10.11.2021

WordPress and large projects: how to do it right?

  • #Knowledge

Introduction

Bringing Your Project to life is often referred to as a journey. How about taking those words literally by looking at software development as a logistical challenge. We have a starting point and an end goal, now we have to think about how to get there with as few problems on the way as possible.

Let’s say that we have an extremely large load that needs to be carried overseas. Obviously, a container ship is the first means of transportation that comes to our mind. For Big Data software projects, C# or Python is the IT equivalent of a container ship. Technologies developed to handle complex operations at high volume. Even the current logistic crisis and the lack of developers is in its core similar. A lot of work to be done, and not enough resources to do it.

What if we want to go on a holiday from Europe to Indonesia. We can choose both air and sea to get there. Unless we want to stop on the islands along the way, the sky is definitely our first choice. A fast and cost-effective way to visit a „fancy” exotic place. So Air travel in the software World could be looked at like developing in Java. It gets You further and faster to more unique experiences. But not everyone can do it, and with smaller projects, it’s like hunting mosquitos with a rifle.

But what if we want to go on a family holiday that is no more than a few hours' drive away. Then roads or train tracks are the obvious first choice. Land travel is like E-commerce. You know how to get there and the objective is clear. You only need to choose the vehicle and the driver. Cars, trains, and busses could be the IT equivalent of open source solutions like WordPress. Now imagine that Tesla has made a Campervan with an auto-drive system? Wouldn’t that be awesome for family trips? That is what we offer You at Develtio, the best solution for e-commerce projects. An easy-to-use, comfortable and cost-effective technology set up, that allows Your website or marketplace to thrive.

Table of contents

The goal of this article is to provide You with all the information You need to have before deciding on WordPress as your tech stack. I encourage You to continue reading if You want to find out more about:

  • The Good, The Bad, and The Ugly of WordPress and WooCommerce.
  • Should You choose WordPress to develop Your Project?
  • How to enhance WordPress to make it safer and more efficient?
  • Key features and solutions for WordPress and WooCommerce hosting.

We will try to use a voice that is friendly to any non-technical person, but some insight into the details is needed to provide You with a full picture.

Let’s start with the most basic of questions:

What is WordPress?

WordPress was developed as a blogging platform in 2003, and at first, that’s exactly what it was. Come 2021 and this CMS became responsible for more than 50% of all websites listed on the Internet. Scaling of that magnitude was made possible due to two key factors: accessibility, and popularity. Being an open-source solution written in PHP means that there are thousands of engineers that are constantly working on its code, some make it better, some make it worse. That’s why it’s good to have basic knowledge about the pros and cons, and when in doubt, ask for help from specialists.

WordPress pros

  • It’s „Open Source” which means it’s developed by hundreds or even thousands of programmers.
  • Globally tested by countless users and security experts.
  • This platform is commonly known by programmers. That’s why You will never have problems with finding engineers that can work with it.
  • A platform known by users, launching into new markets will be faster and easier because WordPress is known and liked all over the world.
  • The qualities stated above make the preparation of WordPress-based software cheaper than a dedicated solution built from the ground up.

WordPress cons

  • Fast escalation of security gaps due to the global nature of the solution.
  • WordPress as a very versatile software had to use a general database structure that is not as optimal and efficient as it could be. This translates into poor performance (There is a solution and we cover it in this article)
  • Any software, based on any programming language can be inefficient. WordPress has a slightly worse opinion in this regard only because it has a low entry threshold and more inexperienced developers work with it. So there is a mental barrier to choosing WordPress hosting or WooCommerce as a dedicated tech stack.

What is WooCommerce?

In essence, WooCommerce is a WordPress plugin that allows you to transform your website into an e-marketplace with a wide range of functionalities. It was created in 2011 and has been steadily gaining in popularity since then. The plugin saw its highest rise in download numbers during the Covid pandemic, where we all saw a rapid shift towards online shopping. Today it is currently the most popular e-commerce solution globally.

WordPress and Woocommerce – is it effective?

The question that most of You came here for: Can WordPress handle large projects? And as a respected software engineering company, we will answer as any good engineer should – it depends. ;)

We have seen stores that are struggling with servicing 1000 clients a month and we’ve seen brands that easily handle millions of operations year upon year. The difference is in the approach. Just because anyone can use WooCommerce, doesn’t mean that anyone should. Just like driving a car. Anyone is able to drive. But to do it safely, you need to know the route, and to do it efficiently, You need experience. At Develtio we believe to have both, that’s why we share our knowledge with You.

Here it’s starting to get technical, brace Yourself.

WordPress + Woocommerce solutions powered by Develtio

WordPress performance

WordPress does indeed have performance issues in its basic version, but these are an issue for engineers with insufficient programming knowledge. In extensive projects, we use three basic mechanisms that allow us to freely develop software without worrying about performance.

  • Separate databases and tables for selected content. We don’t have to use the default database configuration at all. At Develtio, we have developed methods to keep selected data in separate tables, designed by us, according to the best index standards. We can even exclude some data into separate databases to make it easier for us to scale the solution.
  • We use ElasticSearch, an incredibly efficient search engine, for our search mechanisms. This way, we completely remove this obligation from WordPress and relieve the main database.
  • We also use Redis as an advanced and efficient cache system. The users of our website do not burden the main database because all information they see on the browser is stored and served by Redis – software that is intended for such purposes.

These few rules above completely eliminate the shortcomings of WordPress. At the same time, such software as ElasticSearch or Redis are well-known solutions widely used by many engineers. There are no exotic elements or shortcuts here.

Looking for proof of our in-depth knowledge of the structure of the WordPress database, we need to mention the fact, that at Develtio we have developed a proprietary method of real-time data migration between different databases. This is a unique for the entire industry solution based on WordPress and WooCommerce. This allows us, if required, to update the designed website in the future without having to turn it off for long hours to update. While the updates of the code itself are not demanding because we use the GIT versioning system, similar systems for databases do not exist. Develtio has developed its own solution, thanks to which data migration usually takes a few seconds and solutions prepared by our team of developers are implemented without the need to stop the production website and without losing any data. Without the need to replace the database.

WordPress security

For our applications, we use Bedrock, software that is based on WordPress but envelops it with additional mechanisms. It focuses mainly on additional methods of data encryption and hiding certain elements from direct access from the Internet, apart from the so-called DOCUMENT ROOT. As a result, even if the software used has some security flaws, it cannot be taken advantage of because there is no direct access to the files exploited by the vulnerability.

In addition, we work with external companies responsible for security audits. Based on this experience, we have introduced a number of corrections and improvements to WordPress, which additionally secure the projects we prepare.

WordPress infrastructure

It is very difficult to predict the specific hardware needs like processors, disks, RAM, etc. This is only possible somewhere in the middle of the development process. We mention infrastructure only to assure you that the proposed solution will not impose any special requirements in relation to other possible solutions, e.g. the Symfony framework and PostgreSQL or any other database.

What we are trying to say is, there are no additional hardware-related costs when applying our WooCommerce solutions.

Bedrock for WordPress Development

The sites we deliver are based on solutions that provide enhanced security for WordPress infrastructure (Bedrock from Roots). This solution allows the hiding of security-critical files from URL-level access. Additionally, each site has disabled the ability to auto-update WordPress core, plugins and template through WP configuration. We also prevent editing files from the admin panel level, and (in case of security-critical projects, or at the client’s request) we secure and restrict access to the admin panel area on the server configuration level.

Additionally, with the time passing since the launch of the website, we perform periodic manual updates of plugins and WordPress core. Thanks to the fact that these works are done „on-demand”, we do not allow circumstances, where there are plugin version conflicts or some functionality, and the whole App stops working. In case of plugin version conflicts or lack of critical functionality, we are able to immediately repair the non-functioning elements. Due to the fact that we properly secure our sites, we do not allow for the situation of using security gaps in plugins (and other elements from external providers) already on the server, architecture and backend elements level.

Bedrock for WordPress password policy

Bedrock provides us with an improved method of encrypting passwords in the database. This ensures that even if someone unauthorized breaches the database they will not know the passwords. In pure WP it is similar, but Bedrock provides better hashing methods, stronger, harder to break security.

In addition, we also use the following if needed:

  • Enforcing a password structure e.g. at least one number and one special character, minimum 8 characters
  • Forcing regular password changes e.g. every month
  • Confirmation of the login by e-mail and rewriting the one-time code
  • Introducing 2FA authorization

Advanced Custom Fields Pro (ACF Pro) – WordPress plugin

This plugin has no secrets and every functionality can be created in it. This is WordPress with a modified file structure and some other improvements. This doesn’t affect in any way the functioning and maintenance of WordPress and provides more pleasant work, the ability to run the project on CI/CD platforms and guarantees greater security. Once we are on CI/CD topic, we have implemented this process and our clients can keep track of the progress of our work because the test environments start automatically as soon as the developer releases the new functionality for testing.

WordPress Gutenberg

With WordPress 5.0 interface solutions you can easily edit your site. There is no standard WYSIWYG editor (kind of like Word) but the site is divided into blocks that we can freely drag and edit the content. Most often we create a solution based on ACF Blocks (part of the previously mentioned ACF Pro plugin) and Gutenberg which allows us to combine the advantages of both solutions.

Sage WordPress framework

Sage is a very cool template for Your projects. It has lots of basic settings that make the developer’s life easier, bring order and clear rules.

Thanks to the use of Sage, he gets the possibility of easier management of MVC architecture based apps. Even if Sage does not fully implement the benefits of MVC, it significantly simplifies the development of the project. The Gutenberg fragmentation of elements into reusable modules and the division of the code into logical parts, allows you to separate the business part from the view part.

Sage significantly facilitates work on multi-person projects, or those where the degree of complexity exceeds the standards.

WordPress Redis Object Cache

Redis is a widely used cache server. It’s not something dedicated to WordPress. It’s used in all other web projects, regardless of technology (not only PHP). This tool has one main task: to store some information in its own database and next time some user needs it, to return it extremely fast, saving the original database (which is slower by itself, and by the way every query of it increases its load). So some of the traffic is handled directly by Redis.

More inspirations here: https://alphaefficiency.com/sage-framework-wordpress 

WordPress database structure – how to manage it?

WordPress has its own inefficient database structure – it’s universally designed, so it can’t be optimized. However, we can build our own tables in the database, designing them according to best practices, optimizing them, etc. Then retrieving data from such tables is much faster and more efficient. You just need to keep this in mind at the beginning of working with WordPress because we need to design these custom tables at the very beginning.

In Develtio we have additionally developed a plugin that allows us to easily work with separate databases. This means that we can offload part of the data to a separate database (or even databases) distributing the traffic and load across multiple servers. This is an extremely attractive solution because, as is well known, scaling databases is very difficult.

What is ElasticSearch?

We already mentioned this tool before calling it an incredibly efficient search engine, and it is exactly that. Online marketplaces with high quantities of products can cut the search query time by using Elasticsearch in WordPress.

Elasticsearch is a distributed, free and open search and analytics engine for all types of data, including textual, numerical, geospatial, structured, and unstructured.

elastic.co

We use it with our products because it also gives the possibility of comprehensive data searching almost in real-time. Not only via a classic search, but also advanced grouping or filtering according to instructions. When we add, that the work model is distributed and the REST APIs, it becomes one of the best search engines out there.

Why should you integrate WordPress with ElasticSearch?

This is all about efficiency, and WordPress combined with elastic search can do wonders. If You want Your website to work smoothly you need an efficient search engine. Especially when we are dealing with e-commerce, where client experience is a key factor. To make a sale, You need to clear any obstacles out of Your customers' way.

Providing a valid search query experience is one of the challenges while building your website. Especially when after creating Your online marketplace, it reached a scale that You didn’t think possible. WordPress originally hasn’t got a high-quality search engine that could handle complex queries of high volume. So if You want the search experience of your visitors to be a pleasant one integrate WordPress with Elasticsearch.

How to Integrate WordPress with ElasticSearch?

At the beginning of the integration process between Elasticsearch and WordPress, we need to determine what items we want to search and according to what values. Our aforementioned plugin, that allows to scale and split databases also allows to specify which of the WordPress „post-types” to sync with Elasticsearch. We can specify whether elasticsearch is to be linked to default posts, WooCommerce products, or maybe our custom-post-types.

After determining which elements are to be synchronized: titles, content and, for example, the meta-tags of a given entry, the data synchronization begins. Elasticsearch creates indexes for all the content specified by us, and the synchronization progress can be viewed in real time in the official Kibana tool.

Thanks to the integration of our solutions, each edit, deletion or saving of a new element on the WordPress side is immediately synchronized with Elasticsearch. The synchronization status can be previewed directly on the entry page and repeated in case of problems.

Full-text search and retrieval of a list of matched items occurs at the level of WordPress default search hooks and generally does not require code integration. For the convenience of programmers, our solution also provides a package of tools and functions that allow you to manage the synchronization status and trigger searches from the code level.

Thanks experience gained while working on advanced projects, we have added the possibility of integration with any number of Elasticsearch instances, and the ability to scale the architecture associated with WordPress.

Continuous Integration & Continous Delivery Process (CI/CD)

Automatically built test environments. When a developer adds his changes to the GIT repository, an automatic process that takes a couple of minutes starts. Its task is to run the current version of the project on our test server. After a while, everyone has access to the latest version of the software, after the latest updates. Advantages:

  • Changes are available very quickly for testing
  • We avoid human errors
  • Save time
  • You can also connect other elements like running automatic tests that verify if the application works correctly

In Develtio we have developed it in such a way that each branch from GIT repository can have its own separate environment. Branches are separate branches of code on which developers can work independently, without disturbing each other and only then merge their changes into one. However, before the merging stage, thanks to the multiple environments, it is easy to test changes in completely separate tasks and decide which changes should go to the production service and which still need to be corrected.

The whole solution is based on Dockers, which lightweight and fast containers allow you to build a perfect production environment (or at least very close to the production one) on our test server as well as on computers of the developers who build the application (they use the same mechanisms, the same Docker containers). This is a very flexible solution that allows you to separate multiple environments from each other and maintain them on a single server. At the same time, it can be considered as documentation of the application requirements, because Docker configuration files hold information about the application requirements.

What is a CDN? How does a CDN Work?

CDN is a versatile method for storing static files (e.g. product images) on other servers and offloading the main server. We use a paid service that stores these files in many places around the world and the user gets these files from the server that is closest to him. Everything works faster thanks to such features as server limits in handling the number of requests per second, browser limits, asynchronous downloading.

Ideal architecture for high-performance server and WordPress-based applications

Wordpress architecture

Summary

For our development on WordPress, the main plugin we use is ACF Pro or Gutenberg technology, Redis for the Cache and ElasticSearch to make search super fast.

Thanks to that WordPress will be in our solution a base, easy-to-use CMS to operate the application, but separate services, optimized for security and performance, will be responsible for presentation and data transfer.

At the same time, the technology stack listed by us is nothing out of the ordinary. These are not our own solutions but generally accepted standards. So will be very easy to further develop such applications in the future. Our strong point is that we know all of them and know how to mix them together to make a perfect e-commerce cocktail.

Contact

Similar posts:

What Is React Native?

23.09.2021

What Is React Native? Is React…

  • #Knowledge
  • #Talks

09.09.2021

Why Use Symfony Framework for Your…

  • #Knowledge
  • #Talks

22.06.2021

Billing models in IT – Fixed…

  • #Knowledge
  • #Talks