This actually has nothing to do with the hosting. Your WordPress installation is very, very poorly optimized.
The CSS/JS is not minified at all. The images you're using on the site are not optimized. You're not deferring the parsing of the JS. You're making a lot of HTTP requests. You're not using expiry headers. The list is pretty long, to be honest.
Bottom line here is that you either need to sit down, research WordPress optimization, and implement those changes or you need to hire a dev to sort this out and get your speed up. I would recommend using a CDN for a slight increase in speed but that will not help if the optimization is not done as well.
Here are a few other tips that might help speed things up a bit:
Add a CAPTCHA: CAPTCHAs help protect your site from spamming by bots and other malicious actors. They force people to identify themselves as humans by performing simple tests. Protecting yourself is as simple as installing the Google Captcha (reCAPTCHA) plugin and doing the setup. This will mitigate a lot of security concerns and keep random bots from infiltrating your website.
Use your own cronjob: The wp-cron.php file that installs with every WordPress installation can sometimes be problematic. Far too often it runs unnecessarily and causes resource issues that can slow your site down considerably, especially on sites that receive a lot of traffic. For a site that doesn’t receive a lot of traffic, it can be a significant amount of time before a visitor loads a page and trigger the cron task. This can cause missed schedules for publishing posts and other unintended effects.
To resolve these issues, you can disable the default wp-cron.php and configure a real cron job. To do this, take the following steps:
After disabling the default cron job, you are ready to set up a real cron job that runs at fixed intervals regardless of the site traffic.
cd /home/username/public_html; /usr/local/bin/php -q wp-cron.php
Disable the Heartbeat: The “heartbeat” feature enables WordPress to monitor user actions and sends periodic updates to the web server. The heartbeat is used to save drafts automatically, lock post edits, log out administrators after an idle period, and more.
However, in some scenarios, the heartbeat may send an excessive amount of requests to the server. When this occurs, site performance can suffer. For example, CPU loads may increase, or you may receive “The Connection Has Been Reset” messages in your browser.
By default, WordPress does not provide a way to disable or change the heartbeat settings. However, you can install the Heartbeat Control plugin to do this. If you’re the only one that works on your site, disable everything. If you have multiple authors, disable it on the frontend only.
Disable XML-RPC: XML-RPC is a remote procedure call which uses XML to encode its calls and HTTP as a transport mechanism. In human language, this means that you can post to your blog directly from email or any number of other services that are NOT your WordPress dashboard. If you want to access and publish to your blog remotely, then you need XML-RPC enabled.
In order to turn this off, you have a couple of options:
All you have to do is paste the following code in a site-specific plugin:
While the above solution is sufficient for many, it can still be resource intensive for sites that are getting attacked.
In those cases, you may want to disable all xmlrpc.php requests from the .htaccess file before the request is even passed onto WordPress.
Simply paste the following code in your .htaccess file:
Once your issue is resolved,
please be sure to come back and click accept for the solution