How scalable is WordPress

Scalable and secure WordPress website in Azure

This example scenario is aimed at companies that require a highly scalable and secure installation of WordPress. This scenario is based on a deployment that has been used for a large convention that has successfully scaled up to accommodate the peak session loads on the site.

Relevant use cases

Other relevant use cases include:

  • Media events that cause rapid traffic growth
  • Blogs that use WordPress as a content management system
  • Businesses or ecommerce websites using WordPress
  • Websites created with other content management systems


This scenario involves a scalable and secure WordPress installation that uses Ubuntu web servers and MariaDB. In this scenario there are two different data flows. The first of these is user access to the website:

  1. Users access the front-end website through a CDN.
  2. The CDN takes an Azure load balancer as its origin and pulls any non-cached data from there.
  3. Azure load balancer distributes requests to the virtual machine scale sets of web servers.
  4. The WordPress application pulls dynamic information from the MariaDB clusters, all static content is hosted in Azure Files.
  5. SSL keys are stored in Azure Key Vault.

With the second workflow, authors contribute new content:

  1. Authors establish a secure connection to the public VPN gateway.
  2. VPN authentication information is stored in Azure Active Directory.
  3. A connection is then made to the administrator jump boxes.
  4. The author can then connect to the Azure load balancer for the authoring cluster through the admin jump box.
  5. Azure load balancer distributes traffic to the VM scale set from web servers that have write access to the MariaDB cluster.
  6. New static content is uploaded to Azure Files and dynamic content is written to the MariaDB cluster.
  7. These changes are then replicated via rsync or replication between the primary and secondary devices in the alternate region.


  • Azure Content Delivery Network (CDN) is a distributed network of servers that efficiently deliver web content to users. CDNs minimize latency by storing cached content on Edge Servers in point-of-presence (POP) locations near end users.
  • With virtual networks, resources, e.g. virtual computers, can communicate securely with each other, on the Internet and with local networks. Virtual networks enable isolation and segmentation, the filtering and routing of traffic, and the establishment of connections between sites. The two networks are connected via VNET peering.
  • Network security groups contain a list of security rules that allow or deny inbound or outbound network traffic based on IP address, port, and protocol (for the source or destination). The virtual networks in this scenario are protected by network security group rules, which restrict the flow of traffic between the application components.
  • Load balancers distribute incoming traffic according to the rules and health tests. A load balancer provides low latency and high throughput and can scale to millions of data flows for all TCP and UDP applications. In this scenario, load balancer is used to distribute traffic from the content delivery network to the front-end web servers.
  • Virtual machine scale sets allow you to create and manage a set of identical load balanced virtual machines. The number of VM instances can be automatically increased or decreased as demand changes, or a schedule can be set. In this scenario, two separate virtual machine scale sets are used - one for the front-end web servers that serve content and one for the front-end web servers that are used to create new content.
  • Azure Files provides a fully managed file share in the cloud that hosts all WordPress content in this scenario so that all virtual machines have access to the data.
  • Azure Key Vault is used to store passwords, certificates and keys and to strictly control access to them.
  • Azure Active Directory (Azure AD) is a multi-tenant cloud-based directory and identity management service. In this scenario, Azure AD provides authentication services for the website and the VPN tunnels.




The VM instances in this scenario are deployed in multiple regions. The data is replicated between the two via rsync for the WordPress content and via replication between the primary and secondary device for the MariaDB cluster.


This scenario uses VM scale sets for the two front-end web server clusters in each region. With scale sets, the number of VM instances running at the front-end application tier can be automatically scaled in response to changing customer demand or based on a defined schedule. For more information, see Overview of Auto-Scaling with Virtual Machine Scale Sets.

The back end is a MariaDB cluster in an availability group. For more information, see the MariaDB cluster tutorial.

For additional scalability issues, see the Scalability Checklist under Scalability in the Azure Architecture Center.


All virtual network traffic flows through the front-end application layer and is protected with network security groups. Rules are used to restrict the flow of traffic so that only the front-end application tier VM instances can access the back-end database tier. No outbound internet traffic is allowed from the database tier. No ports are opened for direct remote management to reduce the attack surface. For more information, see Azure Network Security Groups.

For general information on developing secure scenarios, see the Azure security documentation.


This scenario uses Azure load balancers combined with multiple regions, data replication, and virtual machine scale sets. These network components distribute traffic to the connected VM instances and integrate integrity tests to ensure that traffic is only distributed to healthy virtual machines. All of these network components are made available externally via a CDN. With this configuration, the network resources and the application are resilient to problems that would otherwise disrupt traffic and affect access by end users.

For general information on developing robust scenarios, see Designing reliable Azure applications.


To determine the operating costs for this scenario, all services are preconfigured in the cost calculator. If you want to know what the costs are for your specific use case, adapt the corresponding variables to your expected data traffic.

We have provided a pre-configured cost profile based on the architecture diagram above. When configuring the price calculator for your application, there are a few important aspects to consider:

  • How much GB of traffic do you expect per month? The amount of traffic has the greatest impact on your costs because it determines the number of VMs required to expose the data in the VM scale set. It also correlates directly with the amount of data made accessible via the CDN.
  • How much new data are you going to write on your website? New data written to your website correlates with the amount of data mirrored in all regions.
  • How much of your content is dynamic? How much is static? The variance around dynamic and static content affects how much data is retrieved from the database level and how much data is cached in the CDN.