This article describes a solution for small to medium-sized WordPress installations. The solution provides the scalability, reliability, and security of the Azure platform without the need for complex configuration or management. For solutions for larger or storage-intensive installations, see WordPress hosting options on Azure.
Download a Visio file of this architecture.
You can extend this solution by implementing tips and recommendations that aren’t specific to any particular WordPress hosting method. For general tips for deploying a WordPress installation, see WordPress on Azure.
This scenario covers a scalable installation of WordPress that runs on Azure App Service.
- Users access the front-end website through Azure Front Door with Azure Web Application Firewall enabled.
- Azure Front Door distributes requests across the App Service web apps that WordPress runs on. Azure Front Door retrieves any data that isn’t cached from the WordPress web apps.
- The WordPress application uses a service endpoint to access a flexible server instance of Azure Database for MySQL. The WordPress application retrieves dynamic information from the database.
- Locally redundant high availability is enabled for Azure Database for MySQL via a standby server in the same availability zone.
- All static content is hosted in Azure Blob Storage.
- The WordPress on App Service template is a managed solution for hosting WordPress on App Service. Besides App Service, the solution also uses the other Azure services that are described in this section.
- App Service provides a framework for building, deploying, and scaling web apps.
- Azure Front Door is a modern cloud content delivery network. As a distributed network of servers, Azure Front Door efficiently delivers web content to users. Content delivery networks minimize latency by storing cached content on edge servers in point-of-presence locations near end users.
- Azure Content Delivery Network efficiently delivers web content to users by storing blobs at strategically placed locations. In this solution, you can use Content Delivery Network as an alternative to Azure Front Door.
- Azure Virtual Network provides a way for deployed resources to communicate with each other, the internet, and on-premises networks. Virtual networks provide isolation and segmentation. They also filter and route traffic and make it possible to establish connections between various locations. In this solution, the two networks are connected via virtual network peering.
- Azure DDoS Protection provides enhanced DDoS mitigation features. When you combine these features with application-design best practices, they help defend against DDoS attacks. You should enable DDoS Protection on perimeter virtual networks.
- Network security groups use a list of security rules to allow or deny inbound or outbound network traffic based on source or destination IP address, port, and protocol. In this scenario’s subnets, network security group rules restrict traffic flow between the application components.
- Azure Key Vault stores and controls access to passwords, certificates, and keys.
- Azure Database for MySQL – flexible server is a relational database service that’s based on the open-source MySQL database engine. The flexible server deployment option is a fully managed service that provides granular control and flexibility over database management functions and configuration settings. In this scenario, Azure Database for MySQL stores WordPress data.
- Blob Storage provides scalable, optimized object storage. Blob Storage is a good fit for cloud-native workloads, archives, data lakes, high-performance computing, and machine learning.
- You can use Azure Cache for Redis to host a key-value cache for WordPress performance optimization plug-ins. The cache can be shared among the App Service web apps.
- Instead of Azure Front Door, you can use Content Delivery Network to deliver web content to users.
This example scenario is appropriate for small to medium-sized installations of WordPress.
Potential use cases
- Media events that cause traffic surges
- Blogs that use WordPress as their content management system
- Business or e-commerce websites that use WordPress
- Websites that are built by using other content management systems
These considerations implement the pillars of the Azure Well-Architected Framework, which is a set of guiding tenets that can be used to improve the quality of a workload. For more information, see Microsoft Azure Well-Architected Framework.
Reliability ensures your application can meet the commitments you make to your customers. For more information, see Overview of the reliability pillar.
Consider the following recommendations when you deploy this solution:
- App Service provides built-in load balancing and health checks. These features help you maintain availability when an App Service web app fails.
- When you use a content delivery network to cache all responses, you gain a small availability benefit. Specifically, when the origin doesn’t respond, you can still access content. But caching doesn’t provide a complete availability solution.
- You can replicate Blob Storage to a paired region for data redundancy across multiple regions. For more information, see Azure Storage redundancy.
- To increase Azure Database for MySQL availability, enable same-zone high availability. This feature creates a standby server in the same availability zone as the primary server. You need to use the General Purpose or Business Critical compute tier to enable same-zone high availability. For more information, see the high availability options that apply to your needs.
Security provides assurances against deliberate attacks and the abuse of your valuable data and systems. For more information, see Overview of the security pillar.
Consider the following recommendations when you deploy this solution:
- Use Azure Web Application Firewall on Azure Front Door to help protect the virtual network traffic that flows into the front-end application tier. For more information, see Azure Web Application Firewall on Azure Front Door.
- Don’t allow outbound internet traffic to flow from the database tier.
- Don’t allow public access to private storage.
Cost optimization is about looking at ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Overview of the cost optimization pillar.
Review the following cost considerations when you deploy this solution:
- Traffic expectations (GB/month). Your traffic volume is the factor that has the greatest effect on your cost. The amount of traffic that you receive determines the number of App Service instances that you need and the price for outbound data transfer. The traffic volume also directly correlates with the amount of data that’s provided by your content delivery network, where outbound data transfer costs are cheaper.
- Amount of hosted data. It’s important to consider the amount of data that you host in Blob Storage. Storage pricing is based on used capacity.
- Write percentage. Consider how much new data you write to your website and host in Azure Storage. Determine whether the new data is needed. For multi-region deployments, the amount of new data that you write to your website correlates with the amount of data that’s mirrored across your regions.
- Static versus dynamic content. Monitor your database storage performance and capacity to determine whether a cheaper SKU can support your site. The database stores dynamic content, and the content delivery network caches static content.
- App Service optimization. For general tips for optimizing App Service costs, see Azure App Service and cost optimization.
Performance efficiency is the ability of your workload to scale to meet the demands placed on it by users in an efficient manner. For more information, see Performance efficiency pillar overview.
This scenario hosts the WordPress front end in App Service. You should enable the autoscale feature to automatically scale the number of App Service instances. You can set an autoscale trigger to respond to customer demand. You can also set a trigger that’s based on a defined schedule. For more information, see Get started with autoscale in Azure and the Azure Well-Architected Framework article Performance efficiency principles.
This article is maintained by Microsoft. It was originally written by the following contributors.
- Adrian Calinescu | Senior Cloud Solution Architect
To see nonpublic LinkedIn profiles, sign in to LinkedIn.
Microsoft training modules: