Welcome to Centmin Mod Community
Register Now

Wordpress New wordpress install

Discussion in 'Blogs & CMS usage' started by dce, May 17, 2022.

  1. dce

    dce Member

    33
    6
    8
    Feb 21, 2018
    Ratings:
    +7
    Local Time:
    6:44 AM
    I am setting up a new server with my first Wordpress install (I have another centmin server running drupal installs).

    Is this guide still a good wordpress configuration for a secure setup with good performance (with CF)?

    It was written in late 2020. Any new information / setup configurations for even better performance?

     
  2. eva2000

    eva2000 Administrator Staff Member

    48,909
    11,190
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,424
    Local Time:
    8:44 PM
    Nginx 1.21.x
    MariaDB 10.x
    That guide also migrated to official Centmin Mod blog at Wordpress Cache Enabler Advanced Full Page Caching Guide - Centmin Mod Blog and is the latest. It's still using an older version of Cache Enabler plugin as the newer versions changed the way they cache query strings which can be problematic.
    • old Cache Enabler plugin used in centmin.sh menu option 22 install = do not cache query strings by default but allow configuring a select few query strings to be cached to allow end user control
    • new Cache Enabler plugin used by everyone else not using Centmin Mod = cache all query strings by default but allow users to configure excluding query strings they do not want cached. You can imagine all sorts of unintended issues with caching all query strings by default
     
  3. dce

    dce Member

    33
    6
    8
    Feb 21, 2018
    Ratings:
    +7
    Local Time:
    6:44 AM
    Thank you eva2000.

    Since it is recommended to use the old Cache Enabler plugin and it is the one being installed by the option 22 install, how are possible necessary updates (security, bugs etc) for the old plugin version handled?
     
  4. eva2000

    eva2000 Administrator Staff Member

    48,909
    11,190
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,424
    Local Time:
    8:44 PM
    Nginx 1.21.x
    MariaDB 10.x
    Unfortunately, it isn't being handled as the code base is different. I'll probably be looking at an alternative Wordpress caching method for Cache Enabler eventually. Just haven't really found a good alternative that meets my criteria right now below:
    1. saves static HTML cached files to disk which can be served from Nginx
    2. allows for pre-compression of cached static HTML files to allow Nginx to utilize gzip_static directive to serve pre-compressed cached static HTML files
    3. can be 100% installed + configured via WP CLI command line so can be scripted for automation
    4. allows control over caching specific query strings
    The Cache Enabler option with old cache method in centmin.sh menu option 22 does meet all the above criteria.
     
  5. dce

    dce Member

    33
    6
    8
    Feb 21, 2018
    Ratings:
    +7
    Local Time:
    6:44 AM
    Thanks eva2000

    Are the security risks of running the old cache method minimal or mitigated in some way by how the server is configured? Do you consider it safe to run this way / are you currently running any servers live with this config?

    If the risks are acceptable, I will need to make sure the module is set to not auto update.
     
  6. eva2000

    eva2000 Administrator Staff Member

    48,909
    11,190
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +17,424
    Local Time:
    8:44 PM
    Nginx 1.21.x
    MariaDB 10.x
    centmin.sh menu option 22 Wordpress auto installer for Cache Enabler selected cache option already automatically blocks Cache Enabler updating to lock to the old cache method so Wordpress auto updating system won't update Cache Enabler. See details at https://community.centminmod.com/th...hanges-breaking-wordpress-sites-search.20546/. Full details including how existing Cache Enabler 1.5.1+ users can downgrade to Cache Enabler 1.4.9 as well as how to in future unlock 1.4.9 for 1.5.1+ updates can be found here Beta Branch - add Cache Enabler 1.4.9 legacy cache mode option in 123.09beta01.

    Acceptable risk is something you'd have to decide. Some of centmin.sh menu option 22's setup in general does help for some things as wpsecure include file by default only allows certain pre-allowed Wordpress plugins to run PHP code. See https://community.centminmod.com/threads/wordpress-403-permission-denied-errors.11215/. But that doesn't prevent pre-allowed plugins from running PHP code.

    If it isn't acceptable, you can also try Redis Nginx guest full HTML page caching option in centmin.sh menu option 22.

    For live testing reasons, I actually use the pre-release/private tested PHP Fastcgi_cache based guest full HTML page caching for my Wordpress site and is 2nd fastest cache method behind Cache Enabler https://community.centminmod.com/th...n-sh-menu-option-22-install.15435/#post-68746. Though there are still some bugs in PHP Fastcgi_cache method that haven't figured out i.e. on logging out of Wordpress, you get a 404/503 error page for that initial log out. But then it's fine on subsequent visits to blog.