Dogweather

Robert Shecter

The Hidden Dangers of Beautiful Themes

Some of the best-designed and officially featured WordPress themes aren’t built to handle mid-volume traffic. Just one incoming link from a semi-popular page can take your server down.

A New Blog for a Web App

The featured “News” theme that crashed my server

Everything started out smoothly. Like thousands of developers do every day, I set up a new WordPress installation to support a new web app I’m getting online. I’ve got a Linode 1536 which is perfect for this ?. It has gigs of free disk space and 800MB of unused RAM just for cache. And these virtual servers are fast. Mine hosts about 15 Rails and WordPress apps and the system load never gets up to 1.0.

For me, the hardest (and most fun) part of setting up a new blog is choosing the theme. I didn’t want to waste time, so I looked only at WordPress’s one-page “featured” themes list and chose News — a conservative theme with personality.

I wrote a few posts to get started, posted a link to one on Reddit, and went to sleep.

I Woke Up but My Server Wasn’t There

The network traffic graph gives a dramatic view of the server crash

At around 9am, I was in for a shock: no web pages were loading and it took 2 minutes to simply ssh in. There were about a million Apache processes running and the system was out of memory. Checking on Reddit, I saw that the post was getting a good amount of traffic: it was at the top of the r/programming subreddit. It had a couple of hundred up-votes; a lot, but certainly not an apocalypse. So this was odd. I also saw that someone reposted it to the Hacker News. (Nice!) Except that the posts were only noting that the site was offline (Not nice.)

Discovering the Culprit: the Theme

A helpful Hacker News reader suggested “Caching is your friend”. That was my first thought as well. WordPress by default is just a PHP app, doing a lot of repetitious work with every request. But that didn’t feel right. This was a brand new blog, after all, and the requests were all for one simple page.

More Posts

18 responses to “The Hidden Dangers of Beautiful Themes”

  1. Rachael Schmink Avatar
    Rachael Schmink

    “I wrote a few posts to get started, posted a link to one on Reddit, and went to sleep.”

    Well that was your first mistake right there. Never post a link on Reddit only to just go to sleep.

    Reply
  2. name Avatar
    name

    Reducing the request count was the right idea. Improving the load times could be done to move some content to a different domain. The Browser will then be capable to speed up since it can handle more connections with more domains.

    Using the the old design and locate stuff to a different domain will not “solve” the issue. Just postpone it to another day. You can’t solve issues with hardware if the software has “errors”.

    Reply
    1. huxley Avatar
      huxley

      Both are good ideas but often aren’t practical for many theme users. Sadly theme makers don’t make money from efficient design, so reducing requests or moving to subdomains is an exercise left to the theme user.

      But if you’re using a theme, you may not be experienced enough to modify it to either reduce requests or move it to a subdomain. A bit of a catch-22 which leaves you frustrated when a good server is brought to its knees.

      Reply
      1. robb Avatar
        robb

        @name & @huxley, I agree with both of you. Maybe the solution is an automated testing setup for themes in the WordPress “codex”. Each theme could then be listed with a YSlow score. And themes scoring too low would be cut from the “featured” list.

      2. Masklinn Avatar
        Masklinn

        An interesting option could be to have some sort of themes CDN, all themes would get their static assets from there sharing caches across the theme’s userbase and preventing an excessive theme from blowing up blogs.

      3. robb Avatar
        robb

        That ain’t a bad idea either. All of these identical themes installed redundantly, thousands of times over …

  3. Alexander Shatilo Avatar
    Alexander Shatilo

    Having your own VPS, you’d better use Nginx instead of Apache.

    Reply
  4. John McLear Avatar
    John McLear

    Varnish cache w/ wordpress is your friend.

    Reply
  5. Quora

    How is the Theme Installer / featured theme list created?…

    I’d like to help improve it; make an automated YSlow / Page-Speed testing & rating system. Because, I just had a disastrous experience with one of these featured themes, “News”. Its design causes it to make 47 http requests back to the server for ea…

    Reply
  6. “I Woke Up but My Server Wasn’t There” – WPLover | WPLover

    […] Read the story here Links 24 April 2012 0 […]

    Reply
  7. Auch Themes können Server lahmlegen | dreitehabee

    […] sind nicht nur die Plugins, die eine WordPress-Installation lahmlegen können. Es kann auch das Theme selbst sein. Every visit to that blog post was generating 47 server requests. 36 of those were for images. […]

    Reply
  8. Doug Stewart Avatar
    Doug Stewart

    You could also save some loads using an on-demand image loading plugin, e.g. the excellent Lazy Load.

    Reply
    1. robb Avatar
      robb

      Great suggestion – thanks!

      Reply
  9. David Avatar
    David

    well, (maybe)
    1. when you sprite all images in the theme, it’s going to be hard for end-user to modify the theme. (and alot of end-user modify the theme)
    2. news theme use 2 of custom font (lobster and league gothic), of course justin tadlock/ tung do (the developer) can use google font to reduce request. but i think maybe there’s a reason. (maybe not all country can access google server, i’m not sure too..)

    but yes, this theme at least need to sprite the images, not all, but reduce it to 2-3 images . and some image element can be replace just using css. (border radius etc..)

    (sorry for my english, it’s not my native language)

    Reply
  10. WP Late Night #6: "Gravy train to gold island" | WPCandy

    […] at all, please: WordPress OverLordMr. Web / The Web GuyCopyblogger’s PremisePaid Memberships ProThe hidden dangers of beautiful themes by robbYSlowPagespeedPingdomShane Sanderson’s blog post about Page.ly and WP EngineEpisode #3 of WP Late […]

    Reply
  11. wp-coder.net » WP Late Night #6: “Gravy train to gold island”

    […] The hidden dangers of beautiful themes by robb […]

    Reply
  12. Auch Themes können Server lahmlegen – mkln.org

    […] 24. April 2012 Auch Themes können Server lahmlegen […]

    Reply
  13. WordPress.com vs. Managed WordPress Hosting | The Robb Report Avatar
    WordPress.com vs. Managed WordPress Hosting | The Robb Report

    […] or child themes, but many pre-tested themes are provided. This is important. Did you know that innocuous-looking themes can crash your site? Plus, access to the fonts, color scheme, and CSS provides a lot of […]

    Reply

Leave a reply to John McLear Cancel reply