PowerSEC is designed to be lightweight. Here's what to expect for performance impact and how to tune if needed.
Typical impact
For a site with average traffic (~1000 visits/day):
| Metric | Impact |
|---|---|
| Page load time | +5-20ms (well under perceptible) |
| CPU during scans | Spike to 30-50% for 30-60 seconds, then idle |
| Memory | +20-40 MB resident |
| Disk I/O | ~10-50 MB/day for logs and cache |
| Bandwidth | <1 MB/day to Central (compressed sync) |
When PowerSEC might slow your site
Initial scan (one-time, post-install): The first full malware scan can take 5-30 minutes and use 50% CPU. This happens once. After that, scans are incremental.
Backup creation (Pro): Initial full backup transfers all of wp-content. Subsequent backups are incremental and complete in seconds.
Tuning for performance
WP admin → PowerSEC → Settings → Performance:
- Scan schedule — change from "real-time" to "daily" or "weekly"
- WAF mode — change "Detect & Block" to "Detect only" (less CPU per request)
- AI features — disable if not using them
- Vulnerability check frequency — daily instead of hourly
Exclude paths from scanning
For sites with massive media libraries that don't change:
- Settings → Scan exclusions
- Add paths to skip (e.g.,
wp-content/uploads/2020/for old archived content)
To rule PowerSEC out as a cause
- Note your current page load time + memory usage
- Temporarily deactivate PowerSEC
- Compare metrics
- If the difference is <50ms or <10 MB, PowerSEC isn't your bottleneck