Hi @saimrasheed, thanks for getting in touch.
Live Traffic is somewhat essential as it’s Wordfence reporting the events happening on your site. It’s effectively a visible byproduct of the action being taken by visitors to your site and any of Wordfence’s decision-making based on that.
If database resources are the issue, make sure to have Live Traffic set to SECURITY ONLY, reduce “Amount of Live Traffic data to store (number of rows)” to 1000, and “Maximum days to keep Live Traffic data (1-30 days)” to 7. You could choose a smaller number of days if you like to frequently check Live Traffic and are happy for it to be removed shortly afterwards.
As for general performance, Wordfence runs well and unintrusively on the vast majority of ~5m sites it’s installed on despite having to consider many server and plugin/theme combinations. We constantly work on making the plugin faster, perform better, and use less resources but there are not set amounts of RAM, CPU or database queries that we know Wordfence will definitely require in each use-case or hosting environment. The cases of slow-down are small in relation to the quantity of customers using Wordfence, but does crop up from time to time with certain configurations or larger databases/number of installed plugins.
For a screenshot of my recommended Performance setting options – Click Here.
You could also set max_execution_time = 60 in php.ini, Wordfence’s scan only ever attempts to use half of this value by default.
Your WP_MEMORY_LIMIT should be set to 128M or 256M in wp-config.php. WooCommerce, for example, recommend 64M minimum, so if you also have many hits on the site at once especially during a Wordfence scan, a lower limit here could be reached fairly easily. Your PHP memory_limit value chould also be adjusted to 128M or 256M to accommodate this change.
Aside from this, if there are any load-balancers or other APIs running on your server such as Litespeed or Cloudflare, you could check if these (or their configuration with Wordfence) are contributing in any way to the slow loading times. Cloudflare for example requires a bespoke Wordfence IP detection option selecting, and whitelisting of your own server’s IP in their settings for scans to run correctly.
Thanks,
Peter.
