Performance Optimization - Adam Greenwell

Guard Dog is designed to have minimal impact on site performance. This guide helps you optimize Guard Dog for high-traffic sites and understand its performance characteristics.

Performance Overview

What Guard Dog Does NOT Impact

✅ Frontend page load times – Security checks only run on login/admin pages

✅ Content delivery – No overhead on regular page views

✅ Search engine crawling – No impact on SEO or site speed scores

✅ Static asset loading – CSS/JS only load where needed

What Guard Dog DOES Impact (Minimally)

Login/Registration Pages:

CAPTCHA script loading (~50-100KB, cached)
2FA verification (database query + cryptographic operation)
Login attempt checking (database query, cached)

Admin Area:

Activity log database writes (batched and optimized)
Access control checks (cached)

Impact: Negligible for most sites. Even high-traffic sites see <50ms overhead on login.

Performance by Feature

Custom Login URL

Impact: None

The custom login URL feature uses WordPress’s built-in routing. There is zero performance overhead.

Database queries: 0 additional queries

Page load impact: 0ms

CAPTCHA Protection

Impact: Low (only on login pages)

What happens:

JavaScript library loads from CDN (cached by browser)
API call to CAPTCHA provider on form submit
Server-side verification (1 external API call)

Database queries: 0

Page load impact:

Initial load: 50-150ms (CAPTCHA script)
Verification: 100-300ms (API call to provider)

Optimization:

CAPTCHA scripts are cached by browser after first load
Choose fast provider (Cloudflare Turnstile is fastest)
Only loads on login/registration pages

Two-Factor Authentication (App-Based)

Impact: Very Low

What happens:

Database query to fetch user’s TOTP secret
Cryptographic verification (HMAC-SHA1)
Database update on success

Database queries: 2 (read, write)

Page load impact: 5-15ms

Optimization:

TOTP verification is pure computation (very fast)
Database queries are simple, indexed lookups
No external API calls

Two-Factor Authentication (Email-Based)

Impact: Medium (external API call)

What happens:

Database query for user email
External API call to email provider
Email delivery

Database queries: 1

Page load impact: 200-1000ms (waiting for email API)

Optimization:

Email sending happens asynchronously (doesn’t block login)
Use fast email provider (Resend, SES)
Consider app-based 2FA for faster experience

Login Attempt Limiting

Impact: Very Low

What happens:

Database query to check attempt count
Database write to increment counter
All queries are cached (5 minutes)

Database queries: 2 (cached)

Page load impact: 2-10ms

Optimization:

Object caching enabled (WordPress cache)
Database table indexed on IP address
Expired lockouts automatically cleaned

Access Control

Impact: Very Low

What happens:

Check if IP in whitelist/blacklist (in-memory)
Settings loaded from WordPress options (cached)

Database queries: 0 (options cached by WordPress)

Page load impact: 1-3ms

Optimization:

Whitelist/blacklist stored in PHP memory
No database queries per request
Simple string comparison

Activity Log

Impact: Low to Medium (depending on configuration)

What happens:

Event logged to database
Batched writes (multiple events written at once)
Asynchronous where possible

Database queries: 1 per batch of events

Page load impact:

Immediate: 0-5ms (event queued)
Background: 10-50ms (actual database write)

Optimization:

Batch logging reduces database writes
Writes happen after response sent (non-blocking)
Limit events logged
Enable auto-cleanup

Temporary User Access

Impact: None (except during access token verification)

What happens:

Database query only when token URL accessed
No overhead on normal operations

Database queries: 1 (only when token used)

Page load impact: 5-10ms (only on token access)

Database Performance

Tables Created

Guard Dog creates these database tables:

wp_guard_dog_activity_log – Activity events
wp_guard_dog_login_attempts – Failed attempts and lockouts

Table Optimization

Indexes:

IP address indexed for fast lookups
User ID indexed for fast filtering
Timestamps indexed for date-range queries

Maintenance:

Optimize tables quarterly:

OPTIMIZE TABLE wp_guard_dog_activity_log;
OPTIMIZE TABLE wp_guard_dog_login_attempts;

Table Size Management

Activity Log:

~500 bytes per event
1,000 events = ~500KB
10,000 events = ~5MB
100,000 events = ~50MB

With automatic cleanup:

90-day retention with moderate logging
Most sites: 5-20MB
High-traffic sites: 50-200MB

Failed Login Attempts:

~200 bytes per IP
Usually < 1MB
Automatically cleaned (expired lockouts removed)

Caching Configuration

Object Caching (Recommended)

Enable object caching for best performance:

Redis:

// wp-config.php
define('WP_REDIS_HOST', '127.0.0.1');
define('WP_REDIS_PORT', 6379);
define('WP_CACHE', true);

Memcached:

// wp-config.php
define('WP_CACHE', true);

Benefits:

Login attempt data cached (5 minutes)
Plugin settings cached
Reduces database queries
20-30% performance improvement

Page Caching

Guard Dog is compatible with all page caching plugins:

✅ WP Super Cache
✅ W3 Total Cache
✅ WP Rocket
✅ LiteSpeed Cache
✅ Cloudflare

Why it works: Security checks run before page cache, ensuring proper protection.

CDN Compatibility

Guard Dog works with all CDNs:

✅ Cloudflare
✅ CloudFront
✅ KeyCDN
✅ StackPath

IP detection works correctly through CDN reverse proxies.

High-Traffic Optimization

For sites with 100,000+ monthly visitors:

1. Enable Object Caching

Impact: Reduces database load by 60-80%

Install and configure Redis or Memcached.

2. Limit Activity Log Events

Impact: Reduces database writes by 50-90%

Recommended events only:

Security events (all)
User creation/deletion
Role changes
Plugin/theme changes

Disable:

Post/page updates
Profile updates
Menu updates
Comment creation

3. Enable Automatic Cleanup

Impact: Keeps database size stable

Settings:

Retention: 30-60 days (high traffic) or 90 days (normal)
Auto-cleanup: Enabled
Runs daily via WordPress cron

4. Use Fast CAPTCHA Provider

Impact: Reduces login time by 100-300ms

Fastest to slowest:

Cloudflare Turnstile (~50ms)
Google reCAPTCHA v3 (~100ms)
hCaptcha (~150ms)
Google reCAPTCHA v2 (~200ms+)

5. Use App-Based 2FA

Impact: 200-800ms faster than email 2FA

App-based TOTP has no external dependencies and is instant.

6. Database Optimization

Regular maintenance:

-- Analyze tables (monthly)
ANALYZE TABLE wp_guard_dog_activity_log;
ANALYZE TABLE wp_guard_dog_login_attempts;

-- Optimize tables (quarterly)
OPTIMIZE TABLE wp_guard_dog_activity_log;
OPTIMIZE TABLE wp_guard_dog_login_attempts;

7. Limit Logged-In User Checks

For very high-traffic sites with many concurrent admins:

Whitelist admin IPs (skips many checks)
Use CAPTCHA (reduces bot login attempts)
Increase lockout duration (reduces database churn)

Performance Monitoring

Measuring Guard Dog Impact

Query Monitor Plugin:

Install Query Monitor
Access login page
Check “Queries” tab
Look for wp_guard_dog_* tables
Total queries should be <5

Server Timing:

Enable Server-Timing in wp-config.php:

   define('SAVEQUERIES', true);

Check response headers for timing breakdown

New Relic / Application Performance Monitoring:

Monitor database query time
Track Guard Dog-specific functions
Set alerts for slow queries

Performance Benchmarks

Typical overhead per login attempt:

Feature	Additional Time
Custom Login URL	0ms
CAPTCHA	100-300ms (external API)
Login Limiting	2-10ms
Access Control	1-3ms
App-Based 2FA	5-15ms
Email-Based 2FA	200-1000ms
Activity Logging	0-5ms (batched)
Total (all features, app 2FA)	108-333ms

For context:

Average WordPress login without Guard Dog: 200-500ms
With Guard Dog (all features): 300-800ms
Impact: 20-60% increase in login time
But login is infrequent, and security benefit is substantial

WordPress Optimization

Guard Dog works best on optimized WordPress installations:

PHP Version

Recommended: PHP 8.1 or 8.2

Performance improvement: 20-30% faster than PHP 7.4

PHP Settings

Optimize for Guard Dog:

; Increase memory for large activity logs
memory_limit = 256M

; Ensure enough execution time
max_execution_time = 30

; Sufficient for post data
post_max_size = 10M

MySQL/MariaDB Optimization

InnoDB settings:

innodb_buffer_pool_size = 256M  ; Increase for larger sites
innodb_flush_log_at_trx_commit = 2  ; Faster writes
innodb_flush_method = O_DIRECT  ; Better for SSDs

Database Connection Pooling

For very high-traffic sites, use persistent connections:

// wp-config.php
define('DB_PERSISTENT', true);

Load Testing

Test Guard Dog under load before going live:

Tools

Apache Bench:

# Test login page load
ab -n 100 -c 10 https://yoursite.com/your-custom-login-url

JMeter:

Create test plan
Simulate multiple login attempts
Measure response times
Check for slowdowns

LoadForge, Loader.io:

Cloud-based load testing
Simulate global traffic
Measure scalability

What to Test

Login page load (with CAPTCHA)
Failed login attempts (lockout performance)
Successful logins (2FA verification)
Activity log writes (bulk logging)
Admin area (with activity logging)

Success Criteria

Good performance:

Login page: < 2 seconds
Login verification: < 1 second
2FA verification: < 500ms
Activity log: < 100ms per event

Troubleshooting Performance

Slow Login Page

Symptoms: Login page takes >5 seconds to load

Causes:

Slow CAPTCHA provider

Test different providers
Check network latency to provider

Theme/plugin conflict

Switch to default theme
Disable other plugins
Profile with Query Monitor

Database performance

Check slow query log
Optimize database tables
Add indexes if missing

Server resources

Check CPU/memory usage
Upgrade hosting if maxed out

Slow Activity Log Page

Symptoms: Activity Log admin page loads slowly or times out

Causes:

Too many log entries

Clear old logs
Enable pagination
Reduce events logged

Missing database indexes

Deactivate/reactivate plugin
Recreates indexes

Slow queries

Avoid date range queries on millions of rows
Filter before sorting
Export in batches

Database Growing Too Large

Symptoms: Database size increasing rapidly, site slowing down

Causes:

Activity log not cleaned

Enable automatic cleanup
Set shorter retention period

Too many events logged

Disable verbose events (post updates, profile updates)
Keep security events only

Lockout table growing

Old lockouts not expired
Clear expired entries:

   DELETE FROM wp_guard_dog_login_attempts 
   WHERE lockout_expiry < NOW() - INTERVAL 7 DAY;

Scaling for Enterprise

For sites with millions of pageviews:

1. Separate Database Server

Move WordPress database to dedicated server:

Reduces load on web server
Allows database-specific optimization
Better resource allocation

2. Read Replicas

Use read replicas for Activity Log queries:

Writes go to primary
Reads come from replicas
Reduces primary database load

3. Application-Level Caching

Implement Redis/Memcached:

Cache plugin settings
Cache access control rules
Cache lockout status

4. CDN for Static Assets

Serve Guard Dog CSS/JS from CDN:

Faster delivery
Reduced server load
Geographic distribution

5. Horizontal Scaling

Multiple web servers behind load balancer:

Session management required
Shared database for consistency
Shared object cache (Redis cluster)

Performance Best Practices

✅ Enable object caching (Redis/Memcached)
✅ Use PHP 8.1+ for better performance
✅ Limit activity log events to what you need
✅ Enable automatic cleanup for logs
✅ Choose fast CAPTCHA (Cloudflare Turnstile)
✅ Use app-based 2FA (faster than email)
✅ Optimize database regularly
✅ Monitor performance with Query Monitor
✅ Load test before production
✅ Scale infrastructure as traffic grows

Conclusion

Guard Dog is designed for performance:

Minimal overhead on login pages
Zero impact on content delivery
Optimized database queries
Intelligent caching
Scalable architecture

With proper configuration, Guard Dog adds robust security without slowing down your site.