A practical guide to configuring an always-on WordPress site

Introduction — Why «A Practical Guide to Configuring an Always-On WordPress Site» Matters

In today's world, access 24/7 A WordPress site is essential for businesses, online stores, SaaS projects, and high-traffic blogs. This article is a comprehensive and practical guide to creating an architecture, security, caching, monitoring, and backup strategy to keep your site up and running.

Design principles for high availability

To have an always-on WordPress site, you need to implement multiple layers of redundancy. The right combination of these layers reduces points of failure and increases fault tolerance.

• Load Balancer: Distributing traffic among multiple web nodes.
• Multiple Web Nodes: Multiple Nginx/PHP-FPM servers with identical configuration.
• Database with Replication: Master/Read Replica or Galera/Primary-Replica cluster.
• Shared storage or Object Storage: Uploads (wp-content/uploads) on S3-compatible or NFS.
• CDN: Cache and distribute static pages at the edges.
• Monitoring and health checks: Ping Pong Health Check and Recovery Automation.

The company providing this guide has more than 85 global locations, cloud server, load balancer, CDN, and BGP network provide services to place nodes in suitable locations; for example: Trading — locations with low ping to exchanges; Gaming — locations close to players; AI and rendering — locations with GPUs.

Suggested architectural design for WordPress always available

Basic option (for small to medium websites)

• A VPS or cloud server with Nginx + PHP-FPM + MariaDB
• Redis/Memcached for object caching
• CDN for static files
• Daily snapshots and database backups

Advanced option (for commercial and high-traffic sites)

• 2+ Webnodes (auto-scale) behind Load Balancer
• Primary Database + Read Replicas or Galera Cluster
• Object Storage for uploads (S3-compatible)
• Redis Cluster for session and object cache
• WAF and Anti-DDoS
• CI/CD for secure deployment
• Monitoring (Prometheus/Grafana + Alertmanager) and Uptime checks

Step-by-step: Basic installation and configuration on Ubuntu 22.04 (practical example)

This is a single-node example scenario to get started; use the same configuration on multiple nodes for HA.

Base installation

sudo apt update && sudo apt upgrade -y
sudo apt install nginx certbot python3-certbot-nginx -y
sudo apt install mariadb-server -y
sudo apt install php-fpm php-mysql php-curl php-gd php-mbstring php-xml php-xmlrpc php-redis php-imagick -y
sudo systemctl enable --now nginx php7.4-fpm mariadb

Note: The php package name may be a different version; from php8.1 Or php8.2 Use.

Securing MariaDB and Creating a WordPress Database

sudo mysql_secure_installation

In the MySQL/MariaDB console, run:

CREATE DATABASE wp_database CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
CREATE USER 'wp_user'@'localhost' IDENTIFIED BY 'StrongPasswordHere!';
GRANT ALL PRIVILEGES ON wp_database.* TO 'wp_user'@'localhost';
FLUSH PRIVILEGES;
EXIT;

Configuring Nginx for WordPress (Sample File)

cat > /etc/nginx/sites-available/example.com <<'EOF'
server {
    listen 80;
    server_name example.com www.example.com;
    root /var/www/example.com;
    index index.php index.html;

    client_max_body_size 64M;
    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php8.1-fpm.sock;
    }

    location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        expires 30d;
        add_header Cache-Control "public, no-transform";
    }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt  { log_not_found off; access_log off; }
}
EOF
sudo ln -s /etc/nginx/sites-available/example.com /etc/nginx/sites-enabled/
sudo mkdir -p /var/www/example.com
sudo chown -R www-data:www-data /var/www/example.com
sudo nginx -t && sudo systemctl reload nginx

Enabling SSL with Let's Encrypt

sudo certbot --nginx -d example.com -d www.example.com

Disabling WP-Cron and setting up real Cron

In wp-config.php Add the following value:

define('DISABLE_WP_CRON', true);

Then set up the server cron to run periodically:

sudo crontab -u www-data -e
*/5 * * * * php /var/www/example.com/wp-cron.php > /dev/null 2>&1

Installing WP-CLI and Setting Up WordPress from the Command Line

curl -O https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar
php wp-cli.phar --info
chmod +x wp-cli.phar
sudo mv wp-cli.phar /usr/local/bin/wp

cd /var/www/example.com
wp core download --locale=fa_IR
wp core config --dbname=wp_database --dbuser=wp_user --dbpass='StrongPasswordHere!' --dbhost=localhost --dbprefix=wp_
wp core install --url="https://example.com" --title="وب‌سایت من" --admin_user=admin --admin_password='AdminPass!' [email protected]
sudo chown -R www-data:www-data /var/www/example.com

Caching and speedup

To achieve the highest performance and load reduction, use a combination of OPcache, Redis, and CDN.

• Redis For object cache and session
• OPcache In php.ini with the following settings:

opcache.enable=1
opcache.memory_consumption=128
opcache.max_accelerated_files=10000

Use a reputable caching plugin (e.g. WP Rocket Or W3 Total Cache) and Offload files to CDN and Object Storage is recommended.

Installing Redis (example)

sudo apt install redis-server -y
sudo systemctl enable --now redis
sudo apt install php-redis -y

Then install the Redis Object Cache plugin in WordPress and test the connection.

Operational and web application security

Layered security includes SSH security, firewall, Fail2Ban, WAF, and file permissions.

SSH

Use key-based authentication, change the default port, and disable root login:

sudo sed -i 's/#Port 22/Port 2222/' /etc/ssh/sshd_config
sudo sed -i 's/PermitRootLogin yes/PermitRootLogin no/' /etc/ssh/sshd_config
sudo systemctl reload sshd

Firewall and Fail2Ban

sudo ufw allow 80/tcp
sudo ufw allow 443/tcp
sudo ufw allow 2222/tcp
sudo ufw enable

sudo apt install fail2ban -y
sudo systemctl enable --now fail2ban

Use Fail2Ban for brute-force protection and ModSecurity or a cloud WAF for application protection.

Files and permissions

find /var/www/example.com -type d -exec chmod 755 {} \;
find /var/www/example.com -type f -exec chmod 644 {} \;

To prevent files from being edited from the WordPress dashboard:

define('DISALLOW_FILE_EDIT', true);

Using plugins like WordPress And enabling 2FA is recommended for admin accounts.

Backup & Restore

Recommended strategy: Daily database backups + weekly full site backups + 30-day offline retention. Use snapshots for fast recovery.

MySQL dump command example

mysqldump -u wp_user -p wp_database | gzip > /backups/wp_db_$(date +%F).sql.gz

Full backup with rsync

rsync -a --delete /var/www/example.com/ /backup-server/www/example.com/

Always perform a Restore test regularly to ensure restoreability.

Monitoring and alerting

• Prometheus + Grafana: Monitoring CPU resources, Memory, Disk I/O and PHP-FPM metrics.
• Uptime checks: Check the homepage, login page, and API endpoints with UptimeRobot or synthetic services.
• Log collection: ELK stack or Loki/Promtail + Grafana for analyzing attacks and slow performance.
• Alerting: SMS, email, or Slack for service downs or increased errors.

Protection against DDoS and network layer attacks

Use network-level Anti-DDoS and CDN with rate-limiting and challenge pages to protect sensitive sites with 24/7 access.

You can also consider setting Rate Limit in Nginx or using a cloud WAF.

Database optimization and scalability

• Setting innodb_buffer_pool_size To ~70–80% of DB server RAM.
• Activate slow_query_log To identify problematic queries.
• Use read replicas to reduce read-heavy loads.
• At large scale, separation of services (DB, web, cache, Object Storage).

Tips for specific applications

• Traders: Choose a location close to the exchange/trading server to reduce latency. Use a dedicated trading VPS with low ping and configure the network with BGP.
• Gamers: Gaming VPS with low ping, dedicated servers, and locations close to the gaming community.
• AI and rendering: Graphics server (GPU) for fast inferencing and rendering. Uses high NVMe and high throughput networking.
• Public websites: Focus on CDN, caching, and image optimization.

Final checklist before publication

• SSL enabled and tested
• Real Cron instead of WP-Cron
• Scheduled Backups and Test Restore
• Active monitoring and alerting
• Fail2Ban and WAF enabled
• Object cache (Redis) and OPcache enabled
• CDN for static files and media offload
• Secure SSH access and restrict admin panel with 2FA

Conclusion

Configuring an always-on WordPress site requires the right combination of architecture, security, caching, monitoring, and backup strategy. Using high-performance cloud servers, CDN, Anti-DDoS, and the ability to deploy in over 85 global locations can ensure stability, speed, and security.

Frequently Asked Questions