W E B S I T E S R E C E I V I N G
M I L L I O N S O F
P A G E V I E W S P E R D A Y
W E B S I T E S P R O D U C I N G
H I G H D O L L A R
R E V E N U E S
W E B S I T E S W O R K E D O N B Y
L A R G E T E A M S
W E B S I T E S P R O V I D I N G
C R I T I C A L T I M E
S E N S I T I V E D A T A
W E B S I T E S I N V O L V I N G
M A N Y C O M P L E X
I N T E G R A T I O N S
L A R G E O R G A N I Z A T I O N S A N D H I G H
D O L L A R B U S I N E S S O B J E C T I V E S
R E Q U I R E W E B S I T E S T H A T A R E
P E R F O R M A N T , E F F I C I E N T , S E C U R E ,
M A I N T A I N A B L E , H I G H L Y A V A I L A B L E ,
D A T A - C E N T I C , A N D S C A L A B L E
Redis as a Persistent
• WP lets you drop in a custom object cache.
• Redis lets you store things in memory for fast
• Redis offers built in failover features that make it
easier to scale than Memcached
• Page caching is the act of caching entire
rendered HTML pages.
• Pages can be stored in the object cache avoiding
database queries entirely
• All output involving a database read on the front
end should be fragment cached aside from the
main WP query.
• For example, generated HTML from a feature
post carousel should be cached since it uses a
• Remote blocking calls can be a huge
• Cache remote calls as long as possible
• Utilize non-blocking remote requests wherever
• Don’t make the user wait for a cache to be
• Re-prime after invalidation
• Cleverly prime cached data asynchronously
(cron, non-blocking AJAX, etc.)
• Admin-ajax.php is for admin use only. It is not
cached as aggressively as the front end. Page
caching will not work.
Off the Shelf Caching
• Can be difficult to install and even more difficult to
• Created for the general public and often bloated
• Keep it simple.
Avoid Front End Writes
• Database writes are slow
• Avoid race conditions
• Page caching makes them unreliable.
• If you really need to write data on the front end,
• 'no_found_rows' => true: Tells WordPress not to pass
SQL_CALC_FOUND_ROWS to the database query.
• 'update_post_meta_cache' => false: useful when
post meta will not be utilized.
• 'update_post_term_cache' => false: useful when
taxonomy terms will not be utilized.
• 'fields' => 'ids': useful when only the post IDs are
needed (less typical). Avoids lots of extra preparation.
Understand WP Query
• ‘posts_per_page’ => ‘…’: Sets the query limit to
something other than -1
• ‘post__not_in’: Tells MySQL to run a NOT IN
query which is inherently slow. Try to avoid.
Use a CDN
• CDN’s enable you to serve static assets from
servers closer to your visitors while reducing load
on your web server(s).
• CDN recommendation is very unique to each
Reduce the Number and Size of
• Minify JS and CSS files (we use Grunt)
• Concatenate JS and CSS files (we use Grunt)
• Optimize images
• HTTP 2?
M A I N T A I N A B I L I T Y
A N D S T A B I L I T Y
Maintainable Code Improves
• Easily maintainable and extendible code bases
are less susceptible to bugs.
• Bugs in maintainable code are solved quicker
• New features are more easily created in
• Happy engineers are more productive (often
Modern PHP Design
• WordPress core is backwards compatible with
• Enterprise websites aren’t (usually) constrained
by incredibly outdated software
• Namespaces, traits, composer, etc.
Don’t Obsess Over
• MVC (model, view, and controller) is a great
pattern in many situations.
• WordPress is inherently not object oriented. We
find that forcing MVC with tools like Twig
ultimately leads to more confusing code that is
harder to maintain.
Modern JS Design
• Write modular code with tools like Webpack and
• Group distinct pieces of functionality into plugins
as much as possible.
• This separation simplifies deployments and
enables you to reuse functionality on other
• Properly documented code is more quickly fixed and
• Make documentation a part of your code review process
• PHP Documentation Standards:
• JS Documentation Standards:
• WordPress has a very rich, easy to use API with
ways to create posts, send HTTP requests,
create metaboxes, etc.
• Creating wrappers around these core APIs more
often than not just results in a layer of confusing
code and another library to memorize.
• PHPUnit for PHP
• Core unit testing framework and WP Mock -
• Tests improve quality and stability through
identification of issues. Decrease regression
• Escape data that is printed to the screen
• Escape data as late as possible
• Check out the esc_* functions in the codex.
Limit Login Attempts
• Limit max number of login attempts to prevent
• Weak passwords are one of the most common
ways attackers exploit websites.
• Require your users create strong passwords.
There are a few great plugins that do this
Review Every Line of
Over 40,000 community plugins
• Plugins reviewed before submission
• Plugin revisions not reviewed
• Review guidelines not geared for
Review Every Line of
Thousands of community themes
• More stringent review guidelines than plugins
• Review guidelines not geared for enterprise
• Performance not measured
• jQuery, Underscores, etc. are helpful tools but
should not be used blindly. There is no substitute
• Encouraging engineers to understand the
libraries they are using will improve overall code
quality and decrease bugs.
• Keeping track of code history with version control
• Mandate workflow at the start of project to keep
everyone on the same page.
• Use descriptive commit messages
• Gitflow: http://nvie.com/posts/a-successful-git-
Internal Code Reviews
• Code reviews help ensure performance, security,
maintainability, and scalability
• Engineers improve skills by reviewing and
Q U E S T I O N S ?
@ T L O V E T T 1 2
T A Y L O R . L O V E T T @ 1 0 U P . C O M
T A Y L O R L O V E T T . C O M