A Brief Guide to This Highly Recommended Program

wordpress One of the most popular CMS. It’s easy to install and easy to use, and there are thousands of plugins and templates that make website development super easy and super fast. But it also has advantages and disadvantages as page generation can be resource-demanding, and WordPress is not only one of the most popular but also one of the most vulnerable systems.

There are many cases where a simple static webpage will suffice, but WordPress is a more convenient solution. A blog or product website is a good example. You have to choose a template, set colors and a few other things, upload content, and voila, you have a full-featured website with few working hours. These are the cases when CloudFront can be an excellent solution to make your website fast, scalable and secure.

Amazon Cloudfront one is Content Delivery Network, A worldwide distributed cache system. When a user tries to access your content through CloudFront, the system routes the request to the nearest Edge server, which acts or queries your WordPress server if the content is present.

In this case, WordPress is like a static page generator that generates the pages that CloudFront serves. Your site’s resource consumption will be extremely low as CloudFront only requests content once and serves it millions of times when needed. You can handle extremely high traffic with millions of users using just one micro instance for your WordPress!

Another advantage of this system is that only the CloudFront portion is public. Your WordPress is hidden from the outside world so that no one can attack or hack it. Behind CloudFront, your core is in maximum security.

To add CloudFront to your WordPress site, set up the CloudFront distribution on the AWS console.

Set the root domain to the URL of your current WordPress site, and give your distribution a name.

Select an alternate domain on the “Settings” block. This will be the new domain where your WordPress site will be accessible through CloudFront.

If deployment is done, copy the CloudFront domain name, and create a CNAME record in it. For example, if your alternate domain is www.example.com and the CloudFront domain is d3qu6ceheilwux.cloudfront.net, add a

www.example.com CNAME d3qu6ceheilwux.cloudfront.net

Record in your DNS zone file.

If everything is done correctly, you will see your site www.example.com, Clicking on the link for the new site will take you back to the original WordPress site. To prevent this, add these two lines of code to the beginning of your wp-config.php:

if($_SERVER['HTTP_USER_AGENT'] == 'Amazon CloudFront') {
define( 'WP_HOME', '... new site URL …' );
define( 'WP_SITEURL', '... new site URL …' );
} else {
define( 'WP_HOME', '... original site URL …' );
define( 'WP_SITEURL', '... original site URL …' );
}

CloudFront’s user agent is ‘Amazon CloudFront’, so when CloudFront reads the site’s content, it will get new URLs, but when we access it for administration, it will use the original URL. After this modification, links will point to a CloudFront URL (ex: www.example.com).

Congrats! You have set up CloudFront for your WordPress site. We’re almost done, but I promised better security, and our original site is still public. The easiest way to prevent attacks on the origin site is to combine HTTP authentication with a strong password.

If you are using Nginx, you can create a password file using the htpasswd utility:

htpasswd -c /etc/nginx/htpasswd wordpress

Which you can add to your configuration:

auth_basic           "Password protected content";
auth_basic_user_file /etc/nginx/htpasswd;

CloudFront can send HTTP headers when it reaches origin so you can add Auth headers to it’s configuration. The auth header looks like this:

Authorization: Basic {base64encode({user}:{password})}

So, if your username is abc and your password is 123 then the auth header will be:

Authorization: Basic YWJjOjEyMw==

Headers can be generated using any online base64 encoder, If you’ve created a header, add it to your parent’s config.

After deployment, CloudFront will access your site to be publicly available through CloudFront, but the original site will be password protected. To protect your site, you can change and set up monthly passwords fail2ban To prevent brute force attacks.

The last thing I wanted to talk about is invalidation. The default behavior of CloudFront is that it only refreshes content once per day, so if you change something and don’t want to wait a day, you’ll have to clear the cache. CloudFront uses invalidations to do this.

If you want to delete one or more files from the cache, you must create an invalidation. Invalidation is a broadcast message to the edge servers to delete the returned content. The invalidation parameter is a list of file paths that contain *, If you want to completely remove the cache, use ‘/*’.

As you can see, CloudFront is the perfect solution for scaling up your WordPress site and making it secure. Using this, your site can serve millions of users, and you only need a micro example behind CloudFront. The solution is not WordPress specific. You can use it for any site that doesn’t use server-side interaction.

In some cases, it needs a little different thinking. For example, you’ll need to use hosted commenting services like Disqus or Facebook Comments, or if you have a webshop on your site, you’ll need to organize it as a separate service in a different domain. But I think it’s a really low price for security and serving seamless, fast and scalable content.