English
Deutsch
 
×
Cybersecurity

Case Study: Secure, High-Performance WordPress System

Architecture Overview: Real-World WordPress Setup with Cloudflare, Varnish (Cache & Routing), and Third-Party Integration

This post presents a real-world infrastructure example used by a major logistics service provider. The system is designed to support a scalable server cluster. However, for clarity and simplicity, only a single-server setup is shown here to explain the core architecture and request flow.

Enterprise Server Architecture Diagram

User Access – How the Website is Reached

  1. A user visits the website.
    The request does not go directly to the server but is routed through Cloudflare first.
  2. Cloudflare as a Shield and Accelerator:
    Cloudflare protects against DDoS attacks, caches static content globally, and ensures encrypted traffic.

    • Origin Pull Certificate: Ensures only Cloudflare can access the server.
    • End-to-End SSL: Guarantees full encryption from the browser to the origin server.

Server-Side Architecture and Request Flow

  1. Nginx (Port 443 – HTTPS)
    Accepts SSL connections from Cloudflare and verifies the origin pull certificate.
  2. Varnish (Port 80) – Caching and Routing
    • HTTP Caching: Responds quickly to frequently accessed content.
    • Internal Routing: Forwards requests to Apache, static content, or APIs as needed.
    • CF IP Validation: Confirms that requests originate from Cloudflare only.
  3. Apache + WordPress (WPMU)
    Handles dynamic page generation when Varnish does not serve cached content. WordPress Multisite manages multiple websites under one core system.
  4. MySQL / MariaDB
    Central database for content, users, settings, and dynamic data.

Server Environment

  • Hosting Provider: Hetzner (Dedicated Server)
  • Operating System: Rocky Linux 9.1
  • Software Stack: PHP 8.2, MariaDB 10.5.16, Apache 2.4.x
  • Network Configuration:
    • Floating IP: 111.111.111.111 (for incoming cloudflare traffic)
    • Static Admin IP: 222.222.222.222 (for secure administration)

Third-Party Integrations

API Connections (Server-Side)

  • Google – for Maps, OAuth, or data sync
  • Hubspot – for CRM, lead tracking, and automation
  • OpenAI – for AI features like chat or content generation

Tracking and Analytics (Client-Side)

  • Google Analytics
  • LinkedIn Pixel
  • Hubspot Tracking Code

These scripts are executed in the user’s browser and do not add load to the server itself.

Security Architecture Overview

Security LayerDescription
Cloudflare CDNProtects against DDoS, filters malicious traffic, and caches globally
Origin Pull CertificateEnsures that only Cloudflare is allowed to connect to the server
End-to-End EncryptionSSL encryption from client to origin server
Cloudflare IP ValidationRejects all direct access attempts not coming from Cloudflare
Static Admin IP WhitelistingRestricts backend access to a fixed IP address

Conclusion

This infrastructure is fast, secure, and built to scale. Varnish acts not only as a cache but also as an internal request router. Cloudflare enhances security and performance by terminating SSL, caching content, and filtering threats. Third-party APIs and tracking tools are integrated efficiently, with minimal server impact. This setup forms the foundation of a reliable enterprise-grade WordPress hosting environment.

Speedtest results from web.dev