Overview

Here's the course content overview. Note that some sections are still being worked on and will be published soon. Enroll today to keep track of your progress.

You will define what production ready means for your site. You will set up a project repository for configs, scripts, and docs. You will get a domain to use with this project and leave with a launch day checklist.

Skills, tools & expectations

Goals for this course: What is production-ready?

Obtaining a domain and pointing DNS to Cloudflare

Creating a Git repository for configs and more

Launch-day checklist

You will learn about various types of hosting services and how to interpret CPU and storage specs. You will also look at OS distributions and images. You will provision a new virtual or dedicated server, add appropriate DNS records and pull your config repository using SSH.

Types of web hosting services

CPU core count and frequency

Storage options and performance considerations

Linux distributions, OS images and ISOs

Provisioning a VPS for WordPress with DigitalOcean

Provisioning a dedicated server for WordPress with Cherry Servers

Configuring DNS and SSH, pulling in your config repository

You will put safe defaults in place from day one. You will create a non-root user, tune SSH and sudo, install and configure fail2ban to reduce brute force attempts, and enable a simple firewall that allows only required services. You will also enable unattended security updates and configure logrotate.

Create a non-root user with an SSH key and sudo

Two-factor authentication for SSH

Installing Fail2Ban for SSH bruteforce protection

Creating and maintaining a firewall configuration

Rotating log files with Logrotate

Enabling unattended security upgrades

You will install Nginx and PHP-FPM, configure them for WordPress, set sane limits for workers and resources, route traffic securely via Cloudflare, verify your PHP configuration, log real client IPs, and manage logs with logrotate.

Installing Nginx

Installing PHP-FPM

Understanding your sites configuration layout

Creating the PHP configuration

Nginx configuration for WordPress

Routing your domain securely via Cloudflare

Reviewing your configuration with phpinfo()

PHP-FPM and Nginx logging

You will install MariaDB, understand its configuration and data files, tune InnoDB, create a dedicated database and user for WordPress, enable and analyze the slow query log, and install phpMyAdmin securely behind SSH.

Installing MariaDB

Understanding the MariaDB configuration and data files

InnoDB configuration options

Enabling MariaDB's slow query log

Creating a MariaDB user account for your WordPress application

Installing and securing phpMyAdmin

You will install WP-CLI and use it to install WordPress core, disable dangerous commands with YAML, configure system cron for WP-Cron, and set up logging for WP-CLI errors, cron runs, and commands.

Installing and maintaining WP-CLI

WP-CLI YAML Configuration

Installing WordPress with WP-CLI

Running the WordPress Cron via CLI

Logging in WordPress and WP-CLI

You will install Postfix and configure it to relay email through an SMTP service of your choice. You will then make sure PHP is configured to relay mail through the postdrop service. You will verify delivery and health of a test email from wp_mail().

Understanding email

Configuring Amazon SES SMTP

Configuring Postfix relay for third-party SMTP

Using wp_mail() and mail-tester to verify mail delivery health

Understanding Postfix logs and configuring logrotate

You will install and configure Redis for object caching in WordPress. You will also install a page caching plugin of your choice. You will also ensure you can measure response times, and easily find the slowest requests from your server logs. You will run some load test against your application.

You can install any caching plugins you want

Measuring and logging the PHP response time with Nginx

Option A: Installing Redis and the Redis Object Cache plugin

Option B: Installing Memcached and the Memcached Object Cache plugin

Running a before/after load test to measure object caching impact

Page caching in WordPress, the role of advanced-cache.php

Option A: Configuring Batcache for page caching

Option B: Installing Surge for page caching

Option C: Installing WP Rocket for page caching

Verifying page cache headers and logged-in functionality

Running a before/after load test to measure page caching impact

You will configure fail2ban for bruteforce protection against common attack vectors in WordPress: including application passwords, XML-RPC and wp-login.php. You will update your Nginx configuration to ensure sensitive files remain private and enable rate limiting. You will write some helper scripts to determine and quickly ban bad actors from server logs.

Identifying common attack vectors for WordPress

Writing a mu-plugin to log login attempts

Using fail2ban for bruteforce protection

Denying access to sensitive files with Nginx

Rate-limiting PHP execution

Writing a helper script to identify bad actors from server logs

Using a script to quickly ban IPs

Using a script to deny access to URL patterns

Installing and running ClamAV for malware scanning

You will determine everything that needs to be backed up. You will create scheduled jobs to perform on-site backups, and ship them to an off-site location. You will configure a retention policy to delete old backups. You will also learn how to quickly make on-demand backups and explore existing backups.

Making a list of what needs to be backed up

Using mysqldump to create database backups

Using rsync to create files backups

Using tar and gz to archive and compress backup files

Deleting old backups

Installing S3 CLI and shipping backups off site

Creating and testing a restore plan

You will ensure all your services can survive a server reboot. You will create alerts for various system resources and spikes in errors, high response times, slow queries, email delivery errors and more. You will also set up a third-party uptime monitor.

Installing and configuring Monit

Sending email when things go wrong

Monitoring your Nginx service

Configuring Monit for MariaDB/MySQL

Using Monit to monitor your PHP-FPM service

Monitoring Postfix using Monit

Monitoring site-specific functionality with Monit

Accessing the Monit GUI/HTTP dashboard

You will learn how to schedule core, theme and plugin updates. You will also write and test a helper script to roll back updates when things break. You will learn how to put your site into maintenance mode to perform PHP and MariaDB upgrades.

Reloading and restarting services

Using WP-CLI to work with WordPress core, themes and plugins

Using WP-CLI to reset user passwords when locked out

Removing banned IPs in fail2ban, maintaining a whitelist

Running things while you sleep

Maintenance mode with Nginx

Upgrading PHP

Upgrading MariaDB

Upgrading Nginx

OS updates and distribution upgrades

Advanced modules

We're working on a set of advanced modules as well. These will cover topic like: Deploying & CI/CD pipelines, Multisite and multiple sites, staging and migrations, disaster recovery, Docker containers, more caching and performance strategies.

Feedback & partnerships

If you have any questions or feedback about this course, and for partnership opportunities, please email hi (at) wpshell (dot) com.

Overview

Module 0. Orientation

Module 1. New Server

Module 2. Server Hygiene

Module 3. PHP & Nginx

Module 4. MariaDB

Module 5. WordPress

Module 6. Email Delivery

Module 7. Caching & Performance

Module 8. WordPress Security

Module 9. Backups

Module 10. Monitoring

Module 11. Maintenance

Advanced modules

Feedback & partnerships