Create a Scalable
Wordpress Hosting on AWS

Rio Astamal

2019 Taking care my baby
2017 Lead Backend at ClearView Studios
2015 Lead Dev at DominoPOS
2014 System Engineer at WowRack

What you will learn

{Wordpress Overview} {Type of Scaling} {Common vs Scalable Arch} {Decoupling Servers} {Wordpress Plugins} {Security Best Practices} {Autoscaling DEMO on AWS}


free and open source content management system (CMS) based on PHP and MySQL. It is the most widely used CMS software in the world, and as of May 2019, it powers more than 30% of the top 10 million websites and has an estimated 60% market share of all websites built using a CMS (


A process to increase (or decrease) server resource to adapt application needs.

Type of Scaling

{Vertical} {Horizontal}

Downside of Vertical Scaling

{Requires downtime} {Low Availability} {Limited upgradeability: CPU, RAM}

Common Wordpress Installation

Scalable Wordpress Installation

Decoupling Servers Component

{Run Multiple WP Instance} {Add Load Balancer} {File Server for: Upload, Themes, etc} {Cache Server: Redis/Memcache} {DB Server: Master and Slave} {Offload Assets to CDN: JS, CSS, Images}

Scalable Wordpress Installation on AWS

AWS Components Used on Demo

{At least two AZ} {VPC: Public and Private Subnet} {EC2: WP on Nginx} {ELB: App Load Balancer} {RDS: DB Master and Slave} {EFS: File Server} {Elastic Cache: Redis Cache Server} {AutoScaling: Scalability} {S3: Deliver Media Assets}


By default Wordpress only support single database connection.

How to fix it? HyperDB to the rescue!


HyperDB is a very advanced database class that replaces a few of the WordPress built-in database functions. The main differences are:

* HyperDB can be connect to an arbitrary number of database server,
* HyperDB inspects each query to determine the appropriate database.


{Do not scale too early} {Monitor your servers} {Try aggressive caching first} {Try small vertical scaling} {Horizontal scale gradually}

Security Best Practices

{ELB on Public Subnet, others on Private Subnet} {Use AWS Security group instead of OS firewall} {SSH using bastion host to access instances} {Use EC2 IAM Role to upload to S3}


State # of WP Servers
Normal 2
Auto-Scaling 4

VPC Configuration

Subnet Configuration

NAT Gateway

EC2 Instances

SSH Config ~/.ssh/config

Host awstalk-bastion
  User ubuntu

Host awstalk-wp-main
  User ubuntu
  ProxyCommand ssh -A awstalk-bastion -W %h:%p

Host awstalk-wp-standby
  User ubuntu
  ProxyCommand ssh -A awstalk-bastion -W %h:%p

e.g SSH into Wordpress main instance

$ ssh awstalk-wp-main

Load Balancer

LB Target Group

Golden Image for Auto-Scaling

Auto-Scaling Launch Configuration

Auto-Scaling Group

Auto-Scaling Policy

MySQL RDS Master

MySQL RDS Replica

RDS Subnet

Accessing RDS via SSH Tunnel

Accessing RDS Master

$ ssh -CNq -L \$RDS_MASTER_HOST:3306 awstalk-bastion

Use mysql client to connect on port 4406

$ mysql -u admin -h -P 4406 -p

ElastiCache: Redis


S3 EC2 Role

S3 Bucket Policy

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "PublicReadForGetBucketObjects",
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "*"