Performance
What the WP Pro Host stack achieves, how we measure it, and how to benchmark your current hosting against it.
<200ms
Target TTFB (warm cache)
Google "Good" threshold is 800ms
<0.8s
Average page load
All assets from CDN edge
<2.5s
LCP target
Google "Good" Core Web Vitals
HTTP/3
Protocol
Lower latency on mobile
Time to First Byte (TTFB) is the most important server-side performance metric. It measures the time from when a browser sends a request to when it receives the first byte of the response -- everything that happens on the server before the browser can start rendering.
| TTFB | Rating | What it means |
|---|---|---|
| Under 200ms | Excellent | WP Pro Host target. Achievable with server-level caching active. |
| 200-800ms | Good | Google "Good" threshold. Acceptable for most sites. |
| 800ms-1.8s | Needs work | Common on shared hosting under moderate load. Frontend optimisation won't fix this. |
| Over 1.8s | Poor | Server bottleneck. Typically shared hosting under load or misconfigured infrastructure. |
TTFB thresholds sourced from Google's Web Vitals documentation.
Cached pages are served directly by LiteSpeed without invoking PHP. Response time for a cached page is measured in microseconds, not milliseconds. This is the fastest possible path for a WordPress page request.
Database read speed directly affects TTFB for uncached requests. NVMe delivers 5-7ร faster sequential read than SATA SSD. WordPress database queries complete faster -- lower TTFB on every dynamic request.
Frequently-used database query results are stored in RAM. Repeat queries -- navigation menus, widget data, transients -- are served from memory rather than storage. Database load drops, TTFB drops.
PHP opcache stores compiled bytecode in memory, eliminating recompilation on every request. Combined with LSAPI's efficient worker model, PHP execution time is minimised.
On shared hosting, your TTFB varies with server load. When neighbours spike, your server gets slower. On dedicated bare metal with isolated accounts, your TTFB is consistent regardless of other activity on the machine.
Network round-trip from a UK browser to a UK server is 5-20ms. To a US server, 80-120ms. For uncacheable requests that must reach the origin, UK hosting provides consistently lower baseline TTFB for UK visitors.
Google uses Core Web Vitals as a ranking signal. Three metrics matter for WordPress hosting performance:
Fast origin TTFB + CDN delivery of images. NVMe storage and LiteSpeed caching directly reduce LCP. QUIC.cloud CDN serves images and static assets from the edge closest to the visitor.
Replaced FID in 2024. Measures responsiveness to all user interactions. Heavy JavaScript and slow API calls are the primary drivers -- hosting affects this via PHP response time for AJAX requests.
Primarily a frontend problem (image dimensions, font loading). Server response speed affects CLS indirectly through render-blocking resource delivery speed.
Before and after a hosting migration, these free tools give you objective data:
pagespeed.web.dev
Real-user Core Web Vitals data from the Chrome User Experience Report, plus lab-based Lighthouse scores. Best for understanding real-world performance.
webpagetest.org
Test from specific locations (London recommended for UK sites). Shows TTFB, waterfall, and time-to-interactive. Free. Best for diagnosing specific bottlenecks.
gtmetrix.com
Synthetic testing from Vancouver by default -- choose London server for UK-relevant results. Good for repeated testing and comparison.
search.google.com/search-console
Core Web Vitals report shows real-user data from your actual visitors. The most important signal because it's what Google uses for ranking.
Test your TTFB first. If it's consistently above 800ms, no amount of frontend optimisation will fully compensate -- the server is the bottleneck.
Free migration on every plan. We move your site to WP Pro Host -- test the speed difference before you commit fully.
Security
Two layers of active protection โ server-level and CDN โ built in as standard. Not an add-on, not an upgrade.
Enterprise DDoS Protection
Dual-layer defence โ our CDN absorbs volumetric attacks at the network edge; server-level protection blocks application-layer threats before they reach WordPress.
Web Application Firewall
Active WAF at both CDN and server level. Blocks SQL injection, XSS, and malicious request patterns automatically, with continuously updated rules.
Real-Time Malware Scanning
Continuous server-wide scanning detects infections the moment they occur. Automatic cleanup included โ no extra charge, no waiting for a ticket.
Automated WordPress Hardening
Security settings are enforced automatically across every site: file permissions, wp-config.php lockdown, PHP execution blocked in uploads, XML-RPC disabled, and admin rate limiting โ all kept in sync without manual intervention.
Login & Brute Force Protection
Server-level rate limiting on wp-login, automatic IP blocking on repeated failures, and CAPTCHA enforcement. Offending IPs are blocked before they slow your site.
Container Isolation (Enhance CP)
Every site runs in an isolated container. A compromised site cannot affect neighbouring accounts โ no shared PHP processes, no shared filesystem access between customers.
IP Reputation & Country Blocking
Continuously updated threat intelligence blocks known malicious IPs at the server level. Country-level restrictions available where appropriate.
Vulnerability Scanning & Patching
Weekly scans across all WordPress installations identify vulnerable plugins, themes, and core files. Bulk update tools apply patches server-wide automatically.
Uptime & Keyword Monitoring
Real-time uptime monitoring with keyword checks โ we know if your site goes down or serves unexpected content before your customers do.
All security features included on every plan โ no add-ons, no upgrades required.
Full Security Overview โ