WordPress Performance Audit Checklist for 2026

Why Performance Audits Matter

WordPress powers over 40 percent of the web, but the average WordPress site loads in 3-4 seconds — well above the 2-second threshold that users and search engines expect. A systematic performance audit identifies the specific bottlenecks slowing your site and prioritizes fixes by impact.

This checklist covers every layer of the WordPress stack, from server configuration to frontend delivery. We use this framework when conducting WordPress performance optimization engagements.

Server Environment

PHP Version and Configuration

# Check current PHP version
php -v

# Verify OPcache is enabled
php -i | grep opcache.enable

# Recommended php.ini settings
opcache.enable=1
opcache.memory_consumption=256
opcache.interned_strings_buffer=16
opcache.max_accelerated_files=10000
opcache.revalidate_freq=60
opcache.save_comments=1
opcache.enable_cli=0

# PHP-FPM pool settings
pm = dynamic
pm.max_children = 50
pm.start_servers = 10
pm.min_spare_servers = 5
pm.max_spare_servers = 20
pm.max_requests = 500

Audit items:

• PHP 8.3 or 8.4 for supported production stacks
• OPcache enabled with sufficient memory
• PHP-FPM pool sized for your traffic level
• max_execution_time set to 30s (not 300s)
• memory_limit set to 256M (not 512M unless necessary)

Web Server Configuration

# nginx performance configuration
server {
    listen 443 ssl http2;

    # Enable gzip
    gzip on;
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_types text/plain text/css application/json application/javascript
               text/xml application/xml application/xml+rss text/javascript
               image/svg+xml;
    gzip_min_length 256;

    # Browser caching for static assets
    location ~* \.(jpg|jpeg|png|gif|ico|css|js|woff2|svg|webp|avif)$ {
        expires 365d;
        add_header Cache-Control "public, immutable";
        add_header Vary "Accept-Encoding";
    }

    # FastCGI cache
    fastcgi_cache_path /tmp/nginx-cache levels=1:2
        keys_zone=WORDPRESS:100m inactive=60m max_size=1g;
    fastcgi_cache_key "$scheme$request_method$host$request_uri";

    location ~ \.php$ {
        fastcgi_cache WORDPRESS;
        fastcgi_cache_valid 200 60m;
        fastcgi_cache_valid 404 1m;
        fastcgi_cache_bypass $skip_cache;
        fastcgi_no_cache $skip_cache;
        add_header X-Cache-Status $upstream_cache_status;
    }
}

Audit items:

• HTTP/2 or HTTP/3 enabled
• Gzip or Brotli compression active
• Static asset caching headers set (1 year for versioned assets)
• NGINX FastCGI cache or Varnish in front of WordPress
• TLS 1.3 with optimized cipher suites

Database Optimization

Query Performance

-- Find slow queries
SELECT * FROM information_schema.processlist
WHERE time > 2 AND command != 'Sleep';

-- Check table sizes and overhead
SELECT table_name,
       ROUND(data_length / 1024 / 1024, 2) AS data_mb,
       ROUND(index_length / 1024 / 1024, 2) AS index_mb,
       table_rows
FROM information_schema.tables
WHERE table_schema = 'wordpress'
ORDER BY data_length DESC;

-- Clean up post revisions (keep last 5)
DELETE FROM wp_posts WHERE post_type = 'revision'
AND ID NOT IN (
    SELECT ID FROM (
        SELECT ID FROM wp_posts WHERE post_type = 'revision'
        ORDER BY post_modified DESC LIMIT 5
    ) AS keep
);

-- Clean up transients
DELETE FROM wp_options WHERE option_name LIKE '%_transient_%'
AND option_name NOT LIKE '%_transient_timeout_%';

-- Optimize autoloaded options
SELECT SUM(LENGTH(option_value)) / 1024 AS autoload_kb
FROM wp_options WHERE autoload = 'yes';
-- Should be under 1MB

Audit items:

• Autoloaded options under 800KB
• No more than 50 active post revisions per post (limit in wp-config.php)
• Transients cleaned regularly
• wp_posts table indexed on post_type and post_status
• wp_postmeta has index on meta_key
• MySQL/MariaDB query cache appropriately sized
• InnoDB buffer pool set to 70-80 percent of available RAM

wp-config.php Optimization

// Limit post revisions
define('WP_POST_REVISIONS', 5);

// Increase autosave interval
define('AUTOSAVE_INTERVAL', 120);

// Disable file editing in admin
define('DISALLOW_FILE_EDIT', true);

// Object cache (Redis)
define('WP_REDIS_HOST', '127.0.0.1');
define('WP_REDIS_PORT', 6379);
define('WP_REDIS_DATABASE', 0);

// Optimize cron
define('DISABLE_WP_CRON', true);
// Use system cron instead:
// * * * * * cd /var/www/wordpress && php wp-cron.php

Plugin Audit

Plugins are the most common source of WordPress performance issues. Audit every active plugin:

# List all plugins with their impact
wp plugin list --fields=name,status,update

# Profile plugin load time
wp profile hook --all --spotlight --url=https://example.com

Audit items:

• Remove deactivated plugins entirely (they still load PHP files)
• Identify plugins adding excessive database queries (use Query Monitor)
• Replace heavy plugins with lightweight alternatives
• Check for plugins loading assets on every page when only needed on specific pages
• Verify no plugin conflicts causing PHP errors
• Total plugin count under 25 for most sites

Object Caching

Redis Configuration

# Install Redis
sudo apt install redis-server

# Verify Redis is running
redis-cli ping
# Expected: PONG

# Install WordPress Redis plugin
wp plugin install redis-cache --activate
wp redis enable
wp redis status

Audit items:

• Redis or Memcached installed and connected
• Object cache hit ratio above 85 percent
• Redis maxmemory set appropriately (256MB-1GB depending on site size)
• maxmemory-policy set to allkeys-lru

Frontend Performance

Core Web Vitals

# Test with Lighthouse CLI
npx lighthouse https://example.com --only-categories=performance --output=json

# Key metrics to check:
# LCP (Largest Contentful Paint) < 2.5s
# FID (First Input Delay) < 100ms
# CLS (Cumulative Layout Shift) < 0.1
# INP (Interaction to Next Paint) < 200ms

Audit items:

• Images converted to WebP/AVIF with proper sizing
• Lazy loading on below-the-fold images
• Critical CSS inlined, non-critical CSS deferred
• JavaScript deferred or loaded async where possible
• No render-blocking resources in the head
• Font display set to swap for custom fonts
• Preload LCP image and critical fonts

CDN Configuration

Audit items:

• CDN active for all static assets (images, CSS, JS, fonts)
• CDN caching headers properly configured
• Origin pull zones set up correctly
• CDN invalidation working for deployments
• Consider full-page CDN caching for logged-out visitors

Security-Performance Intersection

Several security measures also improve performance:

• Block bad bots at the server level (reduces unnecessary PHP execution)
• Use Cloudflare or AWS WAF to filter malicious traffic before it hits WordPress
• Disable XML-RPC if not needed (add_filter('xmlrpc_enabled', '__return_false'))
• Limit login attempts to prevent brute-force load

Monitoring After Optimization

Set up ongoing monitoring to catch performance regressions:

• Uptime monitoring with response time tracking
• Weekly Lighthouse CI runs against key pages
• Real User Monitoring (RUM) for actual visitor experience data
• Database slow query log enabled and reviewed monthly

Expected Results

A thorough performance audit and optimization typically achieves:

• TTFB under 200ms (from 800ms+ typical)
• LCP under 1.5s (from 3-4s typical)
• PageSpeed score above 90 (from 40-60 typical)
• Database query count under 30 per page (from 100+ typical)

For a hands-on performance audit and optimization of your WordPress installation, explore our WordPress optimization services. Regular audits ensure your site maintains peak performance as content and traffic grow.