[Tutorial] Wordpress slow domestic network speed acceleration and fast CF switching to prevent DDOS attacks

                                                                                                                                                                                 

The following tutorial column of WordPress will introduce to you the tutorial on accelerating the slow domestic network speed of WordPress and preventing DDOS attacks and fast CF switching tutorial. I hope it will be helpful to friends in need!

Recently, a customer said that his website is abroad, but the domestic website is very slow to open, because domestic and foreign users visit more frequently, and they hope to have their website www.pjcourse .com domestic access speed will be improved. Their program uses wordpress. In general, WordPress plug-in templates load a lot of data, even if a caching plug-in such as wprocket is installed, js, css compression, or database optimization is performed. In fact, the speed of the website will not be greatly improved.

After some simple analysis, I plan to move their website to the cn2 gia line space provider. This may be the fastest way to improve the website speed. The following is some of my practical sharing, and how to quickly switch data when the website is attacked.

Note: Although this machine is placed abroad, the probability of Baidu spider crawling errors such as 403 is almost non-existent.

1. Analysis of the current website situation

Before the website was relocated, the space was placed in Digitalocean, and the CDN was cloudflare. Although digitalocean is a very good space provider abroad, for domestic users, cloudflare is used for access, so the speed is still very slow.

In addition, although it is possible to use separate line dns for analysis, the operation will be more troublesome. So this article does not discuss it.

Through the incognito browser chrome, it can be seen that it takes 6.35 seconds to fully open. The early rendering took 4.46 seconds.

In addition, it can also be seen through the webmaster home speed test. Telecom lines are slightly faster. However, the speed of China Unicom and China Mobile is obviously more than 4 seconds.

# 2. Website relocation

Regarding the choice of space provider, in fact, as long as Choose the right stable space and good lines. Basically everything is possible. What I choose now is cn2 gia ecommerce which is used by bricklayers. The biggest advantage of cn2 gia is that access to all three domestic networks is very fast. And this space quotient is also the most stable speed. My current quarter is $49.99, which is actually equivalent to $16 a month.

SSD: 20 GB RAID-10

RAM: 1 GB

CPU: 2x Intel Xeon

Transfer: 1000 GB/mo

You can choose different hosts according to each person's situation. However, it is recommended that you do not need to buy a particularly good host when the traffic is not very large at the beginning. You can expand the capacity later.

##1. Operating system selection

I am using ubuntu 20.04. php 7.4 nginx mysql. Why choose this? Because php 7.4 is 30% faster than php 7.2.

##2. Command line

Why not use Pagoda? Because there was a big loophole in the pagoda some time ago. And for this part of the website, I feel that it is better to use other third-party tools as little as possible. In addition, the VPS you build can also be as clean and tidy as possible. Fewer external programs.

The following command line is based on ubuntu 20.04. Just follow the command. Basically nothing wrong.

ssh root@... -p port number

The asterisk above is IP address. -p is the specified port. Because the default ssh port of Bricklayer is not 22, it needs to be specified here.

Step 1: Install nginx

sudo apt update

sudo apt install nginx

Step 2: Turn on the firewall

sudo ufw app list

sudo ufw allow 'OpenSSH'

sudo ufw allow 'Nginx HTTPS'

sudo ufw allow 'Nginx HTTP'

sudo ufw enable — After typing this command, you will be prompted that the ssh connection may be interrupted. Just enter y and press Enter.

Step 3: Install mysql

sudo apt install mysql-server

sudo mysql_secure_installation (This step is optional, this is a security script).

Enter y and press Enter, select 2, the strongest password, and enter a new password. This password is the root password of mysql.

Then select y for all. One is to remove anonymous users, the other is to prohibit database root remote login, and the last is to remove the test database.

Finally choose y. The script takes effect immediately. ############

Step 4: Install php module

sudo apt install php-imagick php7.4-fpm php7.4-mbstring php7.4-bcmath php7.4-xml php7.4-mysql php7.4 -common php7.4-gd php7.4-json php7.4-cli php7.4-curl php7.4-zip

This is a command, just copy the entire code. This basically contains all the modules that WordPress can use.

sudo systemctl reload php7.4-fpm nginx (restart and load configuration)

Step 5: Move the website data over

Because my website is WordPress, your website may be written by another program, so the content is different. I won’t write it down here. In addition, remember to make nginx.conf

server {
listen 80;
server_name your_domain www.your_domain;

root /var/www under the /etc/nginx/sites-enable/ directory /your_domain;

index index.html index.htm index.php;location / {
    try_files $uri $uri/ =404;}location ~ \.php$ {
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
 }location ~ /\.ht {
    deny all;}

Replace your_domain in the configuration file with your domain name ****.com

Step 6: Configure and install ssl

SSL I use let's encrypt.

sudo apt install certbot python3-certbot-nginx

sudo certbot –nginx -d example.com -d www.example.com

Replace example.com with your own The domain name of the website. If there are multiple subdomains. Just add it yourself.

Please note here that you must first point the dns to the current VPS, otherwise the configuration will not be successful, if you are using Cloudflare. To turn off CDN.

See the last sentence. Congratulations! Your certificate and chain have been saved at:

, which means the installation is successful.

This certificate is valid for 90 days, but certbot will run two systemd timers every day to check the validity of the certificate and automatically renew the certificate. You need to check if the timer is valid.

sudo systemctl status certbot.timer

The output result is as follows, which means it is normal.

● certbot.timer - Run certbot twice daily
Loaded: loaded (/lib/systemd/system/certbot.timer; enabled; vendor preset: enabled)
Active: active (waiting) since Mon 2020-05-04 20:04:36 UTC; 2 weeks 1 days ago

Trigger: Thu 2020-05-21 05:22:32 UTC; 9h left

Triggers: ● certbot.service

##3. Test the network speed of the new website

Directly use domestic telecommunications to access the website, and the website opening time has been significantly improved. Compared with the previous speed, it has been increased by about 2-3 times. And this is the speed at night. The access speed at night is not affected at all.

Except for the address marked in red, the dns resolution has not yet taken effect, and the other IP speeds that have taken effect are obviously opened within 2 seconds.

##4. Prevent DDOS attacks and quickly switch between attack and defense with cloudflare

##Here I am It is recommended to use cloudflare to configure your website. By default, CDN is not enabled. That is, the domain name points directly to the IP. However, if you encounter DDoS and other attacks, it is recommended to immediately turn on the cloudflare proxy and point the IP to your backup clone space. Because the IP is hidden and a large amount of attacker's attack data will be filtered by Cloudflare, your website can be restored in just a few minutes as long as the response is timely.

In addition, you can locate your attack source IP through the access.log access log. And directly filter suspicious IPs in cloudflare's firewall. For example, use blocking access or verification codes to locate attackers. And the cf option can also block entire countries.

Also, enable under attack mode. Effectively blocks small and medium-sized attacks.

Article source: www.pjcourse.com###

The above is the detailed content of [Tutorial] Wordpress slow domestic network speed acceleration and fast CF switching to prevent DDOS attacks. For more information, please follow other related articles on the PHP Chinese website!