Robust WordPress Installation using L2MP Stack

S E T T I N G U P A F A S T , S C A L A B L E
A N D R O B U S T W O R D P R E S S
I N S T A L L A T I O N O N A W S
H O U S T O N W O R D P R E S S M E E T U P - J A N 8 , 2 0 2 0
by: Alex Bertens
alexbertens.com

A B O U T M E
• WP Developer / Maintenance / Hosting
• BS Industrial & Systems Engineering from UF
• Worked abroad for over 10 years in Machinery
Sales and Logistics
• WP Development and Maintenance was just a
side hobby

T O P I C S W E W I L L C O V E R
Making a Super Fast / Robust / Secure Wordpress Stack
• L2MP Stack
• RDS and Redis
• Security
• Costs
• Future - Proofing your Stack
• Questions

L 2 M P
• What is it?
• Linux - OS
• Litespeed Server - Web Server
• Maria DB - Database
• PHP 7.3 - Language Compiler

L 2 M P
• What is it?
• Linux - OS
• Ubuntu 18.04

L 2 M P
• What is it?
• Linux - OS
• Ubuntu 18.04
• Litespeed Web Server

L I T E S P E E D W E B
S E R V E R
W H A T I S I T ?
• Web Server that is fully compatible with Apache
commands
• Proprietary but has open-source version
available
• 4th Most popular with 5.6% usage vs 41.9%
Apache, 31% Nginx, 22% IIS
• Fastest Growing by far

L S W S
W H Y I S G R E A T
• Capacity
• 84X more requests/second than apache
using Wordpress and Caching
• 10X more than Nginx

L S W S
W H Y I S G R E A T
• Speed
• 29X Faster than Apache for Static Page
Loading
• 6X Faster than Nginx
• Built in Compression

L S W S
W H Y I S G R E A T
• Security
• Connection Level limits
• Request checking
• Web Application Firewall - built in protection
against XSS attacks and SQL Injection
• Static File Checking
• OWASP and 6G Rules

M A R I A D B V 1 0 . 3
W H A T I S I T ?
• Open-Source Database Engine
• Compatible alternative to MySql
• MySql was developed by Oracle 24+ years ago
• Much faster than mainstream versions of MySql (5.4-
5.6)
• Takes full advantage of multi-core server processors
• Highly compatible with key-value caching systems
W H Y I T ’ S G R E A T

P H P 7 . 3
W H A T I S I T ?
• Language compiler with ubiquitous web compatibility
• 75% of websites run on PHP
• 5X faster than legacy PHP (5.6)
• Ensures secure code structure
• Not the hardest to learn
W H Y I T ’ S G R E A T

• L2MP Stack
• RDS and Redis

R D S
W H A T I S I T ?
• Relational Database Service
• “VPS strictly for Running a Database”
• Powered by Amazon Web Services (AWS)
• Fully Compatible with most SQL services
(MySQL, MariaDB, PerconaDB, MongoDB)

R D S
W H Y I T S G R E A T
• Allows you to Run PHP on your server and have
a dedicated instance to run the Database
requests
• Since instance is optimized for performance,
database queries run much faster
• Automatic Backups
• Database and Hardware maintenance are not an
issue

R E D I S
W H A T I S I T ?
• In-Memory, key-value database object caching
• In English, how does it work
• Turns database queries into key-value pairs and
stores them in memory for faster data retrieval
• Exponential performance improvement in
applications with large databases and high
traffic.

R E D I S
W H Y I T S G R E A T
• Improves Performance for Crud Operations
(Create, Read, Update, Delete)
• Immensely

• L2MP Stack
• RDS and Redis
• Security

S E C U R I T Y
W H A T I S I T ?
• Probably one of the most important topics in
Wordpress Today
• Wordpress is the most attacked and hacked
platform in the world by far
• Most hacked people don’t even know they are
hacked - they are used for phishing, botnets,
serving malware.

S E C U R I T Y
L A Y E R S
• Server Level - iptables and Fail2Ban - install in
VPS first thing
• Web Server Level - LSWS Has big advantage
• Mod_security rules
• 6G bot blocking
• Wordpress support
• Recaptcha
• OWASP Rules

S E C U R I T Y
M O R E L A Y E R S
• Application - Level Firewall and Malware
Scanners
• Malcare
• Wordfence
• All in one WP Security
• Important to ban failed logins
• Set up 2FA
• Change /wp-login

S E C U R I T Y
D N S L E V E L
• CloudFlare or AWS WAF and Shield
• Lets you create security rules at DNS level
• Block all from Russia and/or China

S E C U R I T Y
O T H E R T I P S
• Always log into Machine from SSH
• #1 RULE, if nothing else…….
• USE
• A
• STRONG
• PASSWORD
• Use a Password Manager like OnePass,
Lastpass, Dashlane - most are free and sync on
all devices

• L2MP Stack
• RDS and Redis
• Security
• Costs

C O S T
H O W M U C H ?
• AWS EC2 - t2 Micro - Free for first year
• RDS Free Tier - Free for first year
• CloudFlare - Free
• OpenLitespeed - Free
• After First Year:
• $12-$15 / Month

C O S T
W H A T C A N I T H A N D L E ?
• Traffic Spikes of 200-300 simultaneous users
• Prolonged periods with 160 users/hr
• Server usage: Around 25%
• RDS usage: 5-10%
• ~115,000 visits p/month
• Compare to managed WP hosting ~$100 and up

C O S T S
M A K E I T E V E N F A S T E R
• If serving a lot of media files, serve them from S3
and Cache them with Cloudfront
• Install Cloudfront on your Server to serve CSS,
JS and WOFF files even faster

• L2MP Stack
• RDS and Redis
• Security
• Costs
• Future Proofing

F U T U R E O F
W O R D P R E S S
W H A T D O E S I T M E A N
• Headless (serverless)
• Using json to grab data from WP
• ex: Gatsby
• DB eventually all moving to key - value pair
system or soemting close
• HTTP/3 QUIC being developed with focus on
speed and security (less requests, with SSL built
in)

T H A N K Y O U ! ! !
Alex Bertens
alexbertens.com

Robust WordPress Installation using L2MP Stack

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Robust WordPress Installation using L2MP Stack

Similar to Robust WordPress Installation using L2MP Stack (20)

Recently uploaded

Recently uploaded (20)

Robust WordPress Installation using L2MP Stack