It analyzes your WordPress site top to bottom, measures DNS lookups, cached and uncached response times from multiple locations, and looks for known bad practices, such as outdated server software, unique cookies, compression, caching headers and HTTP2 support. We also take a peek at your security setup, including the validity of your SSL certificate, HSTS setup, HTTPS redirects, directory listing and more.
The benchmark takes a few minutes to run, and requires no plugin installation or credentials for your WordPress site. As a result, you will get a list of all the tests we performed, along with some information on how to make things faster and more secure.
Note that we currently don’t take into account things like image compression, mobile friendliness, CSS rendering performance and other front-end metrics. So in addition to our benchmark, we encourage you to also look at reports from third-party tools like Google’s PageSpeed Insights or Pingdom’s Speed Test.
For sites with very poor TTFB scores, we strongly recommend you get yourself familiar with a PHP profiler, such as XHProf or Xdebug — run it locally, or ask your hosting provider what PHP profiling options are available on your account. The results of a PHP profile will not only tell you how slow the request was, but also where exactly it was slow. Don’t forget to keep an eye out on memory consumption!
If you have any questions about any of the tests, if you think you’ve found a bug, or if you simply need help with your WordPress site performance and security, don’t hesitate to e-mail us at support@pressjitsu.com.
Перевод: https://pressjitsu.com/blog/wordpress-performance-security-benchmark/
