Ready to take the dive and modernize WordPress with Docker?
Long story short, it can be definitely be worth it depending on your use case. From our experience, you can save yourself hours, or really over-engineer and dig yourself a hole.
- Hardening of Apache & NGINX included
- Disabling of XML-RPC
- Preventative access to sensitive version control or CI files
- Protection against other common attacks
See our Apache security.conf for more detail.
We're very grateful for WordPress, and it even runs our blog for Server Side Up. The only downside with WordPress is it has a lot of history with it. That means the core was written with in a mindset before all of the fancy and flashy methods that we have today.
The most important thing you need to remember is always try to do things "The WordPress Way".
The more you work with it, the less you are fighting the platform.
Introducing modern toolsets to WordPress may allow you to get WordPress up and running, but severely limit you to the rest of the community tools.
This could be things like (but not limited to):
- Using NGINX as the web server
- Deploying updates by packaging WordPress into a Docker Image
- Using too new of a PHP version
- Using Roots Bedrock to modernize your development flow
We've tried all of these above and we learned that most of the plugins that we relied on had issues with this.
We embrace these principals:
- Always do things "The WordPress Way"
- Keep plugin installation to a minimum
- Always use Apache as the webserver
- Only commit your own source code (not WordPress core or another plugin)
We run WordPress in production on Docker Swarm using:
- Traefik (handles SSL automatically with Let's Encrypt)
- Our PHP-Apache image (this is optimized for WordPress)
- MariaDB (the "non-Oracle" alternative to MySQL)
We attempted to deploy WordPress with rolling updates (like we do with Laravel) by packaging WordPress into a Docker image use the Roots Bedrock framework, but we ran into a ton of issues with community plugins.
Our most stable solution (following "The WordPress Way") is to:
/var/www/htmlof the container to the host
- At the host container, run an SSH
git pullfrom our CI system
Ugly, but it works 🤷♂️
We included an example repository that makes it easy for you to clone down and get started.