Infrastructure
Additional layers of WPVIP’s infrastructure are in place to enhance the performance and security of your application environments.
The page cache
The page cache is the first layer of WPVIP’s infrastructure that is encountered by every request made to your WordPress or Node.js environment. The page cache determines whether a request will be served a cached response or if a request must be be routed to an origin server. The default behaviors of the page cache are designed to protect the health of your application by minimizing the number of requests made to your origin servers, while also ensuring that cached content is not stale.
Read more about the page cache
Cached content is served by WPVIP’s content delivery network (CDN). This is a global network of edge cache servers that are each used to store and serve content closest to the end user requesting content from your site.
Read more about the edge cache
The VIP File System
In a typical WordPress installation, uploaded media files are stored in a file system located within the site’s web container. On WPVIP, uploaded files are stored in a separate, external service called the VIP File System. All of the contents of a WordPress site’s /wp-content/uploads/ directory are mapped to the VIP File System.
Read more about the VIP File System
As an external object store, the VIP File System lacks a true directory structure. As a result, most operations on directories (e.g. rmdir()) will not work as expected.
The read-only setting of the VIP File System provides better security against the creation or execution of malicious scripts. However the read-only setting also limits the types of operations and methods that can be used to work with uploaded files. The system /tmp directory should be used to perform operations on temporary files and other local file operations such as extracting and working with ZIP files.
Read more about working with uploaded files
The VIP File System also has built-in services such as automatic conversion of images to next-gen formats, and dynamic generation of requested image sizes. Separate intermediate files (e.g. example-150x150.jpg) will not be generated after your site has migrated to WPVIP. Instead, your images will be served at the registered intermediate sizes on-demand.
Read more about the image file behavior
Shared media files
As part of the “code moves up; content moves down” infrastructure, media files uploaded to a production environment are automatically shared by the VIP File System to its associated non-production environments. This eliminates the need to copy media between environments after a data sync and other similar operations.
Read more about shared media files
Media file exports and imports
A copy of the media files associated with a WordPress environment and stored in the VIP File System can be exported from within the VIP Dashboard for an application.
Read more about media file backups
VIP-CLI can be used to import additional media files to the VIP File System for an environment.
Read more about media file imports
Databases
Each environment in a WordPress application has its own unique SQL database instance. Direct access to an environment’s database is limited. The WP-CLI command wp db query is allowed, but defaults to read-only. A read-only phpMyAdmin console using VIP-CLI can be accessed if you have an Org admin role or an App admin role for the environments application.
Databases for production environments are backed up every hour, including custom tables, and non-production databases are backed up daily. Database backups can be generated and downloaded within the VIP Dashboard for an application or with VIP-CLI.
Read more about database backups
You can use VIP-CLI to import a full database file to migrate a site to the VIP Platform, or import a partial database file to update specific tables.
Read more about database imports
Security
Some security and performance features are automatically implemented to protect and support your application. Security monitoring and firewalls are built in to the infrastructure, and all web containers run in read-only mode..
For WordPress applications, WPVIP has multiple security protections in place to protect against unauthorized access and abuse of the WP Cron, XML-RPC, and login endpoints.
The overall security of any application is not dependent on the infrastructure alone, but on the shared responsibility of all users with access to an application to follow security best practices, and to maintain the quality of the code that is deployed to their applications.
Last updated: November 25, 2024