I have an average load news website, on which I get a few thousand hits per day, sometimes at once when specific writers publish. Currently I have a LAMP on a 1GB RAM droplet serving a Wordpress website, which obviously is not enough to handle a lot of requests, and even though I’m using caching but I still get database failures in the peak times
I need to make some decisions which I need experts help with
I noticed a similar question here, but it’s not exactly my situation
Thanks in advance
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Personally, I would use Apache and Nginx as a reverse proxy. I don’t get as much traffic as you do but it has been working great for me. Also I have varnish as my cache system.
Checkout this Article/Tutorial. They talk about optimizing a wordpress heavy content site with varnish.
hope this helps
There is a way to switch your login page from wp-login.php to something different. Just google to find how to do that. I should probably write a short tutorial for it.
The gist is that you change your wp-login.php to something custom, like alt-login.php, and then block access to wp-login.php with your .htaccess file.
You could just delete wp-login.php, but it will be re-added on Wordpress updates, so blocking with .htaccess works better for long-term.
Doing that will reduce brute force attacks to almost 0. At least for now!
Good insight. I didn’t think about bruteforcing login/reg as a cause. I have already added captcha and TFA. Any other thoughts?
There have been quite a few discussions on using a separate server for MySQL. I have been following some of the discussions with interest; only one person so far has asked questions and then reported back after doing it. He noted excellent results. Here is that post: Should I put my MySQL database on a separate server?
just as a side note: On one droplet I have that runs a few WordPress sites, MySQL was crashing often until I hardened my WordPress login pages and added some extra security on all Wordpress installs. I think some brute-force attacks were crashing the database(but not crashing Apache).