Does WordPress have speed and security concerns?
Yes and yes — if it is not approached properly.
Summary: Use well provisioned hosting, maintain lean code and employ server-side caching.
WordPress is a robust CMS and needs adequate hosting resources. WordPress websites on shared hosting can be slow to respond. And, since many hosting companies pack more and more websites on their shared servers over time, they will get slower over time. Well provisioned hosting such as WP Engine and VPS hosting do not have these issues. In addition, when the website is built from ‘scratch’ i.e. not built on an existing theme, unnecessary code is eliminated.
Building websites with minimal code, rather than an existing theme, ensures that the website will have exactly what it needs and not suffer from excess code that will slow down the site. Many existing WordPress themes or frameworks, try to be everything to everybody and thus have excess code that can snowball when content is added.
One of the major reasons a WordPress site, or any database driven site, can perform poorly is that server-side scripting and database operations can be time consuming. The best tool to overcome this is server-side caching. This technique generates static HTML files which are served directly to your users instead of having to process your scripts and/or perform database queries whenever a page is requested.
Summary: Keep WordPress updated, use strong passwords, utilize Wordfence
Since WordPress is now the largest CMS in use worldwide, it is a preferred target for hackers. We employ tools for sending alerts and automatically mitigating security vulnerabilities such as WordFence. Wordfence provides WordPress specific security features, for example:
- Brute force protection
- Malware scanning
- Two-factor authentication (2FA)
- Firewall to protect against common and WordPress specific attacks
Keeping WordPress and any plugins up to date and using strong passwords is also key, which Wordfence helps to enforce.