WordPress Performance · Springfield, MO

A Full Checklist of LiteSpeed WebAdmin Settings

By

Thomas McKee Logo

TL;DR

  • Enable LSCache, HTTP/3/QUIC, Brotli, and Redis Object Cache via /var/run/redis/redis.sock for a fast WordPress baseline.
  • Use ESI for logged-in fragments (cart, admin bar), serve stale briefly during re-gen, and keep CSS/JS tweaks incremental.
  • Verify wins with headers (x-litespeed-cache, x-redis-cache) and Lighthouse/Core Web Vitals.
  • Need help locally? See SEO Services (Springfield, MO), Website Design, or Get in Touch.

About this Guide (LSWS Enterprise 6.3.4 + Redis)

This comprehensive checklist covers every major page in the LiteSpeed WebAdmin Console for LiteSpeed Web Server Enterprise 6.3.4, tuned for WordPress using a Redis UNIX socket at /var/run/redis/redis.sock. It’s written in a direct, concise voice but dives deep enough to help admins struggling with performance stabilize their stack and improve rankings—especially for businesses targeting SEO Springfield MO.

Legend: Items marked with red indicate the recommended configured values. Unmarked items are explained and usually left at defaults unless you have a special case.

Server Configuration (All Pages)

Tuning

  • RAM Disk Path: Optional (e.g., /dev/shm/lsws) for small temp/cache files. Improves I/O for tiny objects; monitor memory.
  • Default SHM Directory: Default is fine unless support advises otherwise.
  • Bind IPv6 Only: Leave OFF unless doing IPv6-only. Dual-stack is common.
  • Reverse DNS Lookup: OFF to avoid DNS latency on each request.
  • Verify Google Bot: Enable only if you’re combating fake Googlebots; adds small overhead.
  • Secure Cookie Control: Optional; many sites handle this via app/security plugin/CDN.
  • PROXY Protocol: OFF unless behind an LB that sends PROXY headers.

Connection

  • Max Connections: 10000. Ensure OS and PHP worker limits can support this.
  • Max SSL Connections: 10000. Match Max Connections unless TLS offloaded elsewhere.
  • Connection Timeout (secs): 120. Reasonable ceiling for slow backends.
  • Max Keep-Alive Requests: 10000. Reduces handshake cost on asset-heavy pages.
  • Keep-Alive Timeout (secs): 10. Lower on extreme concurrency if sockets linger.
  • Send/Receive Buffer Size: 0 (auto). Kernel tuning is usually best.

Request/Response

  • Max Request URL Length: 8192 bytes — avoids 414s with filter parameters.
  • Max Request Header Size: 16380 bytes — covers cookies + CDN headers.
  • Max Request Body Size: 500M — adjust to business policy.
  • Max Dynamic Response Header Size: 8K — increase only if you hit large Set-Cookie issues.
  • Max Dynamic Response Body Size: 500M — for large exports; typically not reached.

Static File Delivery

  • Max Cached Small File Size: 4096 bytes — tiny object L1 cache.
  • Total Small File Cache Size: 20M — raise if you serve many tiny SVG/ico.
  • Max/Total MMAP: 256K / 40M — good for small static files.
  • Use sendfile(): ON — efficient kernel-level static delivery.
  • Use Asynchronized disk I/O (AIO): ON — modern kernels benefit.
  • AIO Block Size: 1M — keep default unless profiling suggests otherwise.
  • File ETag: Default — rely on cache-control + last-modified for most assets.

GZIP/Brotli Compression

  • Enable Compression: ON — compress text assets.
  • Compressible Types: Ensure text/html, text/css, application/javascript, application/json, image/svg+xml included.
  • Enable GZIP Dynamic Compression: ON; Level 6.
  • Brotli Dynamic Level: 3 (CPU-friendly). Static Level: 56.
  • Auto Update Static File: ON — refresh precompressed copies when originals change.
  • Static Cache Directory: Ensure the path exists and is writable if you override the default.

SSL Global

  • Default Cipher Suite: Keep modern TLS 1.2/1.3 defaults — strong and widely compatible.
  • SSL Strong DH Key: ON (≥2048-bit) — improved PFS for TLS 1.2.
  • Multiple SSL Certificates: ON if SNI per domain.
  • Handshake Offload: Optional; consider if CPU becomes a TLS bottleneck.
  • Enable Session Cache/Tickets: ON — set ticket lifetime ~ 300–600s for reuse.
  • OCSP Stapling/Proxy: ON if available — faster validation.
  • Strict SNI Certificate: ON — avoids wrong-site certificate fallback.

HTTP/3 (QUIC)

  • Enable HTTP/3/QUIC: ON.
  • Versions: h3.
  • Congestion Control: Default; BBR at OS level can help.
  • Flow Control Windows/Max Streams: Defaults are fine unless tuning high-bandwidth scenarios.
  • Handshake Timeout: 3–5s; Idle Timeout: 10–30s.
  • Firewall: Open UDP/443 in addition to TCP/443.

Cache (Server Level)

  • Cache Features: Enable public/private + ESI.
  • Storage Path: Fast and writable (e.g., /dev/shm/ls-static-cache on tmpfs). Best for micro-cache/static assists.
  • Cache Manager Path: Default.
  • Public Storage Expire: ~1440 minutes baseline.
  • No Hit Expire: ~5–10 minutes to avoid hoarding never-hit entries.
  • Respect Cacheable: ON — do not cache no-store/private responses.
  • Max Object Size: Default; raise only if caching very large HTML.
  • Cache Stale Age: 60–120s — serve stale while re-generating.
  • POST Cache: OFF except special endpoints you know are cacheable.
  • Do-Not-Cache: Add /wp-admin/*, /cart/*, /checkout/*, /my-account/*.

Security & Access Control

  • WebAdmin Access: *:7080, secure 1, limit allowedList to your IP/CIDR.
  • ModSecurity: ON with OWASP3; tune noisy rules around admin-ajax and cart/checkout.
  • reCAPTCHA/Anti-DDoS: Enable if you see brute-force on /wp-login.php or XML-RPC.
  • Security Headers: You can add CSP/X-Frame/X-CTO; ensure compatibility with CDN and third-party scripts.

Listeners (HTTP/HTTPS) & QUIC

HTTPS Listener

  • Address: *:443Secure: ON • SNI certificates per domain.
  • Enable QUIC: ON (remember UDP/443).
  • HSTS: Optional; enable only after validating subdomains/CDN.

HTTP Listener

  • Address: *:80 and redirect to HTTPS at vhost to consolidate SEO signals.

Virtual Hosts (WordPress specifics)

  • Enable LSCache: ON — plugin controls keys/TTL/purge.
  • Rewrite: Standard WP rules; LSCache will add its own via advanced-cache.php.
  • ESI: ON for WooCommerce fragments and admin bar for logged-in users.
  • Do-Not-Cache: /wp-admin/, /cart/, /checkout/, /my-account/.
  • Access Control: Block /xmlrpc.php unless needed; rate-limit /wp-login.php.
  • PHP suEXEC User: cPanel user who is a member of the redis group.

PHP LSAPI & OPcache

Handler

  • LSAPI: Use LSAPI (not CGI/suPHP) for low overhead and native LiteSpeed integration.

OPcache (php.ini)

opcache.enable=1
opcache.memory_consumption=256
opcache.max_accelerated_files=20000
opcache.validate_timestamps=1
opcache.revalidate_freq=2
; Large sites:
; opcache.memory_consumption=512

OPcache removes repetitive PHP compilation and reduces TTFB spikes—great for UX and SEO Springfield MO results.

Redis Socket Setup & Validation

Use a UNIX socket for local Redis to remove TCP overhead. Ensure site users are in the redis group and that open_basedir includes /var/run/redis/ if enforced.

Quick Checks

# Socket present and accessible?
ls -l /var/run/redis/redis.sock
# Expect: srw-rw---- redis redis ...

# PING over socket
redis-cli -s /var/run/redis/redis.sock PING

# PHP test
php -r '$r=new Redis();var_dump($r->connect("/var/run/redis/redis.sock"));'

WordPress → LiteSpeed Cache → Cache → Object

  • Object Cache: ON
  • Method: Redis
  • Host: /var/run/redis/redis.sock
  • Port: (blank)
  • Persistent Connection: ON
  • DB ID: 0–15 (unique per site)
Heads-up: If Object Cache won’t stay ON, remove competing wp-content/object-cache.php from other cache plugins, confirm the user is in redis group, and allow the socket path in open_basedir.

Verification, Logs & WP-CLI

HTTP Headers & HTTP/3

# Run twice; expect x-litespeed-cache: hit on the 2nd request
curl -I https://example.com | egrep -i 'x-(litespeed|redis)-cache|content-encoding'
curl -I https://example.com | egrep -i 'x-(litespeed|redis)-cache|content-encoding'

# HTTP/3 check (requires UDP/443 open)
curl -I --http3 https://example.com

WP-CLI helpers

# Purge everything
wp litespeed-purge all

# Inspect LSCWP config (serialized string; line-break for readability)
wp option get litespeed-conf | sed 's/;/;\n/g' | less

Server Logs

  • LSWS main/error logs — confirm listener binds, TLS, and QUIC handshakes.
  • ModSecurity audit logs — review before blocking rules on critical endpoints.

Pro Tips & Tips/Tricks

  • Change control: Flip one optimization at a time; retest Lighthouse (INP, CLS) and Woo checkout paths.
  • Serve stale: A short stale window (60–120s) keeps TTFB low during purges and deploys.
  • Guest Mode: Speedy for anonymous traffic; validate personalization still works.
  • Edge cache: For national audiences, use QUIC.cloud or a single primary CDN (avoid double rewrites).
  • Staging: Mirror production to trial Page Optimization safely.

Key Takeaways

  • Enable LSCache, HTTP/3, Brotli, and Redis socket object cache to lock in a fast baseline.
  • Use ESI and cache exclusions for logged-in and transactional pages.
  • Measure outcomes (headers + Core Web Vitals) after every change—don’t guess.

Sources & Further Reading

Need ongoing help tuning performance and rankings in Greene County? Explore our local SEO services and Springfield website design.