Feras' Blog

Enjoy your journey

By

With so many hosting options available, what makes hosting WordPress on Azure is a good choice?

WordPress is the most popular Content Management Systems (CMS) in the world, it’s estimated that around 40% of all websites on the internet are built using WordPress. It is open-source, free to use, easy to set up, and customize.

It also has a large community of users, developers, and designers who contribute to its development, which helps ensure that it stays up-to-date and secure. In addition to that, it is rich of plugins and themes that extend its functionality to be used to created a wide variety of websites, including:

  1. Blogs: This is what WordPress was originally designed for, a blogging platform.
  2. Business websites: Many small and medium-sized businesses use WordPress to create a professional-looking website to showcase their products and services.
  3. E-commerce websites: There are several e-commerce plugins available for WordPress that can be used to create an online store and sell products directly from a website.
  4. Educational websites: WordPress can be used to create an interactive educational website, with features such as online courses, quizzes, and student registration.
  5. Real estate websites

Here are some popular WordPress hosting providers:

  1. Bluehost
  2. WP Engine
  3. HostGator
  4. SiteGround
  5. A2 Hosting
  6. DreamHost
  7. Kinsta

All of the them provide variety of hosting plans and options that are optimized for WordPress, like shared hosting, VPS hosting and dedicated hosting. They also provide one-click WordPress Installation and automatic updates, backups, and 24/7 support.

It’s important to evaluate your needs and goals to determine which provider is best for you.

Why Hosting WordPress on Azure

Hosting WordPress on Azure

It’s important to note that traditional web hosting may have specific advantages for your websites over cloud providers like Azure.

The main benefit of using Azure over traditional web hosting is the level of control you have on your website in terms of scalability, performance, security, cost-effective, and integrations with other systems within your company.

The cost-effective part depends on the option you choose on Azure. It could be cost-effective with pay-as-you-go option and automatic scaling to adjust your resources consumption.

Let me add more factors that may affect your decision:

  • You team capabilities
  • The Regions where your targeted customers are located
  • The level of control your team want to handle and customize
  • Integrations with other Azure services and solutions your company are already using like Azure Active Directory.

In short, It may not be the right choice for all companies but it is worth studying and comparing to other choices and this blog post is all about helping you getting more insights about what you will get if you host your WordPress On Azure.

and to make it more practical I have prepared a cloud scenario about real estate company that has a WordPress website and considering moving to Azure.

Our Cloud Scenario Requirements

A real estate company called “Gold eState” has a WordPress website with a user-friendly and responsive pages that allows users to search for properties, view property listings, and contact the real estate agency for more information.

  1. The company has a wide range of customers located in different countries: Russia, Europe, USA , Saudi Arabia, United Arab Emirates, Qatar, Oman, Kuwait and Bahrain
  2. The company has invested a lot in the media content, the website is optimized for viewing different media files like high definition photos, 3d view mode and high quality videos.
  3. WordPress is integrated with a property management system where the employees can easily add, update, remove property listings and get synced with WordPress.
  4. The visitors can contact the company directly from the website to request more information or schedule a viewing visit.
  5. The company allocates $100,000 per month primarily for marketing campaigns.

The website should have the following non functional requirements:

  1. The ability to automatically scale to handle high traffic spikes, such as those generated by frequent marketing campaigns, which can bring thousands of visitors to the site each day for a period of time.
  2. Highly efficient in terms of performance, with a loading time of no more than 2 seconds.
  3. Highly secure against common web attacks, DDOS attacks, and spam users

Main Components

The main components for a WordPress website are:

  • A web server that hosts the WordPress files
  • A file storage system that stores all media content
  • A MySQL database

Let’s create a preliminary diagram and evaluate various options and scenarios.

Main Components Diagram

Web Server

Web Server Options

There are plenty of choices to implement this part of the architecture on Azure:

  1. Azure App Service: It’s the PaaS option.
  2. Azure Virtual Machine: It’s IaaS option.
  3. Azure Kubernetes Service: We can use WordPress Container images to spin containers in AKS

WordPress is built on PHP, so the web server must have PHP installed and configured to run the WordPress code. Web servers like Apache or Nginx are the most common and widely supported web server software for running WordPress.

Some PHP extensions should be installed as well like MySQLi. Mod_Rewrite mode has to be enabled as well because it’s used by WordPress. These are some of the basic requirements for a web server to run a WordPress website, but there might be other requirements and configurations to be considered.

I need to consider a choice that can be scaled quickly to handle the spikes of the high traffic coming from marketing campaigns.

so I can either use:

  • Auto Scale option with Azure App Service
  • Auto Scale option with Virtual Machine Scale Set
  • Auto Scale option with AKS (Kubernetes)

I am going to skip Azure App Service option in this cloud scenario, because I want the option that give me more control over the configuration.

A Cloud Native Choice

The company “Gold eState” has a strategic goal to move forward toward Cloud Native. Cloud native will empower the company to run and build a cloud application in a dynamic environment like multi-cloud, which allows them to deploy the same application on multiple cloud providers and move the application between them easily.

Kubernetes is a vendor-agnostic platform, which means it can be run on different cloud providers and on-premises environments.

This can provide more flexibility and reduce the risk of vendor lock-in.

So, a WordPress container image will be deployed to k8s cluster that can automatically scale the number of replicas of it based on demand, which ensures that the application can handle high traffic and provide high availability.

File Storage

WordPress WP-Content Folder

A traditional WordPress installation can be considered a monolithic application. It is a single, large PHP application that includes all the necessary components, such as the web server, the PHP runtime, the database, and the application code, all running in one process.

In this scenario, we need to split WordPress into different components to make sure it is scalable. One of the components “wp-content” folder.

The folder “wp-content” contains files and directories that are specific to the theme and plugins used on the website. The folder typically contains the following types of files and directories:

  1. Themes: This directory contains the theme files that control the design and layout of the website.
  2. Plugins: This directory contains the plugin files that add additional functionality to the website.
  3. Uploads: This directory is used to store files uploaded by users, such as images, documents, and audio files.
  4. Language: This directory contains the translation files for the website, it helps to translate the website in different languages.
  5. Custom Directories: Some plugins and themes might create custom directories to store additional files.

This folder must be shared and accessed by different WordPress container instances. We have two options on Azure for this case:

  • Azure Files
  • Azure Blob Storage

Azure Account Storage and Azure Files

Both Azure Files and Azure Blob Storage can be used to mount the “wp-content” folder to a WordPress container image, but each has its own set of advantages and use cases.

Azure Files is a fully managed file storage service that allows you to create file shares in the cloud, and mount them to VMs or containers. It provides a SMB protocol that allows you to mount the file share as a local drive in the container. Azure files can be good option if you need a fully managed, simple and easy way to store files, and you don’t need the advanced features of blob storage.

Azure Blob Storage, on the other hand, is a fully managed object storage service that allows you to store unstructured data in the cloud. Blob storage is highly scalable, and it can store large amounts of data. It also provides a REST API for interacting with the storage, and it can be used to store and retrieve any type of data. Azure Blob Storage is a good option if you need to store large amounts of unstructured data, and you need advanced features like data tiering, data archiving, and lifecycle management.

As a result, Azure Blob Storage will be a better choice to store large videos and other media files that could support streaming as per as the requirements.

“wp-content” Folder will be stored in Azure Blob Storage and be accessible by K8s cluster.

MySQL Database

Azure offers several options for running a MySQL database for a WordPress on Azure:

  1. Azure Database for MySQL: This is a fully managed, scalable and high-performance MySQL-compatible service. It is based on the MySQL community edition and provides built-in features such as high availability, automatic backups, and read replicas.
  2. Virtual Machines: You can run MySQL on a virtual machine (VM) in Azure. This gives you the flexibility to configure and manage the MySQL server as you would on-premises, but with the added benefits of Azure’s infrastructure.
  3. Azure Database for MariaDB: This is a fully managed, scalable and high-performance MariaDB-compatible service built on Azure. It is based on the community edition of MariaDB and provides built-in high availability and automatic backups.

Based on options above, a fully managed service like Azure Database for MySQL will be considered because of the built-in features that will help implement the data replication to another region easily, which will increase the availability and resiliency of the system.

I think it’s time to refine the diagram!

Main Component Diagram

Choosing Azure Regions

Choosing the right region(s) is essential for various reasons:

  • Reducing latency and improving response times for users
  • Availability of services and resources
  • Meeting compliance and data sovereignty requirements
  • Minimizing costs associated with hosting and data transfer.

Reducing Latency

As the website’s visitors are located in various geographical locations, regardless of the selected region, there will be variations in latency for customers based on their distance from the chosen region. Therefore, using a Content Delivery Network (CDN) service is a good option to reduce latency and improve the performance.

The primary azure region would be West Europe and by using Azure CDN, the website will have enhanced latency.

Azure CDN has POPs (Point-of-presence) locations all over the world. This link has POPs list.

Service Availability

Before deciding on any particular cloud service, it’s essential to verify that it’s available in the regions where we plan to use it. The availability of services by region can be checked on this website: service availability by region.

West Europe region has all the services that have been discussed so far,

Service Availability on West Europe

Applying Azure Well-Architected Framework

The Azure Well-Architected Framework is a collection of guidelines and best practices that are organized into five main categories or pillars. Following this framework will assist you in designing and maintaining a well-architected cloud solution.

The five pillars are:

  • Reliability
  • Security
  • Cost Optimization
  • Operational Excellence
  • Performance Efficiency

Reliability

Reliability is crucial in our cloud scenario, as the real estate website must be able to handle the increased traffic resulting from monthly marketing campaigns.

The company’s marketing budget is $100,000 per month, and a failure to handle the load caused by these campaigns could result in significant financial loss, as well as damage to the company’s brand loyalty.

The way in which reliability is implemented can vary depending on the services that make up the solution. In this scenario, the solution is composed of several Platform as a Service (PaaS) mainly, which means that much of the responsibility for reliability is handled by the cloud provider. We must evaluate the Service Level Agreement (SLA) options of each service to ensure they meet our requirements.

ServiceSLA
Azure Kubernetes Service (AKS) API ServerUptime SLA 99.95% (when using Availability Zone)
and 99.9% when not using Availability Zone)
Virtual Machine Scale set99.99% (when using two or more VMs deployed across two or more Availability Zones in the same Azure region) SLA Link
Load Balancer99.99% SLA Link
Application Gateway99.95% SLA Link
Azure Container Registry99.9% SLA Link
Azure Database for MySQL99.99% (Flexible server configured with Zone Redundant High Availability) SLA Link
Account Storage99.99% (Read data from secondary region when primary fails) SLA Link
Azure Bastion99.95% SLA Link
KeyVault99.99% SLA Link
Azure CDN99.9% SLA Link

The total availability of the system is 99.9% annually, which means a potential downtime of 8.76 hours per year. Given that our marketing campaign recurs monthly, we can expect a potential failure of 43.8 minutes during that period. This availability level should suffice for our scenario.

I think it’s time to refine the diagram and use Azure Services!

WordPress on Azure Architecture Diagram 1

Quick notes about the diagram:

  1. Application Gateway acts as Ingress Controller for Kubernetes, However, we could use nginx instead, but I used Application Gateway because it has WAF and other built-in features.
  2. The Load Balancer will be created as part of AKS service.
  3. WordPress can should have a plugin to customize uploading media to Azure Storage Accounts, so the media links will be pointing to storage accounts.

Security

Security and reliability are closely connected. If your service is not secure enough and is vulnerable to attack, this can lead to a reduction in the level of reliability of your system.

Security Features in The Selected Services

A several of security features have been integrated within the workload we’ve discussed up to this point:

  • Application Gateway: It includes security features such as SSL/TLS termination, web application firewall (WAF), and end-to-end HTTPS support.
  • WAF (Web Application Firewall) in Application Gateway: It helps protect your web applications from common web vulnerabilities, block malicious traffic, and attacks, such as SQL injection and cross-site scripting (XSS) attacks. The WAF also allows you to create custom rules to block specific types of traffic.
  • Azure CDN: Azure CDN offers several security features to protect your content, such as SSL/TLS, dynamic site acceleration (DSA), and real-time log analytics.
  • DDoS protection feature in Azure CDN: It provides built-in DDoS (Distributed Denial of Service) protection to protect against common network-layer DDoS attacks. The service automatically detects and mitigates DDoS attacks without any additional configuration. It also provides real-time monitoring and alerts to notify you of any detected attacks, and detailed metrics to help you understand the impact of the attack on your service. Additionally, Azure CDN integrates with Azure DDoS Protection Standard service that provides a more advanced protection against DDoS attacks.
  • Azure Bastion: Azure Bastion provides secure and seamless RDP/SSH connectivity to your virtual machines directly from the Azure portal over SSL. It also supports Azure AD authentication and multi-factor authentication.
  • Private Kubernetes cluster (AKS): AKS provides security features such as Azure Active Directory integration, role-based access control, and network segmentation.

More Security Features !

Furthermore, we can meet the business requirements by utilizing the following Azure services:

  • Accessing the WordPress website using VPN: Using a VPN to access your WordPress website provides an additional layer of security by encrypting the traffic between the user and the website, and allowing access only from specific IP ranges.
  • Login to WordPress website using Azure AD: By using Azure AD for authentication, you can provide secure and centralized user management for your WordPress authors.
  • Key Vault: It enables the management and protection of all secrets and keys used across all of your application workloads.
  • Segregating workloads and controlling access through the use of Virtual Network and subnets, as well as implementing Network Security Groups (NSGs).
  • Implement Hub and Spoke network topology which provides scalability, isolation, centralized management, cost optimization, flexibility and simplicity, by connecting multiple spoke networks to a central hub. It allows for easy scaling of the network, isolation of different spoke networks for security, central point for managing the network, cost optimization by sharing resources, integrating different types of workloads, and ease of setup and management.

Cost Optimization

With a clearer understanding of the necessary Azure services, performance needs, security requirements, availability constraints, and desired hosting regions, we can move forward with pricing estimation. The Azure Pricing Calculator can be used to estimate the initial cost.

Cost Estimation for Single Region

Let’s refine the last diagram after discussing Reliability, Security, and Cost Optimization:

WordPress on Azure architecture diagram

Operational Excellence

Infrastructure as Code (IAC)

To align with the company’s goal of moving towards cloud-native, investing in Infrastructure as Code (IAC) is crucial. This will enable automation and efficient management of infrastructure resources, which is key to implementing cloud-native principles.

Infrastructure as code (IAC enables developers to provision and manage infrastructure resources using code, rather than manual configuration.

One of the most popular IAC platforms is Terraform, an open-source tool that allows you to define and provision infrastructure resources on various cloud providers, including Azure, AWS, and Google Cloud.

This is a quick start link for Terraform on Azure.

Using Azure DevOps CI/CD

With Azure DevOps, it’s possible to use an extension that adds Terraform tasks to the pipeline, allowing for the creation of a pipeline that deploys infrastructure.

Azure DevOps can also be used to build a CI/CD pipeline for Kubernetes. One way to do so is by using self-hosted Linux build and release agents.

By using a self-hosted Linux build agent, you can run your build and deployment tasks on your own Linux machines, rather than on Azure-hosted agents. This can be useful if you want more control over the build and deployment process.

In this scenario, the self-hosted build agents would be used to push container images to a private container registry, while the self-hosted deployment agent would pull the images from the registry to deploy on a private Kubernetes cluster.

Performance Efficiency

The design that we have discussed focuses on performance optimization by implementing several strategies:

  • Using a CDN to reduce latency for static files
  • Implementing the ability to scale out in Kubernetes and all other workloads
  • Utilizing Azure Storage for the (wp-content) folder.
  • Utilizing Media Services to encode and stream the media videos

Conclusions

Estimated Cost

I have added the following items:

  • Virtual machines scale set we need for build agents
  • Container registry (premium) to be able to deploy it to a virtual network
  • Media Services to encode and stream the media videos

You can check the pricing profile details on this link.

Final Estimation

Solution Architecture Diagram

WordPress on Azure Architecture Diagram

Final Words

Hosting WordPress on Azure can be a good option for some companies and this blog post aims to provide a deeper understanding of its advantages.

The solution architecture for this cloud scenario was tailored to specific business requirements for a real estate website, but it can serve as a guide for other types of WordPress websites such as educational or e-commerce websites.

Special thanks to Yasser Salimeh for his role as Product Owner on this cloud scenario and for providing valuable business requirements based on his experience with real estate customers.

Special thanks to Khaldoun Senjab for his valuable input and guidance in selecting the appropriate Azure services.