What plugins do you guys use to sync sites between local dev and production environment? I've been looking for a solid plugin for a long time... but it seems all the free ones are lacking in one way or another.
@Unixfy said:
What plugins do you guys use to sync sites between local dev and production environment? I've been looking for a solid plugin for a long time... but it seems all the free ones are lacking in one way or another.
Although not a plug-in, Softaculous offers push to live from a dev environment. Used it multiple times and worked flawlessly.
@Smarty said:
Some clarifications are to be made:
Any caching wordpress plug-in, works inside wordpress, so in terms of performance php was already called and your answer will be late no matter how well the plug-in is marketed.
I suggest a straight-forward obvious thing: bypass wordpress when your content are static. Even dynamic pages can be cached on an interval basis - to serve cached copy for 5 minutes.
1) wget sitemap.xmls with all urls with timestamps.
2) wget fresh posts and pages into local cache folder.
3) zopfli and brotli them to the maximum extent.
4) Tell your webserver to bypass cache for developers' ips, dynamic pages, etc and use internal redirects to cache for everyone else.
5) Repeat when new content is ready.
That way almost all your posts and pages will be served as usual prepacked static htmls within 1-2 milliseconds with a modern HTTP2 webserver.
P.M. me if you need a custom setup. It works only on vpses and dedis though, where you can configure any software as you like.
Really appreciate you writing all this out, but there was some confusion.. I thought you said you use a reverse proxy cache? So my original question was more what plugin you would use to push to the cache server.
Wp simple cache and nginx fastcgi cache.. but sometimes it did not make any difference compared only with using nginx fastcgi cache..
⭕ A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
⭕ Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.
Really appreciate you writing all this out, but there was some confusion.. I thought you said you use a reverse proxy cache? So my original question was more what plugin you would use to push to the cache server.
So the question is: How to refresh cache from the wordpress?
I tried wordpress hooks but on a different setups I have with many wordpress versions and plugins installed that was not working well. So I ended up with xml sitemap parsing approach. Sitemaps are generated with free or premium yoast seo plugin. They can be generated with other plug-ins as well. Once someone have posted something - it's url and timestamp hits the sitemap. So from time to time my parser checks what we have new and updates the cache.
webserver on the edge node checks if this post or page is present in a cache folder and serve it instantly if cache hit occur. If it's not there - the request is proxied to the current main wordpress setup, which well maybe on another vps and special pre-connected keep-alive https tunnels are used to grab the answer as fast as possible.
It looks quite likely I will be deep diving into wordpress performance optimization this week.
Any free load-testing services still? (multi location simulator, different latency clients)
Loadimpact seems to require signup now. I guess I don't mind. It used to be my quick goto
At a minimum, do use a WP security plugin like Wordfence, free version. Atleast for test sites, for production, consider a paid plan.
Example from this morning.
I got a series of alerts from WordFence for one of our (WP) sites. Wordfence locked the user out. (login via 'admin' was disabled)
tor96.xxx.com
Atleast the alerts informed what was happening, and blocked some of the low level attacks.
Note: the admin account can also be removed altogether, or disable in configuration.
Interestingly,
The xxx.com is
a company that provides "penetration testing, internal network auditing and social engineering services." I wrote to the email mentioned in whois for that ip, lets see what happens.
At a minimum, do use a WP security plugin like Wordfence, free version. Atleast for test sites, for production, consider a paid plan.
Example from this morning.
I got a series of alerts from WordFence for one of our (WP) sites. Wordfence locked the user out. (login via 'admin' was disabled)
tor96.xxx.com
Atleast the alerts informed what was happening, and blocked some of the low level attacks.
Note: the admin account can also be removed altogether, or disable in configuration.
Interestingly,
The xxx.com is
a company that provides "penetration testing, internal network auditing and social engineering services." I wrote to the email mentioned in whois for that ip, lets see what happens.
@bikegremlin said:
My experience with WP caching (TL/DR LiteSpeed is way better than everything I've tried - except the paid only WP Rocket, which is close):
@Smarty said:
It's a good idea to restrict wp-login.php access to your ips/networks so cpu is not wasted by bots trying passwords...
To that end doing an extremely simple .htaccess level user and password cuts down on a huge amount of brute attacks for wp-admin. Cpanel and direct admin I believe even have a simple page for it.
Additionally make sure to remove the "author" listing for posts/pages so it doesn't show up at all. That's how most of that bots get the username assuming you rightfully aren't using something like admin.
Your simple lock out plugin can then do instant blocks on anyone trying to use admin.
Simple stuff but really helps block out a lot of the stuff out there
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
Hmm? Neither. Free plugin afaik?
Ah, but only for websites up to 512mb in size, right?
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
Hmm? Neither. Free plugin afaik?
Ah, but only for websites up to 512mb in size, right?
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
Hmm? Neither. Free plugin afaik?
Ah, but only for websites up to 512mb in size, right?
The Duplicator plugin works well if you are looking to just move a WP site from A to B. Can be used to move from one domain to another as well if needed. I’ve used it a couple of times.
One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.
@vyas said: I use All In One WP Backup, but it recently pooped on backing up my blog when I was moving to a new server.
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
Hmm? Neither. Free plugin afaik?
Ah, but only for websites up to 512mb in size, right?
Well, they so have the unlimited extension which removes the 512mb import limit. So odds are you can backup more than 512mb but not restore without premium version: https://servmask.com/products/unlimited-extension
I still have some very old backup version of the plugin where you could edit the mentioned limit in some config file. It still works, I guess.
@dedipromo said:
One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.
Yes. True. Sites also get impacted by related posts and tags too. If you click on a tag and if it has to search from thousands of posts, the limits will get easily touched. Last night, Hostmants suspended my client account for hitting limits regularly. It was a 3gb ram reseler. But even without utilising the ram, site hits the resource limits and they obviously suspended. I had to run to another cPanel server overnight with the backup they provided.
Googl Analytics shows less than 5000 page views yesterday. It had 9000 views 2-3 days ago. Looking for a generous reseler provider who can accommodate.
@dedipromo said:
One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached.
Yikes. I haven't used WordPress personally in a decade.
I didn't even know they bolted on a search engine.
@dedipromo said:
One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.
Yes. True. Sites also get impacted by related posts and tags too. If you click on a tag and if it has to search from thousands of posts, the limits will get easily touched. Last night, Hostmants suspended my client account for hitting limits regularly. It was a 3gb ram reseler. But even without utilising the ram, site hits the resource limits and they obviously suspended. I had to run to another cPanel server overnight with the backup they provided.
Googl Analytics shows less than 5000 page views yesterday. It had 9000 views 2-3 days ago. Looking for a generous reseler provider who can accommodate.
Comments
All I can tell you is I tested it when considering what to use for https://lowendspirit.com and decided on Grav
https://inceptionhosting.com
Please do not use the PM system here for Inception Hosting support issues.
My experience with WP caching (TL/DR LiteSpeed is way better than everything I've tried - except the paid only WP Rocket, which is close):
https://io.bikegremlin.com/7303/wordpress-caching/
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
What plugins do you guys use to sync sites between local dev and production environment? I've been looking for a solid plugin for a long time... but it seems all the free ones are lacking in one way or another.
Although not a plug-in, Softaculous offers push to live from a dev environment. Used it multiple times and worked flawlessly.
Really appreciate you writing all this out, but there was some confusion.. I thought you said you use a reverse proxy cache? So my original question was more what plugin you would use to push to the cache server.
Sorry for derailing this thread @vyas
Wp simple cache and nginx fastcgi cache.. but sometimes it did not make any difference compared only with using nginx fastcgi cache..
⭕ A simple uptime dashboard using UptimeRobot API https://upy.duo.ovh
⭕ Currently using VPS from BuyVM, GreenCloudVPS, Gullo's, Hetzner, HostHatch, InceptionHosting, LetBox, MaxKVM, MrVM, VirMach.
So the question is: How to refresh cache from the wordpress?
I tried wordpress hooks but on a different setups I have with many wordpress versions and plugins installed that was not working well. So I ended up with xml sitemap parsing approach. Sitemaps are generated with free or premium yoast seo plugin. They can be generated with other plug-ins as well. Once someone have posted something - it's url and timestamp hits the sitemap. So from time to time my parser checks what we have new and updates the cache.
webserver on the edge node checks if this post or page is present in a cache folder and serve it instantly if cache hit occur. If it's not there - the request is proxied to the current main wordpress setup, which well maybe on another vps and special pre-connected keep-alive https tunnels are used to grab the answer as fast as possible.
It looks quite likely I will be deep diving into wordpress performance optimization this week.
Any free load-testing services still? (multi location simulator, different latency clients)
Loadimpact seems to require signup now. I guess I don't mind. It used to be my quick goto
loader.io?
https://tools.keycdn.com/performance bunch of tools
Can also try Redline13. They use your own AWS account in the backend so it's free if you have some AWS credits.
WordPress and Security
This can be a whole new thread in itself!
At a minimum, do use a WP security plugin like Wordfence, free version. Atleast for test sites, for production, consider a paid plan.
Example from this morning.
I got a series of alerts from WordFence for one of our (WP) sites. Wordfence locked the user out. (login via 'admin' was disabled)
tor96.xxx.com
Atleast the alerts informed what was happening, and blocked some of the low level attacks.
Note: the admin account can also be removed altogether, or disable in configuration.
Interestingly,
The xxx.com is
a company that provides "penetration testing, internal network auditing and social engineering services." I wrote to the email mentioned in whois for that ip, lets see what happens.
VPS reviews and benchmarks |
My 2c on: securing a WordPress site, and WordFence configuration/setup (and the performance hampering it does).
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
We use security ninja for some sites. It is a more aggressive version than WF I thought. But not noticed major performance Difference from WF.
Interesting read!
VPS reviews and benchmarks |
It's a good idea to restrict wp-login.php access to your ips/networks so cpu is not wasted by bots trying passwords...
Tried Ghost once, it was fine, pretty fast, but the flexibility you get with WP is just amazing.
The LiteSpeed plugin is AMAZING.
And the Prestashop one is terrific as well!
To that end doing an extremely simple .htaccess level user and password cuts down on a huge amount of brute attacks for wp-admin. Cpanel and direct admin I believe even have a simple page for it.
Additionally make sure to remove the "author" listing for posts/pages so it doesn't show up at all. That's how most of that bots get the username assuming you rightfully aren't using something like admin.
Your simple lock out plugin can then do instant blocks on anyone trying to use admin.
Simple stuff but really helps block out a lot of the stuff out there
I'm also using All In One (Maybe a different plugin - by ServMask) and I've had nothing but success. I had to move a site between servers and reinstalling and importing was easier than correcting a broken config and manually migrating. Never had any issues except some PHP limits that needed changing.
MichaelCee
It works pretty smooth. Have you paid monthly for a commercial license though, or did you get the one-time payment and just move(d) "personal" (non-client) sites?
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Hmm? Neither. Free plugin afaik?
MichaelCee
Ah, but only for websites up to 512mb in size, right?
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Couldn't find anything mentioned.. Mine have likely been smaller either way.
MichaelCee
Will give it a try. AIO worked well till it didn’t
VPS reviews and benchmarks |
The Duplicator plugin works well if you are looking to just move a WP site from A to B. Can be used to move from one domain to another as well if needed. I’ve used it a couple of times.
One thing regarding WP security that I haven't seen anyone mentioning is to cache search results. 100 concurrent GET queries of https://yourdomain.com/?s=somerandomwords will instantly take down almost 95%+ of Wordpress websites, if search results are not cached. Implementing search result caching with WP alone might be difficult; it's easier to set up with a reverse proxy instance in front of WP and then set up per-regex or per-url-structure cache rules.
Easy Website Backup Script: easybackup Extremely affordable FTP backup storage: 1Fichier
One-click CDN installation on your VPS: OneClickCDN
@vyas AIO works smooth, indeed.
Well, they so have the unlimited extension which removes the 512mb import limit. So odds are you can backup more than 512mb but not restore without premium version: https://servmask.com/products/unlimited-extension
I still have some very old backup version of the plugin where you could edit the mentioned limit in some config file. It still works, I guess.
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.
Yes. True. Sites also get impacted by related posts and tags too. If you click on a tag and if it has to search from thousands of posts, the limits will get easily touched. Last night, Hostmants suspended my client account for hitting limits regularly. It was a 3gb ram reseler. But even without utilising the ram, site hits the resource limits and they obviously suspended. I had to run to another cPanel server overnight with the backup they provided.
Googl Analytics shows less than 5000 page views yesterday. It had 9000 views 2-3 days ago. Looking for a generous reseler provider who can accommodate.
✓✓Only shared hosting-both DA and cPanel Still in 2006
Yikes. I haven't used WordPress personally in a decade.
I didn't even know they bolted on a search engine.
What kind of caching do you use on that website?
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
XCloner is really stepping their game up. New website looks good and still, totally free backup&clone website: https://www.xcloner.com/category/features/
Ympker's VPN LTD Comparison, Uptime.is, Ympker's GitHub.