Skip to content 
The WordPress JSON response often determines how quickly a page feels like it has been built: too large payloads, slow queries and a lack of caching drive up TTFB and LCP. I'll show you how to make the WordPress JSON response measurably leaner, accelerate requests and measurably Loading time gain - without losing functionality.
Key points
- Payload reduce: Limit fields, streamline end points.
- Queries bundle: Avoid N+1, tidy up options.
- Caching layers: ETag, object cache, browser cache.
- Transportation optimize: HTTP/3, Brotli, set header correctly.
- trade fairs and act: TTFB, LCP, track query times.
Why JSON responses slow down the loading time
Standard endpoints such as /wp/v2/posts often provide complete post objects that many projects never need, which makes the amount of data unnecessarily bloated. 20 posts quickly become 100+ KB of JSON, which the browser first has to parse. N+1 query patterns arise in stores and large blogs: WordPress first loads posts, then it pulls meta fields for each post - this adds up noticeably. If there is no compression or only Gzip is used, the transfer time also increases, while Brotli often saves more. I therefore prioritize three levers: smaller Responses, fewer queries, aggressive caching.
Hosting as the basis for fast APIs
Before I optimize code, I check the TTFB of hosting: High latencies kill any API gains. NVMe SSDs, HTTP/3 and an object cache take pressure off PHP and the database. A fast stack noticeably shortens the response time, especially with many GET requests. For a deeper understanding, a Loading time analysis with a focus on REST endpoints. The table shows typical measurement points that I use as a guide to create a Decision meet.
| Hosting provider | TTFB | API response time | Price | Note |
|---|---|---|---|---|
| webhoster.de | <200 ms | <120 ms | from 2,99 € | Fast thanks to NVMe, HTTP/3, Redis |
| Other | >500 ms | >500 ms | variable | Slowly with API load |
Defuse database queries
N+1 queries drive the Runtime high, so I combine queries instead of pulling meta data individually per post. I use meta_query in a single get_posts() request to reduce round trips. I also clean up wp_options: large autoload entries (autoload=’yes‘) lengthen every page, including API calls. In WooCommerce, I switch to HPOS so that order queries run faster. The fewer individual steps WordPress needs, the more efficient the API.
// Bad: N+1
$posts = get_posts();
foreach ($posts as $post) {
$meta = get_post_meta($post->ID, 'custom_field');
}
// Good: A query
$posts = get_posts([
'meta_query' => [
['key' => 'custom_field', 'compare' => 'EXISTS']
]
]);
Reduce payload in a targeted manner
I store unnecessary fields from the Response and use the _fields parameter consistently: /wp/v2/posts?_fields=id,title,slug. This often halves the transfer size immediately. I also set per_page defensively, deactivate unused endpoints (e.g. /wp/v2/comments) and avoid _embed if I don't need embeds. I only provide my own endpoints with the data that the interface actually renders. Every saved property saves Milliseconds.
Caching for JSON responses
I combine several caching layers: ETag and Last-Modified for the browser, a Object cache like Redis on the server and a moderate TTL via cache control. This means that WordPress does not have to recalculate the response if the data remains unchanged. For GET endpoints, it is worth using stale-while-revalidate so that users get something immediately while the server updates in the background. Brotli compression often compresses JSON better than Gzip, which reduces the Transmission accelerated once again.
add_filter('rest_post_dispatch', function ($response, $server, $request) {
if ($request->get_method() === 'GET') {
$data = $response->get_data();
$etag = '"' . md5(wp_json_encode($data)) . '"';
$response->header('ETag', $etag);
$response->header('Cache-Control', 'public, max-age=60, stale-while-revalidate=120');
}
return $response;
}, 10, 3);
Fine-tune HTTP header and transport
Correct headers take up a lot of time, so I set VaryAccept-Encoding and Date. I activate HTTP/3 and TLS resumption so that handshakes cost less latency. For CORS-protected endpoints, I define Access-Control-Max-Age so that preflights remain in the cache. Long keep-alive intervals help to send multiple API calls over the same connection. A compact overview with practical details can be found in this REST API Guide, which I like to call Checklist use.
Front-end integration: loading when it makes sense
I load JSON „later“, not „later maybe“: Critical content comes immediately, everything else via fetch after. I mark blocking scripts as defer and segment bundles so that first paints occur earlier. For really critical files, I set preload, while prefetch does lighter preparatory work. If the API delivers heavy blocks, I render a skeleton UI so that users get feedback. This keeps the interaction fast, while data is processed in the background. roll in.
// Example: load asynchronously
document.addEventListener('DOMContentLoaded', async () => {
const res = await fetch('/wp-json/wp/v2/posts?_fields=id,title,slug&per_page=5', { cache: 'force-cache' });
const posts = await res.json();
// call render function...
});
Advanced techniques for professionals
A service worker intercepts GET requests, stores responses in a Cache and delivers directly when offline. For recurring, expensive data, I keep transients or use Redis so that PHP has minimal work. I set heartbeat in the frontend to longer intervals so that Ajax noise doesn't clog up the line. I remove theme ballast: Unused CSS/JS costs time and increases the critical path. For cron jobs, I postpone heavy tasks to times with little Traffic.
Measuring: From symptom to cause
I start with TTFB measurements and compare cache hit vs. miss to get real Causes to separate. Query Monitor shows me which queries dominate and where I need to index or summarize. PageSpeed and Web Vitals data puts LCP, INP and CLS into a context that makes priorities clear. For slow first bytes, I check hosting, PHP version, object cache and network latency. If I need fewer calls, this guide helps me to Reduce HTTP requests at the Strategy.
Schema design and validation for custom endpoints
Your own endpoints perform particularly well if you Scheme is lean and strict right from the start. I define parameters with types, defaults and validation so that the server has less work with invalid requests and clients only request the data they really need. I also prepare the response in a targeted manner and remove fields that are not needed on the UI side.
add_action('rest_api_init', function () {
register_rest_route('perf/v1', '/articles', [
'methods' => 'GET',
'args' => [
'per_page' => ['type' => 'integer', 'default' => 10, 'minimum' => 1, 'maximum' => 50],
'_fields' => ['type' => 'string'], // is parsed by the core
],
'permission_callback' => '__return_true',
'callback' => function (WP_REST_Request $req) {
$q = new WP_Query([
'post_type' => 'post',
'posts_per_page' => (int) $req->get_param('per_page'),
'no_found_rows' => true, // saves expensive COUNT(*)
'update_post_meta_cache' => true, // meta in one go
'update_post_term_cache' => false, // do not load term data
'fields' => 'ids', // first IDs, then slim format
]);
$items = array_map(function ($id) {
return [
'id' => $id,
'title' => get_the_title($id),
'slug' => get_post_field('post_name', $id),
];
}, $q->posts);
return new WP_REST_Response($items, 200);
}
]);
});
With fields => ‚ids‘ I save database overhead, prepare the minimum payload myself and can tailor the output precisely to my frontend. Validated parameters also prevent extremely large per_page values from slowing down the API.
Reduce pagination, totals and COUNT() costs
The standard controllers provide X-WP-Total and X-WP-TotalPages. This sounds helpful, but often costs a lot of time because it is counted in the background. If I don't need this metadata in the UI, I deactivate it via the query level using no_found_rows. This significantly reduces the load on the database in list views.
// Totals für Post-Collection sparen
add_filter('rest_post_query', function ($args, $request) {
if ($request->get_route() === '/wp/v2/posts') {
$args['no_found_rows'] = true; // keine Totals, keine COUNT(*)
}
return $args;
}, 10, 2);
I also note that large offsets (page high, per_page large) can become noticeably slower. In such cases I use Cursor-based Pagination (e.g. by ID or date) in separate end points to scroll through deep pages with high performance.
Cache validation and consistency
Caching is only as good as its Invalidation. I define clear rules: If a post is saved or its status is changed, I delete or renew the affected cache keys. This keeps responses up to date without emptying all caches blindly.
// Beispiel: gezielte Invalidierung bei Post-Änderungen
add_action('save_post', function ($post_id, $post, $update) {
if (wp_is_post_revision($post_id)) return;
// Keys nach Muster invalidieren (Object Cache / Transients)
wp_cache_delete('perf:posts:list'); // Listenansicht
wp_cache_delete("perf:post:$post_id"); // Detailansicht
}, 10, 3);
// 304 Not Modified korrekt bedienen
add_filter('rest_pre_serve_request', function ($served, $result, $request, $server) {
$etag = $result->get_headers()['ETag'] ?? null;
if ($etag && isset($_SERVER['HTTP_IF_NONE_MATCH']) && trim($_SERVER['HTTP_IF_NONE_MATCH']) === $etag) {
// Schnellweg: keine Body-Ausgabe
header('HTTP/1.1 304 Not Modified');
return true;
}
return $served;
}, 10, 4);
Important: Only GET should be publicly cacheable. For POST/PUT/PATCH/DELETE I set aggressive no-cache headers and make sure that edge/browser caches do not hold such responses.
Security: Auth, cookies and caching
Authenticated responses are often personalized Data - these must not be cached publicly. I make a strict distinction between public and private responses, set Vary headers appropriately and avoid unnecessary cookies for GET so that edge caches can take effect.
add_filter('rest_post_dispatch', function ($response, $server, $request) {
if ($request->get_method() !== 'GET') return $response;
if (is_user_logged_in()) {
// Personalisierte Antwort: kein Public Caching
$response->header('Cache-Control', 'private, no-store');
$response->header('Vary', 'Authorization, Cookie, Accept-Encoding');
} else {
$response->header('Cache-Control', 'public, max-age=60, stale-while-revalidate=120');
$response->header('Vary', 'Accept-Encoding');
}
return $response;
}, 10, 3);
Caching is often taboo for nonce-secured Ajax calls in the admin area. In the frontend, on the other hand, I keep cookies lean (no unnecessary Set-Cookie headers) so as not to disqualify edge caches. This ensures security without sacrificing performance.
Data model, indices and storage strategy
If meta queries dominate, I check the Data model. It often helps to place meta fields that are always used together in a normalized structure or a separate custom table. In existing installations, I consider indexes to speed up common search patterns.
-- Caution: test for staging first!
CREATE INDEX idx_postmeta_key ON wp_postmeta (meta_key(191));
CREATE INDEX idx_postmeta_key_value ON wp_postmeta (meta_key(191), meta_value(191));
This significantly shortens typical WHERE meta_key = ‚x‘ AND meta_value LIKE ‚y%‘. I also set specific flags in WP_Query: update_post_meta_cache activate, update_post_term_cache only if required, and fields => ‚ids‘ for large lists. Also Transients for rarely changing aggregations can noticeably relieve the DB.
Monitoring and load testing
Without Monitoring optimization is blind. I log response times, status codes, cache hit rates and query durations. For load tests, I use simple, reproducible scenarios: 1) burst phase (e.g. 50 RPS over 60 seconds) for cold start and caching behavior, 2) continuous load (e.g. 10 RPS over 10 minutes) for stability. It is critical to monitor CPU, RAM, I/O wait and DB locks - this is how I recognize whether PHP, database or network is limiting.
The error pattern is also important: 429/503 indicate rate limits or capacity limits, 5xx indicate application errors. I keep timeouts short, provide clear error messages and ensure that retries (client) use exponential backoff. This keeps the API robust, even when load peaks occur.
Typical anti-patterns and how I get around them
- Large, uncut payloads load: I use _fields consistently and remove unused fields in the prepare callback.
- Multiple requests for related data: I build Aggregation endpoints, that deliver exactly the combination you need.
- COUNT(*) and deep pagination: I set no_found_rows and switch to cursor pagination if required.
- Non-uniform cache headers: I make a strict distinction between public vs. private and regulate TTL depending on topicality.
- Cookies for GET: I avoid them to enable edge caches; if necessary, I set Vary correctly.
- Complex calculations on-the-fly: I pre-calculate (transients/redis) and invalidate precisely in the event of changes.
- Non-deterministic output: For stable ETag I ensure deterministic sorting and field order.
Step-by-step plan for 7 days
Day 1: I measure TTFB, response size and number of API calls so that I have clear Baseline-values. Day 2: I limit fields with _fields and reduce per_page until the frontend receives exactly the data it actually renders. Day 3: I remove unused endpoints, deactivate _embed, build a lean custom endpoint if necessary. Day 4: I remove N+1 queries, clean up wp_options and activate HPOS if WooCommerce is involved. Day 5: I implement ETag, Cache-Control and Brotli to make requests less frequent and faster. run through.
Day 6: I ensure HTTP/3, set Vary headers correctly and tune keep-alive settings. Day 7: I move calls after the first paint, load asynchronously via fetch and use preload specifically. I then verify the effect with new measurements in identical test windows. The report now often shows 30-70 % smaller JSONs and significantly lower TTFB values. With a clear roadmap, I keep the Performance stable in the long term.
Summary with concrete benefits
I achieve the greatest effect with three steps: smaller Payload, fewer queries, more cache hits. This is followed by transport optimizations such as HTTP/3 and Brotli as well as clever frontend loading processes. Together, these measures result in measurably better core web vitals, more stable conversions and a noticeably faster feel when scrolling. Anyone who handles a lot of API calls every day will feel the effect particularly strongly. I stick to this sequence, document every change and ensure the Results with repeated tests.
