Wordpress is a very common CMS nowadays, and works well out-of-the-box. But when it comes to Performance and Security, its default options are not hardening it enough.
This topic has been discussed a lot on Internet, but here are my tips, as a web developer and sysadmin.
Performance : the main culprits
On a public websites, the slowness can com from :
- Network : your provider has as slow network, a huge traffic load, or the user simply has a bad connection
- Database access : the provider's database may be under load, you query's sizes may be too important, or the access time between the script and the datbase is just "usually slow".
- Disk access : the disk where is stored your files may be slow, or does not have proper in-ram caching
- CPU : the CPU of the machine where you site is hosted may be slow, or you are on a low-cost VPS
There is no "miracle solution" for a badly designed website, but in the vast majority of cases, we could help a bit with simple solutions.
Security : the main threats
The main threat in a Wordpress installation is the updates execution. You should update your modules, themes, and core as soon as possible.
Custom and unmaintained modules and themes can also become a threat as they are not updated anymore, and can contain exploitable leaks.
There are several way to prevent your site from leaking too many informations on its "healthiness". It can give you some time to update your website before its exploitation by hackers.
