SlideShare a Scribd company logo

Rock Solid WordPress

Download as PPTX, PDF
Erik Osterman
Erik Osterman

Learn how Cloud Posse recently architected and implemented Wordpress for massive scale on Amazon EC2. We'll show you exactly the tools that we used and our recipe to both secure and power Wordpress setups on AWS using Elastic Beanstalk, EFS, CodePipeline, Memcached, Aurora and Varnish.

Engineering
1 of 22
Rock Solid WordPress Architecting WordPress for Massive Scale Presented by Erik Osterman Cloud Posse <hello@cloudposse.com> https://cloudposse.com/
Our Secret Sauce How We Made WordPress FAST And Scale to Support Thousands of Concurrent Users 20 Hot Slides < 25 minutes Q&A Afterwards
About Me Former Director of Cloud Architecture, CBS Interactive in San Francisco Ran Operations for TV.com, Metacritic.com, and Clicker.com Worked with AWS EC2 since 2006 / Private Invite-only Beta Advise numerous successful venture backed startups Backend Software Developer, Open Source Advocate / Contributor Trivia: Traveled for ~2 years and lived out of carry on; visited 30+ countries
Typical WordPress Stack (Single Server Running Apache, PHP, MySQL)
Typical WordPress Stack Single Server running Apache, PHP-FPM, MySQL Life was easy. What could possiblygo wrong?
A lot. MySQL Database Crashes, Maxed out Database Connections, Slow Queries Cause Cascading Failures, Eventual Disk Failure, Failed Wordpress Updates, Cowboy Coding, Too Many Concurrent Requests, CPU & Memory Constraints, No Swap, Site Hacked, Old or Incomplete Backups, Denial of Service Attack, Expired SSL Certificate, Expired Domain, Rogue Developer, Compromised SSH Keys, No Monitoring, No Alerts, ISP Network Failure, Software Glitches, Physical Hardware Failure, Bad OS Upgrades, fat fingers, Human Errors, and last but not least…. Murphy's Law
Why? Only 1 server means... All of our eggs are in one basket. One MASSIVE Single Point of Failure (“SPOF”) Failure of any component means downtime
What We Want Reliable - 99.995% uptime (less than 30 minutes/year of downtime) Fast - blazingly fast page load speeds that are lightening fast Affordable - it must be cost effective to maintain in the long run Easy - self-service operation without rocket scientists; auto-heal if things break Reproducible - identical environments for staging & production Stable - We a site that scales horizontally as traffic increases Upgradable - zero-downtime deployments with rollback support Secure - harned attack surface so we don't want to get hacked Customizable - run ANY plugin or theme you want
Our Strategy Decompose all components into individual tiers (application, load balancer, database, cache, filesystem) Scale Tiers Independently Store Code in GitHub, Continuously Deploy to Staging Use Rolling Updates to Deploy All Changes Leverage “Fully Managed” Services for Lower Maintenance Costs Write Infrastructure as Code to avoid out-of-date documentation
Development “Best Practices” Follow 12-Factor Pattern with WordPress http://12factor.net Develop Locally (e.g. Upgrade WordPress Core/Plugins, Enable Theme) Use Standard Git Workflow as a Development Process feature branch → modify → commit → push → PR → merge → ci/cd Test in Staging that it is functional and passes acceptance tests Release to Production after it passes all tests
What it looks like...
Elastic Beanstalk Dashboard Insights Recent Events Identical Environments Auto Healing
Elastic Beanstalk CI/CD Pipeline Automatic Rollbacks Change Log
Elastic Beanstalk Automatic OS Updates
Elastic Beanstalk Monitoring & Alerting
Cost Explorer Cost Forecasts Cost Transparency
Our Prescription RDS Aurora - highly available, scalable MySQL cluster EFS - network filesystem to store wordpress assets Elastic Beanstalk - “Platform as a Service” to run WordPress ElastiCache - Memcached cluster for caching and user sessions CodePipeline - use CI/CD to automatically deploy code to staging from GitHub ALB - layer 7 application load balancer with WAF Route53 - global DNS service CloudFront - CDN for all static assets VPC - 100% Isolation between environments Terraform - to compose infrastructure
“Cloud Native” WordPress Use environment variables for all settings in wp-config.php Automate wp-cli to activate/deactivate features on deployment (leader_only: true) Avoid plugins that write files to disk Stash wp-content/uploads on Network Filesystem (or Object Storage/S3) (not in git) Use relative-rewrites in .htaccess
Optimizing WordPress for Speed Varnish + stale-while-revalidate https://info.varnish-software.com/blog/configure-saint-mode-grace-varnish-4.1 LudicrusDB + RDS Read Replicas https://github.com/stuttter/ludicrousdb Batcache + Memcached https://wordpress.org/plugins/batcache/ Apache Mod Pagespeed PHP7 (replaces need for APC / eAccelerator)
Eliminate 99% Of Security Problems Disable PHP Execution in wp-content/uploads/ Drop Requests without Referer [sic] or User-Agent headers Use read-only filesystem for wordpress (except for uploads) Weekly upgrades of wordpress core & plugin Try to disable_functions or use suhosin pecl Use MFA Everywhere (AWS, SSH, & WordPress) https://duo.com/ Layer 7 Web Application Firewall (e.g. Apache Mod Security)
Key Takeaways It costs more to run a Highly Available, Scalable infrastructure Small sites with simple requirements should consider SaaS (e.g. wp-engine) It’s easy to operate and manage, but challenging to implement Use Github Workflow to Develop and Release Changes Follow Software Development “Best Practices”
Most of our code is on GitHub: http://github.com/cloudposse/ Need help setting it up? Cloud Posse can help! Erik Osterman hello@cloudposse.com

Recommended

Managing Secrets in Production
Managing Secrets in ProductionManaging Secrets in Production
Managing Secrets in Production
Erik Osterman
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/Ops
Erik Osterman
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
Steffen Mazanek
 
MySQL administration in Amazon RDS
MySQL administration in Amazon RDSMySQL administration in Amazon RDS
MySQL administration in Amazon RDS
Pythian
 
Aws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessAws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account access
Naoya Hashimoto
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
 
How to scale to 100k users using Windows Azure
How to scale to 100k users using Windows AzureHow to scale to 100k users using Windows Azure
How to scale to 100k users using Windows Azure
Ionut Antiu
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
Marakana Inc.
 

Recommended

Managing Secrets in Production
Managing Secrets in ProductionManaging Secrets in Production
Managing Secrets in Production
Erik Osterman
 
The "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/OpsThe "Holy Grail" of Dev/Ops
The "Holy Grail" of Dev/Ops
Erik Osterman
 
How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...How to implement data encryption at rest in compliance with enterprise requir...
How to implement data encryption at rest in compliance with enterprise requir...
Steffen Mazanek
 
MySQL administration in Amazon RDS
MySQL administration in Amazon RDSMySQL administration in Amazon RDS
MySQL administration in Amazon RDS
Pythian
 
Aws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account accessAws ebs snapshot with iam cross account access
Aws ebs snapshot with iam cross account access
Naoya Hashimoto
 
Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013Cloud Security At Netflix, October 2013
Cloud Security At Netflix, October 2013
Jay Zarfoss
 
How to scale to 100k users using Windows Azure
How to scale to 100k users using Windows AzureHow to scale to 100k users using Windows Azure
How to scale to 100k users using Windows Azure
Ionut Antiu
 
JClouds at San Francisco Java User Group
JClouds at San Francisco Java User GroupJClouds at San Francisco Java User Group
JClouds at San Francisco Java User Group
Marakana Inc.
 
Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 
Ansible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration ManagementAnsible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration Management
ShapeBlue
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
Amazon Web Services
 
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 PlatformRapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
Amazon Web Services
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Outlyer
 
Experts live2016 - Karim Vaes - end-to-end automation
Experts live2016 - Karim Vaes - end-to-end automationExperts live2016 - Karim Vaes - end-to-end automation
Experts live2016 - Karim Vaes - end-to-end automation
Karim Vaes
 
CloudStack EC2 Configuration
CloudStack EC2 ConfigurationCloudStack EC2 Configuration
CloudStack EC2 Configuration
Sebastien Goasguen
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDS
Can Abacıgil
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
Alexander Feschenko
 
Installing WordPress on AWS
Installing WordPress on AWSInstalling WordPress on AWS
Installing WordPress on AWS
Manish Jain
 
Advanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftAdvanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv Loft
Ian Massingham
 
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
Adeline Wong
 
Horton works hdp 2.5 sandpit on microsoft azure v0 5
Horton works hdp 2.5 sandpit on microsoft azure v0 5Horton works hdp 2.5 sandpit on microsoft azure v0 5
Horton works hdp 2.5 sandpit on microsoft azure v0 5
Jeff Moss
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化
Masaru Ogura
 
Using amazon web services with cold fusion 11
Using amazon web services with cold fusion 11Using amazon web services with cold fusion 11
Using amazon web services with cold fusion 11
ColdFusionConference
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormation
Anton Babenko
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront
Amazon Web Services
 
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on AzureGlobal Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Karim Vaes
 
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
Amazon Web Services
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
Amazon Web Services
 
Advantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingAdvantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed Hosting
Lisa Clarke
 
WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019
Anam Ahmed
 

More Related Content

What's hot

Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
Girish Kalamati
 

What's hot (20)

Azure from scratch part 4
Azure from scratch part 4Azure from scratch part 4
Azure from scratch part 4
 
Ansible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration ManagementAnsible & CloudStack - Configuration Management
Ansible & CloudStack - Configuration Management
 
Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)Deep Dive: AWS CloudHSM (Classic)
Deep Dive: AWS CloudHSM (Classic)
 
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 PlatformRapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
Rapid Prototyping with AWS IoT and Mongoose OS on ESP32 Platform
 
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault
 
Experts live2016 - Karim Vaes - end-to-end automation
Experts live2016 - Karim Vaes - end-to-end automationExperts live2016 - Karim Vaes - end-to-end automation
Experts live2016 - Karim Vaes - end-to-end automation
 
CloudStack EC2 Configuration
CloudStack EC2 ConfigurationCloudStack EC2 Configuration
CloudStack EC2 Configuration
 
Cloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDSCloudformation & VPC, EC2, RDS
Cloudformation & VPC, EC2, RDS
 
Automating Azure VMs with PowerShell
Automating Azure VMs with PowerShellAutomating Azure VMs with PowerShell
Automating Azure VMs with PowerShell
 
Installing WordPress on AWS
Installing WordPress on AWSInstalling WordPress on AWS
Installing WordPress on AWS
 
Advanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv LoftAdvanced Security Masterclass - Tel Aviv Loft
Advanced Security Masterclass - Tel Aviv Loft
 
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
How to backup Oracle Database to Dropbox, Windows Azure, Amazon S3, and local...
 
Horton works hdp 2.5 sandpit on microsoft azure v0 5
Horton works hdp 2.5 sandpit on microsoft azure v0 5Horton works hdp 2.5 sandpit on microsoft azure v0 5
Horton works hdp 2.5 sandpit on microsoft azure v0 5
 
20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化20211120 Automating EC2 operations / EC2運用の自動化
20211120 Automating EC2 operations / EC2運用の自動化
 
Using amazon web services with cold fusion 11
Using amazon web services with cold fusion 11Using amazon web services with cold fusion 11
Using amazon web services with cold fusion 11
 
Managing AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormationManaging AWS infrastructure using CloudFormation
Managing AWS infrastructure using CloudFormation
 
(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront(STG205) Secure Content Delivery Using Amazon CloudFront
(STG205) Secure Content Delivery Using Amazon CloudFront
 
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on AzureGlobal Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
Global Azure Bootcamp 2017 - Why I love S2D for MSSQL on Azure
 
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
(WEB307) Scalable Site Management Using AWS OpsWorks | AWS re:Invent 2014
 
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
(SEC404) Incident Response in the Cloud | AWS re:Invent 2014
 

Similar to Rock Solid WordPress

DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
Amazon Web Services
 
wordpress-performance-presentation
wordpress-performance-presentationwordpress-performance-presentation
wordpress-performance-presentation
Arun Janarthanan
 
Cloud Foundry: Hands-on Deployment Workshop
Cloud Foundry: Hands-on Deployment WorkshopCloud Foundry: Hands-on Deployment Workshop
Cloud Foundry: Hands-on Deployment Workshop
Manuel Garcia
 
DOs and DONTs on the way to 10M users
DOs and DONTs on the way to 10M usersDOs and DONTs on the way to 10M users
DOs and DONTs on the way to 10M users
Yoav Avrahami
 
Саша Белецкий "Continuous Delivery в продуктовой разработке"
Саша Белецкий "Continuous Delivery в продуктовой разработке"Саша Белецкий "Continuous Delivery в продуктовой разработке"
Саша Белецкий "Continuous Delivery в продуктовой разработке"
Agile Base Camp
 
CTU June 2011 - Things that Every ASP.NET Developer Should Know
CTU June 2011 - Things that Every ASP.NET Developer Should KnowCTU June 2011 - Things that Every ASP.NET Developer Should Know
CTU June 2011 - Things that Every ASP.NET Developer Should Know
Spiffy
 

Similar to Rock Solid WordPress (20)

Advantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed HostingAdvantages of cPanel-based LiteSpeed Hosting
Advantages of cPanel-based LiteSpeed Hosting
 
WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019WordPress At Scale. WordCamp Dhaka 2019
WordPress At Scale. WordCamp Dhaka 2019
 
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
DevOps, Continuous Integration and Deployment on AWS: Putting Money Back into...
 
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
Devops continuousintegration and deployment onaws puttingmoneybackintoyourmis...
 
wordpress-performance-presentation
wordpress-performance-presentationwordpress-performance-presentation
wordpress-performance-presentation
 
Exam Overview 70-533 Implementing Azure Infrastructure Solutions
Exam Overview 70-533 Implementing Azure Infrastructure SolutionsExam Overview 70-533 Implementing Azure Infrastructure Solutions
Exam Overview 70-533 Implementing Azure Infrastructure Solutions
 
Caching 101
Caching 101Caching 101
Caching 101
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for Government
 
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
Make WordPress Fly With Virtual Server Hosting - WordCamp Sydney 2014
 
Private Cloud Academy: Backup and DPM 2010
Private Cloud Academy: Backup and DPM 2010Private Cloud Academy: Backup and DPM 2010
Private Cloud Academy: Backup and DPM 2010
 
Cloud Foundry: Hands-on Deployment Workshop
Cloud Foundry: Hands-on Deployment WorkshopCloud Foundry: Hands-on Deployment Workshop
Cloud Foundry: Hands-on Deployment Workshop
 
OSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration SummitOSv presentation from Linux Foundation Collaboration Summit
OSv presentation from Linux Foundation Collaboration Summit
 
DOs and DONTs on the way to 10M users
DOs and DONTs on the way to 10M usersDOs and DONTs on the way to 10M users
DOs and DONTs on the way to 10M users
 
Joomla! Performance on Steroids
Joomla! Performance on SteroidsJoomla! Performance on Steroids
Joomla! Performance on Steroids
 
Building a website without a webserver on Azure
Building a website without a webserver on AzureBuilding a website without a webserver on Azure
Building a website without a webserver on Azure
 
Саша Белецкий "Continuous Delivery в продуктовой разработке"
Саша Белецкий "Continuous Delivery в продуктовой разработке"Саша Белецкий "Continuous Delivery в продуктовой разработке"
Саша Белецкий "Continuous Delivery в продуктовой разработке"
 
CTU June 2011 - Things that Every ASP.NET Developer Should Know
CTU June 2011 - Things that Every ASP.NET Developer Should KnowCTU June 2011 - Things that Every ASP.NET Developer Should Know
CTU June 2011 - Things that Every ASP.NET Developer Should Know
 
Move to azure
Move to azureMove to azure
Move to azure
 
5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto 5 Simple Steps to Migrate to AWS – Zerto
5 Simple Steps to Migrate to AWS – Zerto
 
AWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for GovernmentAWS Webcast - Build Agile Applications in AWS Cloud for Government
AWS Webcast - Build Agile Applications in AWS Cloud for Government
 

More from Erik Osterman

Unlimited Staging Environments on Kubernetes
Unlimited Staging Environments on KubernetesUnlimited Staging Environments on Kubernetes
Unlimited Staging Environments on Kubernetes
Erik Osterman
 
Docker Demystified - Virtual VMs without the Fat
Docker Demystified - Virtual VMs without the FatDocker Demystified - Virtual VMs without the Fat
Docker Demystified - Virtual VMs without the Fat
Erik Osterman
 
Speeding up Page Load Times by Using the Starling Queue Server
Speeding up Page Load Times by Using the Starling Queue ServerSpeeding up Page Load Times by Using the Starling Queue Server
Speeding up Page Load Times by Using the Starling Queue Server
Erik Osterman
 
Speeding up Page Load Times by Using Starling
Speeding up Page Load Times by Using StarlingSpeeding up Page Load Times by Using Starling
Speeding up Page Load Times by Using Starling
Erik Osterman
 
RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?
Erik Osterman
 

More from Erik Osterman (7)

Unlimited Staging Environments on Kubernetes
Unlimited Staging Environments on KubernetesUnlimited Staging Environments on Kubernetes
Unlimited Staging Environments on Kubernetes
 
Docker Demystified for SB JUG
Docker Demystified for SB JUGDocker Demystified for SB JUG
Docker Demystified for SB JUG
 
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS An Ensemble Core with Docker - Solving a Real Pain in the PaaS
An Ensemble Core with Docker - Solving a Real Pain in the PaaS
 
Docker Demystified - Virtual VMs without the Fat
Docker Demystified - Virtual VMs without the FatDocker Demystified - Virtual VMs without the Fat
Docker Demystified - Virtual VMs without the Fat
 
Speeding up Page Load Times by Using the Starling Queue Server
Speeding up Page Load Times by Using the Starling Queue ServerSpeeding up Page Load Times by Using the Starling Queue Server
Speeding up Page Load Times by Using the Starling Queue Server
 
Speeding up Page Load Times by Using Starling
Speeding up Page Load Times by Using StarlingSpeeding up Page Load Times by Using Starling
Speeding up Page Load Times by Using Starling
 
RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?RightScale User Conference: Why RightScale?
RightScale User Conference: Why RightScale?
 

Recently uploaded

Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Arindam Chakraborty, Ph.D., P.E. (CA, TX)
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
Kamal Acharya
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Kandungan 087776558899
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
MsecMca
 

Recently uploaded (20)

Generative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPTGenerative AI or GenAI technology based PPT
Generative AI or GenAI technology based PPT
 
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
 
Computer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to ComputersComputer Lecture 01.pptxIntroduction to Computers
Computer Lecture 01.pptxIntroduction to Computers
 
Online food ordering system project report.pdf
Online food ordering system project report.pdfOnline food ordering system project report.pdf
Online food ordering system project report.pdf
 
Air Compressor reciprocating single stage
Air Compressor reciprocating single stageAir Compressor reciprocating single stage
Air Compressor reciprocating single stage
 
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced LoadsFEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
FEA Based Level 3 Assessment of Deformed Tanks with Fluid Induced Loads
 
Unleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leapUnleashing the Power of the SORA AI lastest leap
Unleashing the Power of the SORA AI lastest leap
 
Thermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.pptThermal Engineering -unit - III & IV.ppt
Thermal Engineering -unit - III & IV.ppt
 
Computer Networks Basics of Network Devices
Computer Networks Basics of Network DevicesComputer Networks Basics of Network Devices
Computer Networks Basics of Network Devices
 
Work-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptxWork-Permit-Receiver-in-Saudi-Aramco.pptx
Work-Permit-Receiver-in-Saudi-Aramco.pptx
 
Double Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torqueDouble Revolving field theory-how the rotor develops torque
Double Revolving field theory-how the rotor develops torque
 
kiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal loadkiln thermal load.pptx kiln tgermal load
kiln thermal load.pptx kiln tgermal load
 
Thermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - VThermal Engineering-R & A / C - unit - V
Thermal Engineering-R & A / C - unit - V
 
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak HamilCara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
Cara Menggugurkan Sperma Yang Masuk Rahim Biyar Tidak Hamil
 
notes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.pptnotes on Evolution Of Analytic Scalability.ppt
notes on Evolution Of Analytic Scalability.ppt
 
Engineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planesEngineering Drawing focus on projection of planes
Engineering Drawing focus on projection of planes
 
Employee leave management system project.
Employee leave management system project.Employee leave management system project.
Employee leave management system project.
 
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptxA CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
A CASE STUDY ON CERAMIC INDUSTRY OF BANGLADESH.pptx
 
Thermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . pptThermal Engineering Unit - I & II . ppt
Thermal Engineering Unit - I & II . ppt
 
2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects2016EF22_0 solar project report rooftop projects
2016EF22_0 solar project report rooftop projects
 

Rock Solid WordPress

  • 1. Rock Solid WordPress Architecting WordPress for Massive Scale Presented by Erik Osterman Cloud Posse <hello@cloudposse.com> https://cloudposse.com/
  • 2. Our Secret Sauce How We Made WordPress FAST And Scale to Support Thousands of Concurrent Users 20 Hot Slides < 25 minutes Q&A Afterwards
  • 3. About Me Former Director of Cloud Architecture, CBS Interactive in San Francisco Ran Operations for TV.com, Metacritic.com, and Clicker.com Worked with AWS EC2 since 2006 / Private Invite-only Beta Advise numerous successful venture backed startups Backend Software Developer, Open Source Advocate / Contributor Trivia: Traveled for ~2 years and lived out of carry on; visited 30+ countries
  • 4. Typical WordPress Stack (Single Server Running Apache, PHP, MySQL)
  • 5. Typical WordPress Stack Single Server running Apache, PHP-FPM, MySQL Life was easy. What could possiblygo wrong?
  • 6. A lot. MySQL Database Crashes, Maxed out Database Connections, Slow Queries Cause Cascading Failures, Eventual Disk Failure, Failed Wordpress Updates, Cowboy Coding, Too Many Concurrent Requests, CPU & Memory Constraints, No Swap, Site Hacked, Old or Incomplete Backups, Denial of Service Attack, Expired SSL Certificate, Expired Domain, Rogue Developer, Compromised SSH Keys, No Monitoring, No Alerts, ISP Network Failure, Software Glitches, Physical Hardware Failure, Bad OS Upgrades, fat fingers, Human Errors, and last but not least…. Murphy's Law
  • 7. Why? Only 1 server means... All of our eggs are in one basket. One MASSIVE Single Point of Failure (“SPOF”) Failure of any component means downtime
  • 8. What We Want Reliable - 99.995% uptime (less than 30 minutes/year of downtime) Fast - blazingly fast page load speeds that are lightening fast Affordable - it must be cost effective to maintain in the long run Easy - self-service operation without rocket scientists; auto-heal if things break Reproducible - identical environments for staging & production Stable - We a site that scales horizontally as traffic increases Upgradable - zero-downtime deployments with rollback support Secure - harned attack surface so we don't want to get hacked Customizable - run ANY plugin or theme you want
  • 9. Our Strategy Decompose all components into individual tiers (application, load balancer, database, cache, filesystem) Scale Tiers Independently Store Code in GitHub, Continuously Deploy to Staging Use Rolling Updates to Deploy All Changes Leverage “Fully Managed” Services for Lower Maintenance Costs Write Infrastructure as Code to avoid out-of-date documentation
  • 10. Development “Best Practices” Follow 12-Factor Pattern with WordPress http://12factor.net Develop Locally (e.g. Upgrade WordPress Core/Plugins, Enable Theme) Use Standard Git Workflow as a Development Process feature branch → modify → commit → push → PR → merge → ci/cd Test in Staging that it is functional and passes acceptance tests Release to Production after it passes all tests
  • 11. What it looks like...
  • 17. Our Prescription RDS Aurora - highly available, scalable MySQL cluster EFS - network filesystem to store wordpress assets Elastic Beanstalk - “Platform as a Service” to run WordPress ElastiCache - Memcached cluster for caching and user sessions CodePipeline - use CI/CD to automatically deploy code to staging from GitHub ALB - layer 7 application load balancer with WAF Route53 - global DNS service CloudFront - CDN for all static assets VPC - 100% Isolation between environments Terraform - to compose infrastructure
  • 18. “Cloud Native” WordPress Use environment variables for all settings in wp-config.php Automate wp-cli to activate/deactivate features on deployment (leader_only: true) Avoid plugins that write files to disk Stash wp-content/uploads on Network Filesystem (or Object Storage/S3) (not in git) Use relative-rewrites in .htaccess
  • 19. Optimizing WordPress for Speed Varnish + stale-while-revalidate https://info.varnish-software.com/blog/configure-saint-mode-grace-varnish-4.1 LudicrusDB + RDS Read Replicas https://github.com/stuttter/ludicrousdb Batcache + Memcached https://wordpress.org/plugins/batcache/ Apache Mod Pagespeed PHP7 (replaces need for APC / eAccelerator)
  • 20. Eliminate 99% Of Security Problems Disable PHP Execution in wp-content/uploads/ Drop Requests without Referer [sic] or User-Agent headers Use read-only filesystem for wordpress (except for uploads) Weekly upgrades of wordpress core & plugin Try to disable_functions or use suhosin pecl Use MFA Everywhere (AWS, SSH, & WordPress) https://duo.com/ Layer 7 Web Application Firewall (e.g. Apache Mod Security)
  • 21. Key Takeaways It costs more to run a Highly Available, Scalable infrastructure Small sites with simple requirements should consider SaaS (e.g. wp-engine) It’s easy to operate and manage, but challenging to implement Use Github Workflow to Develop and Release Changes Follow Software Development “Best Practices”
  • 22. Most of our code is on GitHub: http://github.com/cloudposse/ Need help setting it up? Cloud Posse can help! Erik Osterman hello@cloudposse.com