Skip to main content
Link to Pressjitsu home page
Log in
PricingFeaturesAboutContactBlogLog in

WordPress Performance Benchmark – A Year Later

Gennady Kovshenin
Post Date
Jun 8th, 2017

We launched our WordPress performance and security benchmark tool a little over a year ago. So far we’ve had almost 3500 benchmark runs across 2000 unique domains, so we decided to do a quick analysis of average and aggregate benchmark metrics.

Our free benchmark service gauges a handful of WordPress site parameters, including HTTPS and HTTP/2 availability, average time-to-first-byte (TTFB) of both cached and uncached responses, DNS performance and availability, WordPress core version and the webstack running it, security headers (HSTS, X-Frame-Options, etc.) and others. We weighted-score the results and present an overview of things that should be looked into and an overall performance and security grade.

The Metrics

Of course, these metrics represent only a specific slice of the WordPress community out there. A security- and performance-conscious WordPress administrator, working on improving their site, maybe looking to change hosting providers.

Secure HTTP55%
Forced HTTPS64%
Cookies on first visit43%

Uncached Response Times

Average uncached TTFB1826 msec
5th percentile160 msec
10th percentile242 msec
50th percentile889 msec
90th percentile3286 msec
95th percentile5343 msec

Cached Response Times

Average cached TTFB1018 msec
5th percentile124 msec
10th percentile137 msec
50th percentile418 msec
90th percentile1863 msec
95th percentile3213 msec

PHP Versions

We could not identify the PHP version from about 1500 of the sites that were benchmarked, but from those we successfully parse, here’s a chart showing the most used versions:

PHP Versions


On the one had, we’re glad to see that 50% of performance-conscious WordPress website admins and developers have an uncached time-to-first-byte of under a second, and a cached time-to-first-byte of under half a second. WordPress can be fast. But on the other hand we’re seeing as many slow WordPress sites here, with 10% of benchmarks showing almost 2 second for cached pages (if cache was really working) and over 3 seconds for uncached requests.

If you’re stuck with a sluggish WordPress site, the best and most proven course of action would be to profile it for bottlenecks. We wrote a performance profiling for WordPress guide last week, so be sure to check it out.

We’re also glad to see over 55% sites served over HTTPS (the portion is actually higher, about 85% but with invalid certificates, so they don’t count). We’re expecting this number to grow over time, especially since free SSL certificates for WordPress sites have been available for quite a while now. HTTP/2 was available on more than half of these, which is fantastic. And while 65% redirected from HTTP to HTTPS forcefully, only 35% issued HSTS headers.

On a sadder note, almost half of the sites issued cookies on first visit. While we don’t record the nature of the cookies presented, the majority are probably PHP sessions, and that is bad. Unique server-side cookies are to be avoided by any means necessary as they can really hurt your cacheability, by sending visits to separate cache buckets.

We’ll meet again in a year or so for a recap. Meanwhile, feel free to benchmark your WordPress site and see how you compare.

Ready-to-use expert knowledge right in your inbox
Sign up here for our weekly newsletter to get WordPress tips from industry experts.