This site consistently scores in the top 1% of web performance. A 51ms load time is approximately 70x faster than the industry average of 3.5 seconds. Here’s how it’s measured.
To put 51ms in perspective:
- A hummingbird flaps its wings once every ~50ms:
- A human blink takes 300-400ms — this page loads 6x faster
Cost Comparison At ~$23/month, this setup beats Wix ($27), Squarespace ($23), and Duda ($29) at their comparable tiers — the ones with custom code access and zero transaction fees. But those platforms still limit server access, caching control, and security configuration. Here, custom code is available alongside a full GUI for install, setup, and configuration — no command line required for day-to-day management. Everything beyond hosting is Free Open Source Software (FOSS) and fully customizable.
Exact percentiles aren’t published for load times under 150ms. However, at 51ms — 39x faster than the US average — this site defensibly ranks in the top 0.1% to 0.5% of all websites globally.
That’s 49x under Google’s “good” threshold of 2.5 seconds.
| Metric | This Site | Industry Avg |
|---|---|---|
| Pingdom Grade | A 98 | C (70-79) |
| Load Time | 51ms | 3.5s |
| Page Size | 47.2 KB | 2.5 MB |
| Requests | 7 | 70+ |
| GTMetrix | 100% / 100% | 65% / 75% |
| LCP | 207ms | 2.5s |
| TBT | 0ms | 150ms |
| CLS | 0 | 0.1 |
Performance
How It’s Done
Compacting Using Compression and Combining is responsible for the page size. Depending on content volume and types the capabilities of compressions will vary, but an unoptimized version of the tested page was nearly 10MB; not 48kb.
Basic rules for practice include:
- Understanding what actually needs to load on individual pages
- Standardizing how scripts, styles, and other assets are managed
- Removing tabs and white space in all scripts, styles and html
- Removing comments that can, in turn, be more verbose for knowledge transfer
- Combining multiple files based on content types (E.g. CSS, JS, etc.)
- Compressing everything into its most reducible working formats
- Articulate caching at multiple levels to permit dynamic content to load as if it were static
Security Note Exposure time between platform installation and security hardening is minimized using a one-click deployment strategy that configures the environment with everything except content.
Hosting Managed hosting (~$23/month) with server-level acceleration, in-memory object caching, and SSD storage with RAID redundancy.
CMS Block-based editing as a content development accelerator, minimal capability extensions, optimized queries, and deferred script loading.
Security 40+ active controls at network and application layers. [See Security section below]
Caching Orchestration 5-layer strategy with multiple optimizations in each:
- Page caching (full HTML served from memory)
- Object caching (database query results stored in memory)
- Bytecode caching (compiled PHP stored between requests)
- Browser caching (static assets cached client-side)
- Edge distribution (DNS routing and CDN delivery)
Assets Emoji scripts removed, admin stylesheets dequeued on frontend, CSS/JS minified and combined.
Fonts Self-hosted with multiple weights, trimmed from 50KB+ to ~10KB per weight by removing unused character sets. Rare characters (math symbols, etc.) fall back to system fonts.
Details Optimization followed content response analysis — targeting the largest percentage first, then iterating down:
Result HTML is now the highest percentage of page load. Further tweaks are subjective but continue to improve performance.
Rich Media Sized fit-for-purpose (no alternate sizes, no render-time scaling). WebP for images, compressed MP4 for video. Eliminates API calls to remote sources.
Scripts Dequeued where not needed. External calls removed or self-hosted.
External Dependencies External API calls reviewed on a lifecycle basis: catalog what’s bundled, load on demand where needed, routinely audit, and retire what’s unused. Font optimization followed this pattern — bundled fonts were evaluated, self-hosted, and trimmed to essential character sets.
One Click To eliminate the time between when the platform is online and security is configured a template to install, configure, and deploy everything but content with one command.
Security
40+ active controls protect this site at the network and application layers.
Firewall 6G ruleset blocking malicious query strings, bad user agents, and suspicious request methods.
Authentication MFA, Google reCAPTCHA on all forms, honeypot traps for bots.
Monitoring Automated file change detection with email alerts, fake Googlebot blocking, spam IP auto-blocking.
Hardening XML-RPC disabled, directory indexing off, debug log access blocked, clickjacking prevention enabled.