Learn how Cloud Posse recently architected and implemented Wordpress for massive scale on Amazon EC2. We'll show you exactly the tools that we used and our recipe to both secure and power Wordpress setups on AWS using Elastic Beanstalk, EFS, CodePipeline, Memcached, Aurora and Varnish.
1. Rock Solid WordPress
Architecting WordPress for Massive Scale
Presented by
Erik Osterman
Cloud Posse <hello@cloudposse.com>
https://cloudposse.com/
2. Our Secret Sauce
How We Made WordPress FAST
And Scale to Support Thousands of Concurrent Users
20 Hot Slides < 25 minutes
Q&A Afterwards
3. About Me
Former Director of Cloud Architecture, CBS Interactive in San Francisco
Ran Operations for TV.com, Metacritic.com, and Clicker.com
Worked with AWS EC2 since 2006 / Private Invite-only Beta
Advise numerous successful venture backed startups
Backend Software Developer, Open Source Advocate / Contributor
Trivia: Traveled for ~2 years and lived out of carry on; visited 30+ countries
6. A lot.
MySQL Database Crashes, Maxed out Database Connections, Slow Queries
Cause Cascading Failures, Eventual Disk Failure, Failed Wordpress Updates,
Cowboy Coding, Too Many Concurrent Requests, CPU & Memory Constraints,
No Swap, Site Hacked, Old or Incomplete Backups, Denial of Service Attack,
Expired SSL Certificate, Expired Domain, Rogue Developer, Compromised SSH
Keys, No Monitoring, No Alerts, ISP Network Failure, Software Glitches,
Physical Hardware Failure, Bad OS Upgrades, fat fingers,
Human Errors, and last but not least….
Murphy's Law
7. Why?
Only 1 server means...
All of our eggs are in one basket.
One MASSIVE Single Point of Failure (“SPOF”)
Failure of any component means downtime
8. What We Want
Reliable - 99.995% uptime (less than 30 minutes/year of downtime)
Fast - blazingly fast page load speeds that are lightening fast
Affordable - it must be cost effective to maintain in the long run
Easy - self-service operation without rocket scientists; auto-heal if things break
Reproducible - identical environments for staging & production
Stable - We a site that scales horizontally as traffic increases
Upgradable - zero-downtime deployments with rollback support
Secure - harned attack surface so we don't want to get hacked
Customizable - run ANY plugin or theme you want
9. Our Strategy
Decompose all components into individual tiers
(application, load balancer, database, cache, filesystem)
Scale Tiers Independently
Store Code in GitHub, Continuously Deploy to Staging
Use Rolling Updates to Deploy All Changes
Leverage “Fully Managed” Services for Lower Maintenance Costs
Write Infrastructure as Code to avoid out-of-date documentation
10. Development “Best Practices”
Follow 12-Factor Pattern with WordPress http://12factor.net
Develop Locally (e.g. Upgrade WordPress Core/Plugins, Enable Theme)
Use Standard Git Workflow as a Development Process
feature branch → modify → commit → push → PR → merge → ci/cd
Test in Staging that it is functional and passes acceptance tests
Release to Production after it passes all tests
17. Our Prescription
RDS Aurora - highly available, scalable MySQL cluster
EFS - network filesystem to store wordpress assets
Elastic Beanstalk - “Platform as a Service” to run WordPress
ElastiCache - Memcached cluster for caching and user sessions
CodePipeline - use CI/CD to automatically deploy code to staging from GitHub
ALB - layer 7 application load balancer with WAF
Route53 - global DNS service
CloudFront - CDN for all static assets
VPC - 100% Isolation between environments
Terraform - to compose infrastructure
18. “Cloud Native” WordPress
Use environment variables for all settings in wp-config.php
Automate wp-cli to activate/deactivate features on deployment
(leader_only: true)
Avoid plugins that write files to disk
Stash wp-content/uploads on Network Filesystem (or Object Storage/S3)
(not in git)
Use relative-rewrites in .htaccess
19. Optimizing WordPress for Speed
Varnish + stale-while-revalidate
https://info.varnish-software.com/blog/configure-saint-mode-grace-varnish-4.1
LudicrusDB + RDS Read Replicas
https://github.com/stuttter/ludicrousdb
Batcache + Memcached
https://wordpress.org/plugins/batcache/
Apache Mod Pagespeed
PHP7 (replaces need for APC / eAccelerator)
20. Eliminate 99% Of Security Problems
Disable PHP Execution in wp-content/uploads/
Drop Requests without Referer [sic] or User-Agent headers
Use read-only filesystem for wordpress (except for uploads)
Weekly upgrades of wordpress core & plugin
Try to disable_functions or use suhosin pecl
Use MFA Everywhere (AWS, SSH, & WordPress) https://duo.com/
Layer 7 Web Application Firewall (e.g. Apache Mod Security)
21. Key Takeaways
It costs more to run a Highly Available, Scalable infrastructure
Small sites with simple requirements should consider SaaS (e.g. wp-engine)
It’s easy to operate and manage, but challenging to implement
Use Github Workflow to Develop and Release Changes
Follow Software Development “Best Practices”
22. Most of our code is on GitHub: http://github.com/cloudposse/
Need help setting it up?
Cloud Posse can help!
Erik Osterman
hello@cloudposse.com