WAF/Monitoring/Backups – Support
Northon Torga is a *nix system engineer, member of the Sucuri Firewall team. You can find his personal website at ntorga.com.
Question #1: Do I need to use in-memory cache if I’m already using static files caching and page caching?
Answer: No. If you already have static file caching and page caching, you should be good by now. However, if your hosting provider supports in-memory caching, go for it.
Question #2: CDN is able to do page caching?
Answer: Yes, but most CDNs are not content-aware, therefore they will not be able to cache dynamic websites without having issues with user sessions. That’s why I recommend a cache plugin instead for page caching.
Question #3: What’s the best cache plugin for WordPress?
Answer: That depends on your budget and what are you expecting from a cache plugin. If you need minification and other optimization features, then you can choose a premium plugin if a free plugin cannot offer such a thing. Usually, a free cache plugin is already a good choice if you never used a cache plugin before.
Question #4: How can I identify performance bottlenecks for my website?
Answer: You could use a web test such as GTMetrix that gives you recommendations and a detailed analysis of the requests and how much each of them took to be processed and delivered.
Question #5: Would a website based on a CMS rather than hand-coded, work faster? If yes, what CMS do you recommend?
Answer: Depends. If you have a CMS with 50 plugins vs a really well-coded system, the really well-coded system is likely to be faster. However, the speed of the website is related to the efficiency of your code vs the efficiency of the hardware and software used to process the code. With cache you are improving this relationship as the code will be processed only when there is no cache, thus the less work needs to be done by the server.
Question #6: Do you recommend using a dedicated server for faster website speed compared to a shared or VPS machine?
Answer: If you have enough resources to invest on the infrastructure being used, I would recommend choosing a managed cloud provider as you won’t only be getting a good hardware with redundancy, but a good support to assist you with other matters as well.
Question #7: This could be implemented on shared hosting with WordPress?
Answer: Sure, you would use a CDN to do static file caching. CDNs work outside your hosting server (usually requires DNS change). For page caching you would use a cache plugin, and as far as I’m concerned, all cache plugins work on every kind of hosting.
See all Questions & AnswersExpand
Name: Northon Torga – Title: WAF/Monitoring/Backups – Support
Hello guys, thanks for taking your time to be in this webinar. I’m sorry for the first attempt that was not successful. I had a power outage and I wasn’t able to be here.
So before we go to the topic of this webinar, I’d like to say a few things about myself. I’m C3 Support at Sucuri, so I handle trick cases and part of our documentation. I work for 12 years and by the time since internet was all tables right? I think you guys can remember that. And standard I’m 21st century guy with hobbies like Netflix, Spotify, I do martial arts and I’m father of Gandalf the cat. So enough about me, let’s go to our webinar today. We are going to talk about 3 types of caching options and how they can impact your website speed. So to go to help our subject, I’m going to take WordPress as example.
It was intended to be a blogger platform but with the help of a couple of plugins, you can turn WordPress into anything else: place, a shop, you can do anything with WordPress nowadays. But as you are going to add more lines of code your server you will need to work more.
When you add more lines of code and your server needs to process those lines every time. And your traffic grows, you will be adding more work to be done by the server. So every line of code you add and every visit that is assessing and that server needs to process that line of code will be slowing down your website loading time. According to Google and amazon, websites that take more than three seconds to load tends to have a 7% decrease in sales. That’s not actually a rule, it’s a guidance that you can use when you are going to talk about website speed.
So remember when I said when you add plugin, you will be adding more lines of code into your website and your server needs to process that? So, to avoid this over head, we are going to use caching so we can give the server a break and then speed the website loading time.
There are lots of kinds of caching, types and strategies and softwares and et cetera but now we are going to talk about only 3 of this types of caching.
Lets take for example Sucuri Firewall, which has a built-in CDN on it. So, I’m from Brazil, and if I’m assessing a website that is in the US, I need to weigh the connection that goes all the way from me to reach the US and get the content and deliver it to me. As you may know, this will add more seconds to the buffer and et cetera and the website will be slower for me. But if the website is using Sucuri Firewall which has point of presence in Sao Paolo, I will be getting good part of the website from Sucuri CDN server right, because it caches the static files and the website will be much faster to me, right.
So, 60% of customers will only wait 5 seconds or less for a page to load completely. You can see that because nowadays you use mobile to access lot of websites so if we’re in a rush and we are using my phone, you won’t be waiting five seconds to get any information there, especially when it has lots of apps and et cetera. So having faster websites, its paramount nowadays, right.
So, Static File Caching is not the only cache you can use. It’s a powerful one but we have another one which is also important which is called Page caching. Page caching can be done via CDN. But usually CDNs are not content aware. So if you have a website that is dynamic and has for example ecommerce; you won’t be able to cache websites without messing with your using sessions. So to do Page caching, you need to use, usually a caching plugin. What that plugin will do, it will convert your website which is dynamic, for example Online shop, it will convert all the dynamic parts of the website so instead of your server needing to go to the database to get all the information of the website to display to the visitor, all the plugins need to be in process and et cetera.
The server won’t need to do that every time. It will do the first time, the second time the cache plugin will be able to assist and serve the visitor with the caching version of your website. So you guys can see exactly what I’m talking about, these two images I took from Sucuri blog post called Testing the Impact of Website Caching Tools. These two images show the exact same server receiving the same amount of traffic. Believe it or not, but the only difference between the two of them are caching. The first image you can see the server has difficulties to present the content to the visitors and you can actually see those blank spaces on the graph. So the monitor at [inaudible 00:08:13] could not even get an answer from the server. Imagine now the visitor will probably getting lots of error pages and et cetera.
In the second one you can see the server is having no troubles and the amount it has only 3% of usage because we are using CDN to serve the static files and we are using a Page Caching plugin to avoid all the code processing to very visitor we can serve them with caching version of the website. So this two types of caching that I already spoken, they are the most useful and with them you should be good, all the websites should be fast enough, you won’t be overloading your server anymore and the visitor will be getting the response as fast as possible. With your current setup, when you are talking about caching for now we didn’t how our hosting setup is, we actually just improve how the display is going to be done. Right, we are going to cache the content and et cetera. And so far with this two types of caching you are good.
But in some situations you may need a third type of cache what we call In- memory Caching. In-memory Caching is a bit tricky, the description is complex but it’s kind simple. In-memory caching basically will cache results from the database to your server memory. You can use In-memory caching to do a lot of stuff, but only the cache results in the database, you can do that to use for session et cetera but in this topic I’m going to upload only the database caching. So instead of…for example you have online shop, you have 10 products there, every time visitors go to the website, the server needs to connect to the database and get that 10 products to render to the visitor. Instead of doing that, the second time the visitor goes to the website, the server will get that 10 products from the memory, instead of going to the database. So you would have less SQL queries.
The response will be faster because usually memory are faster than web server you have less read and write operations right. You can do that if your hosting provider supports In-memory cache. Not all hosting providers will be able to provide you with this kind of technology which requires special softwares such as Redis and Memcached, but if your hosting provider supports that you can install a plugin that can do that, for example WordPress has I don’t know five types of plugins that can do especially In-memory caching with the systems of special installed by a hosting providers.
In-memory caching can be used for example if you have content on your page that is not cacheable for a long period, that has a short lifespan, so you can us In-memory caching so instead needing to process every request, you need to process the first one until you need to flush this cache right to get the new information, then in-memory caching will be acting there and it will assist your server to handle the amount of traffic that it is receiving.
I know the content is packed, you guys will probably have lot of questions so let’s move on to the Q&A part and I’m going to hand back to Val.
See Full TranscriptExpand
In the website security community, our name is known for fast site hack cleanup and responsible vulnerability disclosure. As thought leaders in website security, we are committed to sharing what we know. Follow our concise and helpful website security guides and tutorials so you can learn how to clean and secure your website.
In our latest webinar, we'll describe action items that can improve the security state of internet-connected devices we all use every day. These devices will include common household staples such as: WiFi Routers, iOS/Android devices, and personal computers.
Join us as we delve into the minds of hackers to explain targeted attacks, random attack, and SEO attacks. Find out why bad actors target websites.
A feature benefit guide for our agencies and end users. Why use our firewall? What kind of protection does it offer? How does it affect the efficiency and speed of my site? Will it affect my server's resources? Find out the answers to these questions and more in our webinar…..
Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it…..
If you're considering security for your site or are new to our services, this webinar will guide you through Sucuri's simple setup processes. Potential notifications, support options for various scenarios, and ways that you can also work to keep your site malware-free will be discussed…..
Learn how you or your agency can account for security with your client projects. Presented by Sucuri Co-Founder, Dre Armeda, this webinar shows how you can get involved and help clients who are not aware of some of the security risks involved with managing a website…..
It's a move we've seen coming since early 2017. Chrome HTTP sites are now officially being marked as 'not secure'. With Chrome dominating 62.85% of the browser market space as of last month means that even small changes can have a big impact on website owners if ignored…..
In this fire chat, we're looking to find answers to some of the questions web agencies have been asking us for years, in hopes of shedding more light into how you, as an agency, need to respond to security threats your customers face…..
Website security is challenging, especially with a large network of sites. We want to help you understand how you can create a security plan and reduce the risk of a hack or security incident. In this session Dana covers the implications of a security breach and why security should be important to your agency. Dana shows you a tiered approach to we….
In today's complex security landscape, web applications pose a significant risk to Mid-Market and Enterprise organizations. This webinar will introduce the concept of the WAF, and the benefits of web application security in the cloud…..