usual recommendation is BJ Lazy Load. It is not our preference for speed. We’d recommend:
Rocket Lazy Load, download size: 361k.
and for YouTube and Vimeo videos:
Lazy Load for Videos, download size: 254k.

Social sharing
Myth: A social sharing plugin improves site traffic and SEO.
We don’t believe social media marketing is a vital part of content marketing these days. It’s a controversial topic. But from our research, it is usually unproductive. Only 12 likes on your blog page isn’t very convincing or credible. It’s hard work to generate beneficial traffic from Facebook – an unproductive waste of time. If you’re a celebrity, it’s a different story.

Most Facebook widgets and counters drastically slow down your site. Are you really getting a good return on your time investment with social media links? We’ve seen one-second wait times for Facebook counter widgets.

Broken Link Checker
This plugin slows down your site by consuming server resources. Broken Link Checker plugin is a RAM hog. It’s best to leave it disabled and only run it manually – not automatically. We keep Link Checker deactivated and only run it once a month.

Redirection
We see nothing wrong with this plugin suggestion other than it’s heavy. It automatically adds a 301 redirection when a post’s URL changes. The Redirection plugin has 700,000 active installs, and the download weighs 516k.

We use:
Simple 301 Redirects, download size: 5k. Much lighter.

Is there a speed plugin for fixing Pingdom “Leverage Browser Caching” errors?

We demonstrate a common but little understood speed problem usually labeled as Leverage Browser Caching. Various tests report this fault condition slowing down pages. But they don’t explain much about what it is and how to fix it. It’s pretty simple – and there’s a nice plugin solution.

There are various sites for testing page speed. Our favorite is WebPagetest.org. It’s a popular place so you usually have to wait in line – plus their test is pretty comprehensive adding more delay for results. Our go-to test for faster quick-and-dirty results is Pingdom.com – and after that GTmetrix.com

Here’s a screengrab of a Pingdom test for an optimized site:

test-1-far-futres

The test says there are two “failures” (big red Fs). Those are #1 Minimize request size and #2 Leverage browser caching. That seems like pretty harsh criticism for a page that loads in only 658 milliseconds on cheap, shared GoDaddy hosting. We soon discover the bad review isn’t really warranted. Let’s take a closer look by expanding the “accordion” performance insights:

examining-the-failures

We almost laugh out loud at the itemization of errors. First, there’s only one URL that doesn’t fit into a single packet causing the first error condition: Minimize request size. And that’s an HTTP request call to Google CDN for a webfont. Completely beyond our control and something Google should care about more than us. Let’s move on and just ignore that single call. But talk about harsh – an “F” (41).

Why speed test scores are bogus READ MORE here:
https://pagepipe.com/online-speed-test-scores-are-especially-useless-for-mobile-speed-improvement/

The second category, Leverage browser caching, says there are 6 errors. Five are image files and the last file is another Google font. Again, we have to ignore the errant Google font.

Note: A simple font solution would be killing (removing) Google fonts and use the native browser fonts in the CSS stack. We could do this with Remove Google Font References plugin. But we feel the fonts add to the page “style.” The pages are pretty fast already and load time is more important than getting a good Pingdom score.

So how do we get rid of this Leverage browser caching problem? They give us a hint with the instructions:

The following cacheable resources have a short freshness lifetime. Specify an expiration at least one week in the future.

What does that mean? They are talking about a web speed trick called far-futures expiration. It is a best-practice for speeding up your website by using Expires or a Cache-Control Header. This is server-side coding that is added in the .htaccess file that resides on your server. There are many tutorials on how to do this manually. But if you are inexperienced at editing these kinds of files via Cpanel or FTP, we have a simpler, automated plugin solution. Read on:

★★★★★
Far Future Expiry Header

Load Time: 10 milliseconds

This plugin appeared abandoned but it’s author returned and updated it recently. While this isn’t always necessary, it’s a good sign the plugin is “fresh.” We’ve used it for years.

This plugin will add a “far future expiration” date for various file types (like image files) to improve site performance. This is a best practice advocated by the Yahoo Extreme Performance Team. It keeps files and images cached longer. There is also a radio button to enable Gzip – a nice addition. (More about Gzip >)

A first-time visitor to your page causes many HTTP requests, but by using the Expires header those components become cacheable. This avoids unnecessary HTTP requests on subsequent, repeat page views. The web server uses the Expires header in the HTTP response to tell  your visitor’s browser how long a component can be cached (stored).

The Expires response header gives a date when a page component becomes stale.

Using a far future Expires header affects page views only after a user has already visited your site. It has no effect for first-time visitors and the browser’s cache is empty. The impact of this performance improvement depends on how often users return. About half of your users or more could be return visitors.

Your server’s .htaccess file can be appended by using some simple plugin settings:

settings-far-futures

  1. Enable the Far Future Expiration Header plugin.
  2. Set the expiration to 365 days (yes, 1 year).
  3. Select all of the file types you are using.
  4. Select Gzip compression.
  5. Save.

The plugin doesn’t add page weight to your site. We call this a “weightless” plugin.

Will you see a speed improvement? It depends. If you didn’t have Gzip already activated on your server, you will see a big improvement. You’ll have a better Pingdom test result. Returning visitors will have a better user experience because images and other assets are already on the browser cache waiting. You’ve paid homage to a theoretical speed improvement. The effort to make it happen is minimal. So why not just do it? We do – always.

Leverage Browser Caching score is now an “A“. The only file that can’t be cached is the webfont from – ahem – thanks, Google.

Speed up Google Analytics by 334 milliseconds.

Google Analytic code causes your site to fail two speed tests. And the test criteria are invented by the web-demigod Google. Yes. Contradictions in their very own self-acclaimed PageSpeed test:

  1. How do you leverage browser cache when Google’s very own Analytics.js has it’s expiry time set to 2 hours?

  2. How do you minimize DNS requests when Google advises you to copy their tracking code, linking to an external-hosted Javascript file?

Google Analytics usually adds three HTTP requests. And anywhere from 100 milliseconds to 500 milliseconds load time. It can be slower during peak hours. We’ve seen up to one second. But that’s uncommon. Speed varies in different parts of the globe. That means certain hours are better and some are worse for waiting.

Google Analytics is a freemium web analytics service offered by Google that tracks and reports website traffic. … Google Analytics is now the most widely used web analytics service on the Internet. – Wikipedia

There were times when we built 50k to 70k home pages for speed. Page weight today averages 2 to 3M. We coded lightweight sites by hand in HTML and CSS. Today most site owners use CMS like WordPress to build websites.

Back then, adding Google Analytics added about 31k to the page weight. This, of course, was a horrific detriment to good speed. Today, Google serves a Gzip-compressed version weighing 13k. Much better page weight.

In 2010, Google introduced a third-generation asynchronous tracking code. This helped speed immensely – and in time for the Internet mobile revolution. But, does that mean Google Analytics code has no impact on speed? Or is it significant? It depends.

“… the performance of your pages won’t be impacted, with the possible exception of the very first page-load after you have added the tracking code. This first pageview calls the JavaScript on Google’s servers, which may take slightly longer than a regular page load. Subsequent pageviews will use cached data and will not be affected.” – Google’s Official Statement

Google Analytics requires inserting Javascript code into pages and posts on your site. While you can alter your header.php file by hand, the code will disappear when you update your theme. This can catch you by surprise.

The more modern alternative is using the Goggle API ID number and copying that into a plugin. This protects your Google Analytics code from being overwritten by updates. A safer approach.

★★★★
Super Simple Google Analytics

Load Time: 30 milliseconds

Active installs: Fewer than 10,000
Zip file size: 31k

But not all Google Analytics plugins are equal. Some cause server overhead that slows down your site indirectly. The page drag from these database-intensive plugins aren’t worth it.

If you need to look at Google Analytics statistics every single day or more than once per week, ask yourself: Why? What is so important about seeing the numbers and metrics so often? Are you obsessed? Spend time writing relevant content. Bring more qualified visitors to your site.

Header or Footer? Small decisions.

There’s a silly debate whether to place Google tracking code in the WordPress header or footer. Those obsessed with statistics say, “Put it in the header.” Those obsessed with speed say, “Place it in the footer.” Even Google’s different departments can’t agree where’s the best placement.

It’s reported pages load 100 milliseconds faster with the Google Analytics code in the footer.

Reference: websiteoptimization.com

Since we bleed speed, we say, “Load it in the footer.” This may eliminate PageSpeed render-blocking Javascript and above-the-fold content errors, too. A small bonus.

Placing the code higher in the page theoretically decreases bounce rate. It’s claimed to reduce data inaccuracies as much as 5 percent – in some tests by Google Analytics-certified partners. Certified by who? Google partners! No conflict of interest there.

“If Google Analytics tracking code doesn’t load before a visitor leaves or clicks away from the page, the page data won’t show up in Google Analytics.”

Oh, dear. Statistical tragedy.

Pages load so snappy we don’t think users can determine content value that fast. And then navigate to the browser back button. Yes – that would technically be a bounce. But the idea of putting tracking at the top seems a moot point. By putting it at the bottom, you’re effectively lazy loading the tracking code. Lazy loading anything that delays page rendering is a good idea for speed. The slight chance of losing a minutia of visitor data is more than offset in the gain in display speed.

Google Analytics uses Javascript in the tracking code. It also requests a transparent GIF image. This is a 35-byte, 1×1-pixel, transparent image file. It’s referred to as a tracking beacon. And a cookie is also placed on the visitor’s browser cache. Then Google Analytics knows when the visitor returns and becomes a statistical “repeat visitor.” But, what happens if people have cookies turned off? We know it isn’t counted. Surely it messes things up for Google.

Note: Piwik is an open-source (free and fully customizable) analytics tool that doesn’t use cookies. No problem  tracking people who turn off cookies.

Isn’t the Google Analytics code cached in the browser?

If your Google Analytics code is slowing down your site by more than 1 second, something is wrong. You need to investigate how you’re managing things. On slow-loading pages, a browser status message may say “Waiting for google-analytics.com”. If this happens you’re running an ancient version of Google Analytics tracking code. Time to upgrade.

Which version of the code? OK. We’re being cynical. Maybe it is. Maybe it isn’t. It doesn’t make a difference if it’s cached by the browser. For some reason, Google Analytics interrogates the Google remote server anyway. What’s it looking for? That new version you don’t have cached? Or just reporting in for Google’s own nefarious snoopy purposes? We’ll never know. From what we’ve seen in tests: The ga.js communicates with Google servers even when ga.js is cached. At least once. Perhaps always.

Now, some *premium* hosts provide server caching. This can benefit Google Analytics code load time. But not always. The best improvement we’ve seen is a 50-millisecond load time. That’s about 6-times faster than normal shared hosting. Is it worth paying extra for that 50 milliseconds? Well, you will pay 10 times more for the hosting. So don’t signup for Google Analytics sake!

Some reports say the Google Analytics files are marked as “no-cache.” Others say they’re cached for 24 hours. The latest news is only 2 hours. We agree – it’s 2-hours from tests we’ve run. That is too short for any value to your return visitors. And online speed tests show that shortness is a failure. The majority of users are first time visitors. At the first visit, Google Analytics code loads at least once. It may not loaded after that (cached). But it’s part of the “first impression speed” for mobile users. It’s not uncommon for first-time visitors being 80 percent of traffic.

“… you can reduce your external HTTP requests to Google from 2 down to 1 and you now have full control over the caching of the file. This means you can utilize your own server’s cache headers.

You have also probably seen the leverage browser caching warning in Google PageSpeed Insights that comes from Google Analytics. This is kind of ironic seeing as this is Google’s own script. The issue is that they set a low 2 hour cache time on their asset … They most likely do this because if for some reason they were to modify something on their end, they want all users to get the changes as fast as possible. However there is a way to get around this, and that is by hosting Google Analytics script on your own server.”

Quote from: kinsta.com

How much time will Google Analytics cost mobile users in delays? Let’s compare other common WordPress components: The Google Analytics code delay is as long as loading Javascript. It can be more than loading Google Fonts. It’s like loading Font Awesome. Even emojis are in the same class of deadwood. Do we strip those WordPress non-features? Yes! Whenever possible. So not adding Google Analytics for us is a serious consideration. Even with normal 100 to 200 milliseconds load times. On a 1-second mobile site, that’s a 10- to 20-percent delay for a first-time visitor.

AN ALTERNATIVE: HOST LOCALLY

Google’s advice is to avoid local hosting of the JavaScript file. Why? They claim it ensures you get access to new features and product updates. But that is a suspicious, self-serving dodge. We suspect they’re being sneaky again – and gathering data for their own purposes.

To avoid the extra overhead of off-server resources (DNS lookup and Time to First Byte), you can localize your JavaScripts on your server. This is 13 percent faster than a trip to Google’s remote server.

Speed up sites with two simple changes: 1) Move your analytics code to the bottom, and 2) localize the JavaScript file.

Coding Jargon: Host the ga.js and __utm.gif file locally and execute the _setLocalServerMode() method.

Wow! That sounds complicated. But there’s a free plugin that does all this magic for you. Now, you can optimize Google Analytics. We’re using this plugin on PagePipe and other sites.

★ ★ ★ ★ ★
Complete Analytics Optimization Suite (CAOS)
Load Time: 20 milliseconds

Note: When you do the CAOS method, your pages will fail various, odd online tests – not speed tests. The Google Analytics code won’t appear where the test *expects*. Your site’s OK. It’s the test that’s broken. Everything will appear normal in the Google Analytics dashboard and controls.

This plugin inserts the Analytics tracking code into the header or footer (you choose). It saves the analytics.js file locally. It then keeps it updated daily using scheduled automation.

Whenever you test speed on Google Pagespeed Insights or Pingdom, they’ll tell you to leverage browser cache. That’s because Google set the cache expiry time to 2 hours, it always fails the test. This plugin will get you a higher score on PageSpeed and Pingdom and make your website load faster. (Scores are nice – but saving milliseconds of load time is what really counts). No more roundtrip to download the file from Google’s external server.

Will the CAOS plugin make your website go from a 10-second load to a 1-second load? In Disneyland! Get real. It’s a small speed boost – but it’s worth it.

The Complete Analytics Optimization Suite for WordPress gives you the best of both worlds. This way you can minimize DNS requests, leverage browser cache, track your visitors – and still follow Google’s recommendation to use the latest features and product updates. If you’re using a CDN, you’ll need to use CDN Enabler plugin to host your Analytics-script (local-ga.js) from your CDN.

UPDATE: Let’s take a closer look at a real-world site, PagePipe! Below is a waterfall from WebPagetest.org:

With the CAOS plugin activated – the tracking occupies the space of 1.3 seconds to 1.7 seconds. (The site’s favicon also lazy loads. This happens when placed in the root of your host server – but that’s another topic). A little math and we see that it’s a 500-millisecond delay for Google Analytics to respond. Without Google Analytics, the site would theoretically load in 1.2 seconds. Let’s turn off Google Analytics and the CAOS plugin for a moment. What’s the real difference in seconds?

The page now loads in under 1.1 seconds. We can ignore that lazy-loaded favicon. So Google Analytics adds a repeatable 500 milliseconds to every page. That’s site drag! We’ve seen delays of over a second – but it isn’t repeatable. It’s random. Simply waiting in line.

So now we ask, “What is Google Analytics affect when using the Super Simple Google Analytics plugin?” Here’s the answer:

A 1.8 second load time is the result. Instead of 500 millisecond addition with CAOS plugin, it’s now a 700 milliseconds addition. 200 milliseconds more!

CAOS plugin saves 200 milliseconds. For mobile speed, that’s great. And optional loading in the footer is reported to save an additional 100 milliseconds. That’s 300 millisecond gain of total improvement.

The fastest loading Google Analytics: No Google Analytics at all.

Ask yourself, “Why am I installing Google Analytics?”

Now, some sites need Google Analytics more than others. For example, an ecommerce site. But a typical blog site usually not. And a vanity site, definitely doesn’t. Many site owners install Google Analytics code because everyone else does it. And then they never even look once at the metrics. Ever. All they did was slow things down – without any benefit.

Using too much data to make decisions is worse than having no data. Seeing that 35 people visited on Wednesday last week, do you care about that detail? Whoopee. The data provided by Google Analytics is massive and takes time to learn how to use. We drown ourselves in data and just sink deeper into the quagmire.

Google Analytics statistical data gathering is never 100% accurate. The data extracted is still subject to human evaluation, spam, and error of judgment. It’s like reading tea leaves, fortune cookies, or tarot cards. You *interpret* what your mind wants you to see.

There is no science to SEO (or even UX) since no one can prove the outcome was a direct result of the method. It’s professional guesswork based on experience and a moving target. Page One in Dallas does not ensure Page One in Seattle.

Data can twist your perception.

Because everyone else uses Google Analytics, should you jump off the cliff, too? Would you install a plugin because:

  • It’s very easy to use.
  • Everyone else uses it, so it must be the best.
  • It’s free. Who can argue with free?

Are these the right reasons for choosing an analytics tool?

What would your mother say about peer pressure?

It’s actually very difficult to get real insight. 25 to 33 percent of your traffic is non-human (bots). With Google Analytics, spam-bots get recorded as a real live visitor. Most ad-blockers and tracking blockers also block Google Analytics. Those things affect your numbers.

Google Analytics can be a time waster.

If we can’t define what “the best” or even “good enough” means, how can we say Google Analytics is the best solution?

Google Analytics is good for a baseline in projects. It helps ecommerce know what products customers searched for. And what they viewed when they got there. Most people don’t know how to read the data. Less than 1 percent of website owners know how to use Google Analytics. Let alone how to glean helpful information from all that data.

Google Analytics data won’t help you write better thought provoking content. Instead, it may twist your thinking to chasing the herd.

Most (major) web hosts give you the ability to read the server logs. There you get the basic traffic info you’d get with Google Analytics. And the best part is that it requires no script to load: it works on the server, not the client side. Those will show key performance indicators (such as bounce rate, page views, time on site).


“Yes – looking at analytics data over time is helpful. But do you really need to know if you had 100 or 200 visitors today? … Does any of that data actually do anything for you in the moment? Years of experience have taught me that it doesn’t.”

Author: Colin Newcomer

Time is better spent improving your website.

Our rule of thumb: Google Analytics adds at least 100 milliseconds to the first page view of your site. That page is most critical for mobile users. That can be 10 percent of wasted load time. Whenever possible, delete Google Analytics. Use either a plugin counter or Cpanel or server web statistics as a substitute.

We’re not against using Google Analytics if you need it. Read the data collected. Use it to make your site better. If you do that then keep Google Analytics on your site. If you’re never going to look at the data, speed up your site by removing this unneeded code from loading.

It’s claimed Google monitored bounce rate (via GA) affects SEO. We don’t believe it. We really don’t need more data. We get numbers from a plugin and server stats. They are fine and with no speed delays.

Cheap, shared GoDaddy magnetic hosting. No CDN.
WebPagetest.org worst-case scenario for load time – under 1 second. Cheap, shared GoDaddy magnetic hosting.

★★★★
WP Counter

Load Time: 20 milliseconds
Active installs: 2,000+

WP Counter is a lightweight, simple site visitor counter. See unique site visitor status in different date ranges. (Today, Yesterday, Current Week, Current Month). We’ve been using this plugin for months to see if it correlated with Google Analytics. Frankly, nothing correlates to Google Analytics exactly – but it was close enough.

Great article offsite about how browser ad blockers affect Google Analytics numbers. There’s a strong downward trend in the measurable proportion of visitors.

Another excellent offsite link: https://plausible.io/blog/remove-google-analytics


You can get free metrics from Cpanel on your host server. This doesn’t slow down your website. A good off-site article about how to do this: https://www.hostpapa.com/knowledgebase/view-website-statistics-cpanel/

Pingdom to San Francisco USA Speed test.
Comparison load times for this page you’re reading:

Super Simple Google Analytics plugin – header

Load time: 966 milliseconds.

CAOS plugin – footer

Load time: 776 milliseconds.

Metrics using C-panel (no GA-ID)

Load time: 632 milliseconds.

Speed savings: 334 milliseconds per page.

OFFSITE ARTICLE: Lightweight alternatives to Google Analytics


READER’S COMMENTS

I just wanted to drop in and tell you that I found this article extremely interesting and helpful.

I love Googling. I don’t love Google’s lack of respect for our privacy. And I hate Google Analytics (GA).

I find GA super confusing. Now, after reading your perspective on it, I realize that I was only trying to use it, because I was “supposed” to — and I probably don’t even need it.

You have saved me hours of further angst.

So thank you for taking the time to write this article. It was valuable to me.

— Janine @ Stitching in Colour


6 freebies about PagePipe’s latest mobile speed strategies – and open-source plugin discoveries.

1

If you enjoy our caustic speed articles, you’ll love our pithy bi-monthly newsletter. Discover what matters most for mobile WordPress page speed. Fast load times require more than just installing a caching plugin – or CDN.

We’ll share with you our latest speed experiments and discoveries. Stay up-to-date with what matters for mobile WordPress page speed.

2

LEARN HOW TO MAKE MOBILE WOO FASTER
9 WooCommerce Speed Tips

1. Remove global SSL bloat.


2. Disable AJAX cart fragments.


3. Defeat minimum password strength.


4. Disable Auto-Embed script.


5. Avoid these cache problems.


6. Effective trust signaling.


7. Improve your call to action.


8. Relevant custom product photography.


9. Selective deactivation.

WooCommerce is a slow, lumbering beast. Discover 9 ways you can speed it up today.

Learn more and get your free WooComa download.

3

Our controversial free report challenges a commonly-held web belief. That’s the falsehood you need an SEO plugin (like Yoast) to succeed online. Discover why SEO plugins won’t save your business and what you can do instead.
And speed up your site!

Learn more and get your free Search.Me download.

4

PagePipe discusses fallacies and fantasies about low-cost shared hosting. Choosing a web host. Perils and pitfalls to avoid for speed.

5

PagePipe tells how to setup LiteSpeed Cache plugin.

Click to download free 16-page PDF ebook. No signup required.
6

Want to read the report recommended by our friendly-competitor, WPJohnny?

The one explaining why to not use webP image format?

Too reluctant to spend your hard-earned cash for our affordable ebook speed bundle?

Then here you go!

Join our mob of web-speed freaks — and you’ll get WEBP.NOT report for free. Yeah. Signup now. Gratis. No obligation to pay or stay.

GET YOUR FREE DOWNLOAD

Speed technology downloads.
With no-nonsense.

PagePipe

What’s included in PagePipe’s ComboPack deal?

PagePipe ComboPack includes:

issue #1 – Contact.Me – Contact Form 7 plugin alternatives. CONTACT.ME details


issue #2 – Fly.Me – Hummingbird plugin alternative. FLY.ME details


issue #3 – Search.Me – Yoast SEO plugin alternative. SEARCH.ME details


issue #4 – Police.Me – iThemes Security plugin alternatives. POLICE.ME details


issue #5 – Crush.Me – Image Compression and optimization suggestions. CRUSH.ME details


issue #6 – Block.Me – Akismet plugin alternatives.


issue #7 – Blast.Me – WP Rocket plugin alternative. BLAST.ME details


issue #8 – Sign.Me – OptinMonster plugin alternatives.


issue #9 – Greet.Me – HelloBar plugin substitutes


issue #10 – Theme.Me – Alternatives to premium themes. THEME.ME details


issue #11 – Select.Me – Gonzales speed plugin alternatives.


issue #12 – Obsolete. Removed.


issue #13 – Theme.2 – Torture-tested Twenty-seventeen theme for speed. THEME.2 details

And the “Toxic WordPress” 33-page ebook bonus.

When is a plugin too old to trust?

Today, PagePipe uses 70 plugins. About 30 of those not updated for over 1 year. Some for many years. We’re not embarrassed about that. It’s not a mistake.

Plugins listed in our ebooks are currently used on PagePipe. And also on client sites.

So the question is “Outdated? By what definition?”

Some think outdated plugins produce a warning like:

“This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.”

Being orphaned or abandoned doesn’t mean “bad or rotten.”

These lonely plugins still work. And often for over a decade without complaints. That isn’t brokenness.

REFERENCE: https://pagepipe.com/information-scent-deciphering-the-wordpress-plugin-repository/

“Does 8 months since an update concern us? Not in the least. There are plugins that are 8-years old in the directory that work fine. Those “best if used by” freshness dates are silly. They throw people off with their arbitrary “expiration-date” warnings.”

WordPress places warnings when a plugin isn’t tested with recent versions. Does that mean it won’t work any more with new versions of WordPress? Nope.

WordPress’ motive is their legal protection against liability and lawsuits. C.Y.A. If a plugin doesn’t work any more or presents security hazards, it’s removed fast. And some are. In particular, malicious plugins. They call those “take downs.” Plugin authors remove some because they didn’t get the market results they wanted. But generally plugins stay as long as there isn’t any noise about them. Retired or dead author’s plugins stay in the WordPress free directory.

No plugin is safe. Not paid (premium) plugins. Not obsolete plugins. And not recently updated plugins. A common plugin problem is automatic updates loading onto managed WordPress sites. Bugs in the new version mangle the site or causes conflicts.

It happens.

There’s no such thing as a risk-free plugin or theme. Even reckless WordPress messes up with their own Automattic-authored plugins.

Good-old “Plugin Logic” is our secret, speed-weapon plugin. It’s used on every site we touch. SELECT.ME issue #11 talks about it. It’s an amazing plugin.

Want to keep a specific plugin from updating? We recommend “Block Specific Plugin Updates” plugin. There are times this is handy.

https://wordpress.org/plugins/block-specific-plugin-updates/

A plugin we use to track plugin age is “More Plugin Info” plugin

https://wordpress.org/plugins/more-plugin-info/

There’s plugin churning in the 55,000+ plugin database. Don’t let silly warnings discourage you. They aren’t for your protection. They’re protecting WordPress.

Don’t fear old plugins.

How many plugins is too many?

PagePipe is hosted on cheap GoDaddy magnetic servers with no CDN. GoDaddy hosting is the second most hated provider in the world. The first is BlueHost. We’re out to prove even “bad” hosting can get fast page speed. (We host our store on Bluehost! Our blog on GoDaddy!) PagePipe.com is living proof these recommendations for speed actually work.

PagePipe now use 70 plugins on the blog (GoDaddy) and 24 plugins on the secure store (BlueHost). Even with this many plugins, load time is under 2 seconds on cheap, shared hosting. It’s not plugin quantity, it’s the quality that makes a difference. Web designers can’t be arbitrary in loading and activating plugins. The result is slow pages. And all our plugins are freebies from the plugin directory.

It’s a myth using many plugins slows down your website. Being sloppy in judging plugin quality or necessity is the culprit. That’s within a web designer’s control. It calls for wisdom and speed testing. The best plugins add no page weight at all – weightlessness! (In reality, about 1 millisecond – or less – per plugin to the initial page load.)

https://pagepipe.com/pagepipes-secret-sauce-for-loading-53-plugin-in-less-than-1-second-for-mobile-speed/

https://pagepipe.com/avoiding-futile-web-myths-about-site-speed/

https://pagepipe.com/testimonials/

https://pagepipe.com/site-tuning-for-mobile-first-speed/

Get PagePipe’s ComboPack now

487-milliseconds extra mobile speed for WooCommerce with selective activation.

Selective activation of plugins is a favorite strategy for speeding up WordPress websites. Now you can use plugin skills to speed up WooCommerce e-commerce sites – without coding!

Selective activation in a nutshell:
Many plugins slow down every single page on your site, even if that plugin is only used on specific pages. That we call site drag – or global loading.

For example, installing Contact Form 7 plugin adds 37k of weight to every page. Even if you only have one page with a contact form. Or for that matter, no CF7 shortcode  used anywhere. Weird unpublished specification. But lots of plugins don’t tell you the speed cost of adding their plugin. It’s not required for plugin submission. Summing all plugins site drag is the aggregated plugin overhead – a liability.

Selective activation speeds up your website. It allows you to deactivate a plugin where it’s not needed.

WooCommerce is the most popular e-commerce plugin for WordPress. It’s clunky and one of the slower-loading plugins we’ve tested. It adds at least 250 milliseconds of unneeded global weight – and slowdown your site.

Before August 2019, attempting WooCommerce selective deactivation resulted in the white screen of death. Yes, it would break your site. But a plugin code revision changed that. And it is now possible to selectively activate WooCommerce. Thanks, Automattic!

Below, we show you steps to speed up WooCommerce using selective deactivation. You can use a control panel to make the magic happen. Entering the page or post URL activates or deactivates any plugin you choose. You can turn extra drag off-or-on for specific pages or posts on your site.

SpeedSwitch Plugin

SpeedSwitch is the exclusive PagePipe plugin we use for this job. It’s available for purchase through SpeedHospital.

1. Install SpeedSwitch

After downloading SpeedSwitch, install it by uploading the zip file from your computer.

2. URL Set-Up

Find the plugin settings in the “Plugin” sidebar menu. You’ll see a list of your activated plugins, a radio button for active/inactive and a box to add URLs.

Scroll down to the WooCommerce plugin. We want Woo to remain active by default, so select “Inactive on,” then add the URLs where Woo is not necessary. In our example, that’s the homepage, blog archive pages, about page and a few others.

3. Test Results

We use SpeedXRay to assess the speed overhead of plugins (and themes). Here are the example results from our test site.

[table]
“Name”,”Milliseconds”
“Core”,458.5ms
“Twenty Twenty Theme”, 36.6ms
“”,
“WooCommerce”, 282.6ms
“Site Reviews”, 189.9ms
“Elementor”, 91.5ms
“Elementor Pro”, 78.6ms
“The SEO Framework”, 53.1ms
“Query Monitor”, 32.6ms
“Classic Editor Addon”, 30.6ms
“WooCommerce Stripe Gateway”, 29.3ms
“WP Affiliate Platform,   19.6ms
“Disable Cart Fragments Littlebizzy”, 12.1ms
“Disable Gutenberg”, 7.6ms
“Optimize Database after Deleting Revisions”, 6.7ms
“Universal Star Rating”, 4.8ms
“Classic Editor”, 1.9ms
“Post Type Switcher”, 1.6ms
,,,
“Total”, 1337.6ms
[/table]

WooCommerce is the heaviest plugin on the list. It’s responsible for over 20% of the cumulative plugin load time.

Deactivating other Woo-related plugins will save over 300 milliseconds.

NOTE: Free Disable Cart Fragments plugin isn’t in the WordPress plugin directory. But you can get a bootleg download link from us. Sign up for the free WooComa download below. We include the link in the PDF content.

EVEN BETTER
https://wordpress.org/plugins/disable-cart-fragments/

In-Browser Timer Test Results

SpeedXRay is a useful speed-assessment tool. But real-world load times are what count most. Here are speed results from our in-browser timer test:

With WooCommerce: 1.4 seconds
Without WooCommerce: 920ms

You can save about 500 milliseconds by deactivating the WooCommerce plugin. That’s significant when you’re aiming for sub-2-second load time. It’s 25 percent of your performance budget.

Did you know? You can also apply this effective technique to other plugins. Learn more about SpeedSwitch.


Matt Stern

About the Author
Matt Stern is a web designer and sometimes writer based in Southern Oregon. He designs and builds websites and landing pages that convert visitors into customers.

Learn more at SternDesign.co


Learn more and get your free WooComa download.

Lazy load YouTube video for 500ms better mobile speed.

“A single YouTube embed can load up to 400KB of data before you even hit the play button.”

Is a 2-second differential important? Not if your target is an average 8-second page load.

It’s not really about measuring speed. It’s about human attention span and expectation. 2 seconds is the sweet spot for page loads (today). But one second feels seamless. User experience is then optimal.

If you want excellent pages (we mean in the top 1-percent quality range or under 1-second page loads), you have to take the video into consideration. What if a form is also on the page? And there is HTTPS/SSL? Then videos just add to the speed overhead.

How good is good enough is always a compromise. Can you get 2-second load times on shared hosting? Yes.

Speed is just a feature. Make your website fast and useful, too. If it’s not useful, who cares if it’s fast.

Average load time for mobile sites is 19 seconds over 3G connections.

Do website owners have anxiety about a half second? Yes. That’s a major problem (they think). But not for someone on a desktop with fiber connections.

Lazy Loading YouTube or Vimeo videos

Set up a Youtube account to host your videos. Place the YouTube link in your page or post body text. You don’t need to move video down the page. That isn’t necessary. Lazy loading videos occurs anywhere on the page. It doesn’t have to load below the fold. It’s different from lazy loading still images like JPEGs or PNGs.

We experimented with Lazy Load for Video plugin. We like the plugin. But have found it can conflict with other plugin’s shortcodes on a page or post. Sadly, it doesn’t work with Elementor page builder.

Using the Lazy Load for Videos plugin can save 500 to 700 milliseconds in page load time. Studying plugin blog reviews about the Lazy Load for Video plugin, we learned the following about the settings:

There is an option to load CSS/JS only when needed. It should improve the load time. It is not declared but is apparently a minification technique since the blog author warns that it could break the site. Just like any other minification plugin can. If so, we just deselect the option.

Responsive Mode: It is recommended.

Play Button: The author gives 5 different options. We prefer using the one with the most “YouTube-looking” interface. But it’s not the fastest. “CSS only” setting means code is loaded (faster) because there is no image to load. We don’t know if the speed gain would be significant.

Thumbnail Size: It can be set to “Standard” or “Cover.” We couldn’t tell any difference and used “cover.”

“Update Posts” button at the bottom. The blog review said, “If you are having trouble seeing your video change then you probably need to click this button. Especially right after configuring the plugin for the first time.”

If should be labeled, “always push this” instead of “if nothing is wrong” push this. We suspect it’s some kind of purge of cataloged pages or posts (like a cache or database).

After installing, we did have trouble with plugin activation on some videos. We clicked the button and it fixed the problem. We knew nothing about this button’s purpose. It isn’t mentioned in the plugin read.me documentation!

★★★★★
Lazy Load for Videos
Zip file size: 376k
Active Installs: 10,000+

One thing we’ve found is an option to “Hide-related Videos” with a checkbox. This sounds like a good thing if you don’t want to send viewers off to watch competitors YouTube videos. This function is available in Elementor’s video provisions, also (see below). Update: Google removed the ability to turn off recommended videos. There is a workaround to only recommend videos on your YouTube channel. So plugin authors are in process of reworking how to suppress taking visitors away from your site. More on this as news develops. You should still do lazy loading of videos for speed.

End of YouTube video attempts to entice visitors away from your site. Sometimes to competitor sites. Bad! Defeating this *non-feature* is an option with the Lazy Load for Videos plugin. There are other methods but we’ve found this the simplest way to keep visitors engaged with your site content.

The Lazy Load for Videos plugin read.me file claims videos on posts and pages are both activated.

Of interest: Jetpack by WordPress.com offers an extension called Shortcode Embeds. It makes Lazy Load for Videos break. The cure is simply to disable the extension. Or like us, don’t use Jetpack! This is a known issue published in the read.me file.

BEFORE: Lazy load for video plugin installed. The test page has 13 one- to seven-minute duration videos. Pingdom is a best-case scenario. Load time is 3.15 seconds. Using WebPagetest.org, the test page loaded in over 7 seconds (worst-case).

 

AFTER: lazy load for video plugin installed. Same test page. Pingdom is a best-case scenario is now 1-second with an unprimed cache. With cache, page load is 853 milliseconds.

We’ve also found this good lazy load plugin:

★★★★
Lazy Load XT
Active installs: 3,000+

Zip file size: 29k

The plugin author claims this is the fastest and lightest lazy load plugin in the WordPress Plugin Directory. You can lazy load images, YouTube and Vimeo videos, and iframes. We’ve been testing it for several months and find it a good alternative when the other Lazy Load for Videos plugin conflicts with other plugins. We find this a common problem and it explains the low retention rate. Lazy Load XT appears a little slower in the view screen when loading images and video. It uses a fade-in method. This plugin does work with Elementor page builder.

Both plugins enqueue jQuery, a negative effect for speed. If your theme isn’t loading that JavaScript library, we recommend selective activation of these plugins only on the pages where needed. This will keep your site running fast. Also, use Instant jQ to keep things fast.

Here’s a comparison on a bare-bone GeneratePress theme with Gutenberg page-builder plugin – and a YouTube video embedded.

NOTE: If you use a page builder like Elementor, Lazy Load for Videos will load but doesn’t work to reduce load time. But LazyLoad XT, works fine. Go figure. Both work with Gutenberg.

No lazy load baseline.

Page load time: 1.5 seconds. Page weight: 720k. The video weight is 526k – 72 percent of total weight.


Lazy Load for Video Plugin

Page load time: 815 milliseconds. Page weight: 94k.


LazyLoad XT Plugin

Page load time: 735 milliseconds. Page weight: 724k.


BJ Lazy Load Plugin

Page load time: 691 milliseconds. Page weight: 724k. Using Elementor instead of Gutenberg as on other tests.

Even though LazyLoad XT and BJ Lazy Load are faster loads, their page weight and bandwidth consumption for mobile are 7X higher. This makes Lazy Load for Video plugin more attractive for a mobile experience. All these plugins video preview and play button are scalable and optimized for mobile devices.

Lazy Load for Videos plugin is our preferred plugin between these two. Both work and if one has a conflict – try the other one. You can use both these plugins with selective activation if your posts have shortcode conflicts. We prefer the UX behavior of Lazy Load for Videos.

If you activate both plugins simultaneously, Lazy Load for Videos will take precedence since it loads first. Page weight is increased by these plugins. Both plugins load globally. Loading an embedded YouTube video without lazy loading doesn’t enqueue jQuery. But this small gain is swamped by the huge video load time.

There’s not too much overhead for a single video. What happens when you have a video library or a blog with multiple videos?

YouTube loads a number of files (8 requests) with each iframed video. Web pages with multiple Youtube videos slow down due to these multiple HTTP requests and downloads. Preventing or delaying embedded YouTube video player loads is the speed goal.

The fastest websites have no JavaScript, no CSS, and require no database calls. YouTube does all this and preloads third-party ad stuff you’ll see at the end of the video (related videos).

Video-loads slow a page down by a half-second typically. It’s only a big deal if a half second is important to you. Our goal is a 2-second load time. If you put a video on a home page, boom! Potentially, 25 percent of the performance budget is shot.

One example is the very video page where you saw the robots. Before plugin: 3.15 seconds. After: 1.03 seconds. Supposedly, it should be worse – but caching seems to help YouTube somehow. There are 13 videos on that page. Do people do that cramming? Yes. A video library page is a common practice.

LAZY LOAD YouTube VIDEOS WITH ELEMENTOR

This is a basic widget. It’s included. No purchase necessary.

Elementor basic widget for adding video to a page.

Image Overlay section: Find it at the bottom underneath the video section. (It’s practically hidden. Scroll down to the end of the Elementor video section)

Image Overlay at bottom after scroll.

Settings
Image Overlay: Select Show

When Image Overlay is set to Show, the following options become available:

  • Image: Set your static overlay image from the media library (an optimized JPEG you choose).
  • Lazy Load: Set to YES.
  • Image Size: Set to full.
  • Play Icon: Slide to YES to show a Play Icon (triangle in circle)
  • Lightbox: Leave off.

This defers loading of video resources until the user clicks the Play button. Lazy load replaces the video embed code with a lighter weight static image of your choice. And an optional play icon on top of the static image. The video is only loaded when the user clicks the image.

This speeds up the initial page load time by 500 milliseconds (typically per video on a page).

Note: Videos will not autoplay if an Image Overlay is set. You don’t want autoplay anyway. It’s considered intrusive and bad user experience. Let the user choose to activate the video sound and play.


From surveys, the top three biggest challenges for WordPress users are: 52% performance issues, 41% security issues, 35% site-breaking updates. NOTE: These are all fear related – not reality related.

Most common goals for WordPress websites:

  • 64% increase traffic
  • 43% increase revenues
  • 39% become more efficient at running a site

All these three are profit related.

https://pagely.com/blog/wordpress-survey-2018/

Judging WordPress plugin quality.

Choosing a plugin would be easier if WordPress permitted a little more repository information. Author-generated advice is untrustworthy because it’s biased. Popularity (number of installs) is, also, a lame indicator. Newer plugins sometimes are better. We can’t search on freshness.

We seek indicators of credibility (which is composed of expertise, trustworthiness, and leadership). These findability cues are sometimes referred to as information scent. These things are inferred in the plugin repository – or are discovered by downloading. They include:

1. Download file size. This is a potential indicator of plugin efficiency. Not always but frequently. If we have alternatives, we recommend the smallest plugin package to avoid bloat. Why doesn’t WordPress just tell us file size before downloading or having to click? Editorializing download links is considered polite and good web etiquette.

2. Date of first approval or submission. Longevity in the market is an indicator of credibility. At present, we either must open the download package and examine the readme.txt for a change history – or figure it out in the repository by compatibility to the oldest version of WordPress. Like a reverse-lookup. Do we have to use Wikipedia? That still doesn’t really tell first-release date of the plugin.

https://en.wikipedia.org/wiki/WordPress#Release_history

3. Similar or newer plugins should be listed as linked options. Popularity doesn’t always mean “best.” It may just mean old or antiquated. Inference from similar plugins (if listed) helps cue us for plugin usage and adaptation (workarounds).

4. Does the plugin require a signup or registration? In other words, is it bait?

5. Does the plugin interrogate an offsite database or cloud information? This is an indicator of slower load times (page speed) and HTTP requests.

This information and more would make for better productivity using the repository. There isn’t enough information when making choices.

There are a few other things we’d love to see. But we’re being idealistic in our wish list. These include answering plugin questions such as:

  • Does the plugin have hidden non-features? For example, some image optimization plugins have limitations of image-conversion quantity. The repository says nothing about it. Nor does the readme.txt file. You must install first to find this bugaboo out.
  • Are there known incompatibilities or conflicts with other plugins or themes? Sometimes authors only reveal this in the readme.txt file. That wastes our time.
  • Does 8 months since an update concern us? Not in the least. There are plugins that are 8-years old in the directory that work just fine. Those “best if used by” freshness dates are silly. They throw people off with their arbitrary “expiration-date” warnings.

Plugin quality can’t be judged by “last updated” any more than “active installs.” Perfectly good plugins appear artificially abandoned in the directory. Most don’t need updating EVER unless they break. They’re evergreen plugins. And should they break, they’re removed by WordPress. We use 8-year-old plugins without problems.

Age isn’t an indicator of low quality. Ask my wife. –Steve Teare

Plugins are backwards compatible. Until you install PHP7 or Gutenberg then they must be verified by the site owner. Gutenberg’s predicted to break 15 percent of all plugins (per Automattic core developer blogs). That includes paid plugins. They aren’t exempt.

This is one reason why it’s important to install “Disable Gutenberg” plugin today.

The plugins causing bigger problems are recently updated with bugs in them. They can unexpectedly nuke an entire site. Old “dormant” evergreen plugins are safer than “fresh” plugins that churn weekly – like some page builder plugins and SEO plugins. This is historical fact. Those plugins cause problems for 100,000s of site owners. Do they recover? Of course.

There’s no such thing as a risk-free plugin or theme.