What Is HTTP2 and How to Enable It in WordPress
HTTP/2 is a modern transport protocol that speeds up how browsers load websites. For WordPress sites—where dozens of CSS, JavaScript, image and font requests are typical—moving from HTTP/1.1 to HTTP/2 can produce noticeable real-world performance gains. This article explains how HTTP/2 works, why it benefits WordPress, how to verify support, and practical steps to enable it on common hosting setups and CDNs.
Table of contents
Why HTTP/2 Matters for WordPress Sites
WordPress themes and plugins often generate many assets and third-party requests. The HTTP/1.1 model limits parallel transfers and suffers from round-trip latency and head-of-line blocking. HTTP/2 addresses these issues with features that reduce latency and improve resource utilization, resulting in faster page rendering and a better user experience—especially on mobile and high-latency networks.
How HTTP/2 improves performance
- Multiplexing: Multiple resources share a single TCP connection concurrently, eliminating the need for many parallel connections.
- Binary framing: More efficient parsing and fewer protocol-level errors compared with HTTP/1.1 text frames.
- Header compression (HPACK): Reduces repetitive header overhead for requests, which is useful for sites with many small requests.
- Stream prioritization: Browsers can signal which resources matter most, improving critical-render-path delivery.
- Works over TLS: Major browsers require HTTPS for HTTP/2, so enabling it also improves site security.
Common Myths and Practical Impacts
- Myth: Concatenation is always required. Reality: With HTTP/2, concatenating scripts and styles is less important because multiplexing reduces the cost of many small files.
- Myth: Server push will always help. Reality: Server push can help in specific cases but is easy to misconfigure; preload hints are often a safer alternative.
Prerequisites Before Enabling HTTP/2
- HTTPS / TLS: Modern browsers only negotiate HTTP/2 over TLS (except HTTP/2 cleartext h2c, which browsers do not use). Ensure you have a valid certificate (Let’s Encrypt or commercial CA).
- Server support: Web server or reverse proxy must support HTTP/2 (e.g., modern Nginx, Apache with mod_http2, Cloudflare, most CDNs).
- OpenSSL / ALPN support: For proper TLS negotiation you need OpenSSL with ALPN (OpenSSL >= 1.0.2 or equivalent libraries) so browsers and servers can agree on HTTP/2 during TLS handshake.
- Hosting provider compatibility: On shared or managed hosts, enabling HTTP/2 may be a control-panel toggle or require contacting support.
How to Verify HTTP/2 Support
Before and after enabling HTTP/2, verify using these methods:
- Browser DevTools Network panel: add the “Protocol” column in Chrome or Firefox to see “h2” or “http/2”.
- cURL: curl -I –http2 https://example.com or curl -sI -o /dev/null -w “%{http_version}n” https://example.com to display the negotiated protocol.
- Online tests: services such as KeyCDN’s HTTP/2 test, tools.keycdn.com/http2-test, and http2.pro.
- SSL/TLS checkers: SSL Labs shows ALPN and protocol support and helps ensure TLS is configured safely.
Step-by-Step: Enabling HTTP/2
Below are practical instructions for common server and hosting environments. Always take a backup of server configuration before changing production settings.
Nginx (recommended for performance)
Ensure you run a modern Nginx build (mainline or recent stable) compiled with HTTP/2 support and a TLS library that supports ALPN.
- In your TLS virtual host, update the listen directive:
<server> ... listen 443 ssl http2; ssl_certificate /path/to/cert.crt; ssl_certificate_key /path/to/key.key; ... </server>- Reload Nginx: sudo nginx -t && sudo systemctl reload nginx.
- Optionally enable Brotli or gzip and modern TLS ciphers and TLS 1.2/1.3 for best performance.
Apache (with mod_http2)
Apache 2.4.17+ includes mod_http2; availability may depend on packaged build. Steps:
- Enable the module: sudo a2enmod http2 (Debian/Ubuntu) or load mod_http2 in your httpd.conf for other distributions.
- Configure protocols in your SSL virtual host (or global): Protocols h2 http/1.1
- Restart Apache: sudo systemctl restart apache2 or httpd.
- Confirm ALPN-capable OpenSSL is used by Apache; if not, rebuild or update the TLS library.
cPanel, Plesk and Shared Hosting
Many control panels offer a toggle or package option for HTTP/2:
- cPanel/WHM: HTTP/2 is available via EasyApache 4; enable mod_http2 and ensure TLS is up to date.
- Plesk: There is a setting under Apache & nginx settings to enable HTTP/2 for HTTPS domains.
- If you don’t see options, check your host’s documentation or open a support ticket—most managed hosts can enable HTTP/2 for you.
CDNs and Reverse Proxies (Cloudflare, CloudFront, Fastly)
- Cloudflare: HTTP/2 is enabled by default for proxied domains. Check the Cloudflare dashboard under Network settings.
- AWS CloudFront: Enable HTTP/2 support in distribution settings—CloudFront will negotiate HTTP/2 with viewers automatically.
- Other CDNs: Most major CDNs support HTTP/2; turn it on in the CDN control panel if it isn’t enabled by default.
WordPress-Specific Considerations and Best Practices
- Keep HTTPS healthy: Use strong TLS configs, enable OCSP stapling, and prefer TLS 1.3 where supported.
- Re-evaluate asset bundling: Because multiplexing reduces the cost of multiple assets, aggressive concatenation and HTTP/2-specific bundling strategies can be relaxed—test to see what works for your theme/plugins.
- Use preload and resource hints: Use
<link rel="preload" href="…">orrel="preconnect"to prioritize critical fonts, scripts, or APIs instead of relying on server push unless you can precisely control pushes. - Plugins: Many caching and performance plugins are HTTP/2-aware. Choose plugins that respect HTTP/2 behaviors (e.g., avoid concatenation that breaks modularity unless needed).
- Disable SPDY: SPDY is deprecated; HTTP/2 supersedes it. Focus on HTTP/2 and HTTP/3 adoption.
Server Push — Use with Caution
Server push lets the server send resources proactively, but incorrect pushes waste bandwidth and can hurt caching. Prefer explicit preload headers or link headers in WordPress for predictable outcomes. If you use server push, test cache behavior and measure impact on key performance metrics before rolling out widely.
Quick Diagnostic Commands and Examples
- Check protocol with curl:
curl -I --http2 https://yourdomain.comorcurl -sI -o /dev/null -w "%{http_version}n" https://yourdomain.com - Chrome DevTools: open Network tab → right-click columns → enable “Protocol” → reload and inspect the column for “h2”.
- Online HTTP/2 checks: use KeyCDN HTTP/2 test or http2.pro.
Monitoring and Measuring Impact
After enabling HTTP/2, measure the impact using Core Web Vitals, Lighthouse, Real User Monitoring (RUM), and server logs. Look at metrics such as First Contentful Paint (FCP), Largest Contentful Paint (LCP), Time to First Byte (TTFB), and overall page load time. Real users and synthetic tests will reveal if changes like removing concatenation or enabling preload improved performance.
When You Might Not See Immediate Gains
Some WordPress sites may show limited improvement if they already optimized bottlenecks (heavy server processing, slow database queries, unoptimized images). HTTP/2 reduces transport overhead but does not replace good asset optimization, caching, image compression, and server-side performance tuning.
Conclusion
Enabling HTTP/2 on a WordPress site is a recommended step for most modern websites: it reduces latency, improves concurrency, and complements other optimizations like HTTPS, compression and caching. Start by ensuring TLS and server support, enable HTTP/2 on your server or CDN, and verify with browser tools and curl. Finally, adjust WordPress optimization tactics to take advantage of multiplexing and prioritize critical resources with preload rather than relying on older concatenation patterns.
Next steps: test your site with curl and browser DevTools, enable HTTP/2 on your hosting or CDN, then run Lighthouse and RUM to measure improvements and fine-tune your asset strategy.
