I had speed issues with my WP installs for a while now. I could not figure out what I was doing wrong until now. I used too many plugins to block brute force attacks.
My default plugins for my WP installs are iThemes Security, Wordfence Security, and Jetpack. I use iThemes to change the WP-config and .htaccess files. iThemes has its own brute force protection. Wordfence is used a firewall and scanner. Jetpack has its own brute force protection. By disabling Jetpack’s brute force option, my sites sped up. I’m already protected with iThemes Security.
Sometimes I forget that a website suffers because of over-protection. When I overprotect my sites with a lot plugins, my sites suffer from performance issues. It is like doubling up on prophylactics… the effectiveness degrades because of friction. It is the same for plugins. Too many security plugins destroy the effectiveness of one security plugin.