This presentation talks about the benefits and performance improvements achieved when running WordPress in a L2MP stack. The presentation also covers the additional performance gains when adding Redis Database Caching and Security practices to use when running a Wordpress Instance.
1. S E T T I N G U P A F A S T , S C A L A B L E
A N D R O B U S T W O R D P R E S S
I N S T A L L A T I O N O N A W S
H O U S T O N W O R D P R E S S M E E T U P - J A N 8 , 2 0 2 0
by: Alex Bertens
alexbertens.com
2. A B O U T M E
• WP Developer / Maintenance / Hosting
• BS Industrial & Systems Engineering from UF
• Worked abroad for over 10 years in Machinery
Sales and Logistics
• WP Development and Maintenance was just a
side hobby
3. T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
• Security
• Costs
• Future - Proofing your Stack
• Questions
4. L 2 M P
• What is it?
• Linux - OS
• Litespeed Server - Web Server
• Maria DB - Database
• PHP 7.3 - Language Compiler
5. L 2 M P
• What is it?
• Linux - OS
• Ubuntu 18.04
6. L 2 M P
• What is it?
• Linux - OS
• Ubuntu 18.04
• Litespeed Web Server
7. L I T E S P E E D W E B
S E R V E R
W H A T I S I T ?
• Web Server that is fully compatible with Apache
commands
• Proprietary but has open-source version
available
• 4th Most popular with 5.6% usage vs 41.9%
Apache, 31% Nginx, 22% IIS
• Fastest Growing by far
8. L S W S
W H Y I S G R E A T
• Capacity
• 84X more requests/second than apache
using Wordpress and Caching
• 10X more than Nginx
9. L S W S
W H Y I S G R E A T
• Speed
• 29X Faster than Apache for Static Page
Loading
• 6X Faster than Nginx
• Built in Compression
10. L S W S
W H Y I S G R E A T
• Security
• Connection Level limits
• Request checking
• Web Application Firewall - built in protection
against XSS attacks and SQL Injection
• Static File Checking
• OWASP and 6G Rules
11. M A R I A D B V 1 0 . 3
W H A T I S I T ?
• Open-Source Database Engine
• Compatible alternative to MySql
• MySql was developed by Oracle 24+ years ago
• Much faster than mainstream versions of MySql (5.4-
5.6)
• Takes full advantage of multi-core server processors
• Highly compatible with key-value caching systems
W H Y I T ’ S G R E A T
12. P H P 7 . 3
W H A T I S I T ?
• Language compiler with ubiquitous web compatibility
• 75% of websites run on PHP
• 5X faster than legacy PHP (5.6)
• Ensures secure code structure
• Not the hardest to learn
W H Y I T ’ S G R E A T
13. T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
14. R D S
W H A T I S I T ?
• Relational Database Service
• “VPS strictly for Running a Database”
• Powered by Amazon Web Services (AWS)
• Fully Compatible with most SQL services
(MySQL, MariaDB, PerconaDB, MongoDB)
15. R D S
W H Y I T S G R E A T
• Allows you to Run PHP on your server and have
a dedicated instance to run the Database
requests
• Since instance is optimized for performance,
database queries run much faster
• Automatic Backups
• Database and Hardware maintenance are not an
issue
16. R E D I S
W H A T I S I T ?
• In-Memory, key-value database object caching
• In English, how does it work
• Turns database queries into key-value pairs and
stores them in memory for faster data retrieval
• Exponential performance improvement in
applications with large databases and high
traffic.
17. R E D I S
W H Y I T S G R E A T
• Improves Performance for Crud Operations
(Create, Read, Update, Delete)
• Immensely
22. T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
• Security
23. S E C U R I T Y
W H A T I S I T ?
• Probably one of the most important topics in
Wordpress Today
• Wordpress is the most attacked and hacked
platform in the world by far
• Most hacked people don’t even know they are
hacked - they are used for phishing, botnets,
serving malware.
24. S E C U R I T Y
L A Y E R S
• Server Level - iptables and Fail2Ban - install in
VPS first thing
• Web Server Level - LSWS Has big advantage
• Mod_security rules
• 6G bot blocking
• Wordpress support
• Recaptcha
• OWASP Rules
25. S E C U R I T Y
M O R E L A Y E R S
• Application - Level Firewall and Malware
Scanners
• Malcare
• Wordfence
• All in one WP Security
• Important to ban failed logins
• Set up 2FA
• Change /wp-login
26. S E C U R I T Y
D N S L E V E L
• CloudFlare or AWS WAF and Shield
• Lets you create security rules at DNS level
• Block all from Russia and/or China
27. S E C U R I T Y
O T H E R T I P S
• Always log into Machine from SSH
• #1 RULE, if nothing else…….
• USE
• A
• STRONG
• PASSWORD
• Use a Password Manager like OnePass,
Lastpass, Dashlane - most are free and sync on
all devices
28. T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
• Security
• Costs
29. C O S T
H O W M U C H ?
• AWS EC2 - t2 Micro - Free for first year
• RDS Free Tier - Free for first year
• CloudFlare - Free
• OpenLitespeed - Free
• After First Year:
• $12-$15 / Month
30. C O S T
W H A T C A N I T H A N D L E ?
• Traffic Spikes of 200-300 simultaneous users
• Prolonged periods with 160 users/hr
• Server usage: Around 25%
• RDS usage: 5-10%
• ~115,000 visits p/month
• Compare to managed WP hosting ~$100 and up
31. C O S T S
M A K E I T E V E N F A S T E R
• If serving a lot of media files, serve them from S3
and Cache them with Cloudfront
• Install Cloudfront on your Server to serve CSS,
JS and WOFF files even faster
32. T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
• Security
• Costs
• Future Proofing
33. F U T U R E O F
W O R D P R E S S
W H A T D O E S I T M E A N
• Headless (serverless)
• Using json to grab data from WP
• ex: Gatsby
• DB eventually all moving to key - value pair
system or soemting close
• HTTP/3 QUIC being developed with focus on
speed and security (less requests, with SSL built
in)