It’s an exciting time in the WordPress community, with the release of Calypso, a successful inaugural WordCamp US, and WordPress now powering 25% of all websites. Maturation of the WordPress REST API is enabling the decoupling of the content management layer from the display layer, which has the potential to further drive adoption; larger teams can write independent code that communicates via the API, reducing blockers and accelerating feature releases. At the same time, the entire Web is poised to undergo a metamorphosis, as HTTP/2 begins to fundamentally change how content is delivered.
While these developments offer tremendous potential for those of us who work with WordPress for a living, I think there are some important considerations to keep in mind as WordPress and the Web move into a new era of maturity and possibility.
Using a CDN with DDoS protection is increasingly important
We recently started testing a CDN service that offers DDoS protection and mitigation for this site. While we hardly consider ourselves a high-profile target, the number of attacks reported by service is astonishing (more than a dozen every day, sometimes double or triple that). The majority are attempts to exploit known vulnerabilities in WordPress plugins (or other common web applications), such as those listed in the WP Vulnerability Database. Exploit mitigation (or at least, notification) at the CDN layer provider is compelling.
In addition to protection from known vulnerabilities, CDNs are vital to accommodating significant burst traffic, and eliminate the effort involved in hosting sites in multiple datacenter across the world. Instead of scaling your servers to manage exponential traffic as a story goes viral or an online catalog gets slammed on Cyber Monday, the work is offloaded to the CDN and its network of edge servers.
Of course, a CDN might not speed up your site–in fact, it can do just the opposite if you start serving up your site over HTTP/2 and you’re using “best practices” for optimizing your site for HTTP1.1.