How To Set Up a Reverse Proxy for WordPress

As a WordPress administrator, you might find yourself in a situation where you must set up a reverse proxy server. Fortunately, setting up a reverse proxy server is relatively easy, and there are several different software packages that you can use. This article provides a brief overview of setting up a reverse proxy server for your WordPress site using NGINX.

What Are Reverse Proxy Servers And Why Use Them For WordPress

A reverse proxy server retrieves resources from one or more servers on behalf of a client. These resources are then delivered to the client without a way to tell that they originated from the proxy server.

Reverse proxies are useful because they can hide the existence and characteristics of the originating server. For example, a reverse proxy can provide an extra layer of security, performance, and reliability for web applications by shielding them from malicious requests or large amounts of traffic.

If you’re curious to learn more, there are many resources online to help you learn more about reverse proxy servers. There are several common reasons why setting up a reverse proxy server might be necessary:

• Improved site performance with content caching

A common use case for a reverse proxy is to cache frequently requested WordPress content. For example, if a group of web servers serves a website, a reverse proxy can cache the website’s static content (such as HTML pages, images, and CSS files) on a single server. This can improve the WordPress website’s performance, as the content does not need to be retrieved from the web servers each time a user requests a page.

• Offloading CPU-intensive tasks such as image resizing

A reverse proxy server can offload CPU-intensive tasks such as image resizing from the WordPress server by forwarding requests for these tasks to a server that is better equipped to handle them. This can help improve the performance of the WordPress site by freeing up resources on the WordPress server for other tasks.

• Improved security by filtering requests and blocking malicious traffic

A reverse proxy server can improve WordPress security by filtering requests and blocking malicious traffic. By filtering requests, the reverse proxy server can block access to specific IP addresses or regions that are known to be associated with malicious activity. By blocking malicious traffic, the reverse proxy server can help DDos mitigation and other attacks that target WordPress sites.

• Making WordPress accessible from a different domain or subdomain

As mentioned above, reverse proxy server retrieves resources from one or more servers on behalf of a client. These resources can be any file type but are most commonly web pages. The reverse proxy server then provides the client with these resources and they appear as if they originated from the server itself. This is done by configuring the reverse proxy server to forward requests for WordPress content to the WordPress server while still giving the client the illusion that they are accessing the content directly from the local proxy server.

Most Popular Reverse Proxy Servers

According to W3Techs, around 83% of websites do not employ a reverse proxy service. The remaining 17% that do are mostly CDNs, as reverse proxies generally conceal their presence for security purposes, making it difficult for website monitoring services such as W3Techs to determine which ones are the most widely used. Here are the three most commonly used reverse proxy solutions:

• NGINX

NGINX is a web server that offers multiple advantages, such as enhanced performance, safety, dependability, and scalability. You can get it for free or use the commercial edition, NGINX Plus, for corporate websites with API-based setup possibilities. Quite a few big businesses use NGINX – Cloudflare, Netflix, MaxCDN, among others. Configuring NGINX as a reverse proxy is easy, and you can personalize it to satisfy your needs.

• Varnish

Varnish is a type of open-source software that can improve the performance of high-traffic websites. It works as a reverse proxy, load balancer, web application firewall, and edge authentication server, and it supports Edge Side Includes (ESI) for faster page loading. You can use it as a front-end for NGINX or Apache web servers, or set it up as a reverse proxy for WordPress.

• Apache Traffic Server

Apache Traffic Server, an open-source option renowned for its performance and capacity, was first developed by Yahoo! as a commercial service before they gave it away to the Apache Foundation. It is currently being used by many content networks and CDNs, including Akami, Apple, Comcast, LinkedIn, and Yahoo to enhance their systems. In addition, Apache HTTP Server (Apache httpd) can be employed to set up a reverse proxy on your web server that allows it to supply both static and dynamic content to users while still operating as a regular web server.

• HAproxy

HAProxy is a free, open-source reverse proxy and load balancer designed to work with many existing web server architectures, such as Linux systems and cloud-based platforms. It utilizes an event-driven I/O model and can distribute requests across multiple worker processes, similar to NGINX. HAProxy is renowned for its capacity to handle large traffic volumes even during peak loads. It is used by some of the largest sites in the world, such as Airbnb, Reddit, and Instagram.

Reverse Proxy Server Use Cases For WordPress Sites

Although you can also use other reverse proxies, NGINX is the most popular choice. Here are the three main use cases for setting up a reverse proxy for WordPress sites:

• Main and proxy website on a single server

If you have both the main and proxied sites hosted on the same web server, you can set up a reverse proxy so that the proxied site loads from the main site. You can do this by configuring all relevant reverse proxy rules on the main site and setting up the proxied site to load through the proxy. In addition, if using an SSL certificate, specific rules must be in place in the wp-config.php to prevent redirection loops. Note that it is impossible to create a URL with the same subdirectory as the one used to load the site.

• Hosting only the proxied site on your server

To create a reverse proxy, you must contact the server admin of the main website and configure the rules on two servers. A domain name that points to the reverse proxy should also be added. This is usually done via a subdomain (e.g. blog.your_domain.com) that is linked to the proxied site (e.g. your_domain.com/blog). Note that you’ll need the IP address from the server to complete the setup process.

• Main site hosted on your server

If you can only access the main website and its hosting server, then you should set up a reverse proxy and adjust its settings so that the page is pulled from an external host. It will be the responsibility of the administrator of the secondary server to install and configure the proxied site to be accessed through the reverse proxy.

Steps To Set Up A Reverse Proxy For WordPress

Setting up a reverse proxy for WordPress is a great way to improve your website’s performance. It can also help protect your web server from malicious requests and help improve user experience. Below are the steps you need to take to set up a reverse proxy for WordPress.

1. Install a reverse proxy server

The first step is to install a reverse proxy server. We recommend using the NGINX web server, which is free and open source. Other popular web servers, such as Apache, can also be used, but we’ll assume you’re using NGINX for this tutorial. Let’s say you want to use a NGINX reverse proxy (192.x.x.10) along with an Apache web server (192.x.x.20) which is already up and running.

Installing NGINX on a Ubuntu server is a matter of running a single command:

sudo apt-get update
sudo apt-get install nginx

Once NGINX is installed, use this command to disable the virtual host:

sudo unlink /etc/nginx/sites-enabled/default

Now it’s time to create a reverse proxy. You can do that by creating a file called reverse-proxy.conf in the etc/nginx/sites-available directory. First of all, navigate to the directory:

cd etc/nginx/sites-available

Create the file via the vi editor:

vi reverse-proxy.conf

Add the following lines to the file:

server {
listen 80;
location / {
proxy_pass http://192.x.x.20;
}
}

As we can see, the proxy pass is allowing requests coming through the reverse proxy to be passed along to 192.x.x.20:80, the main server’s remote socket. In other words, both servers share the content. Once you’re done, save the file and exit the editor. To forward information to other servers, use the ngx_http_proxy_module in the terminal. Finally, you need to activate the directives by linking to /sites-enabled/ with this command:

sudo ln -s /etc/nginx/sites-available/reverse-proxy.conf /etc/nginx/sites-enabled/reverse-proxy.conf

All that’s left to do is testing the reverse proxy. You need to run a configuration test and restart NGINX to verify its performance. Use the command below to check if NGINX works:

service nginx configtest
service nginx restart

In case the test fails, it means that Apache is probably not set up properly.

Reverse Proxy Server Limitations

A reverse proxy can present a major security risk because it can observe and modify all traffic going through it. If HTTPS traffic is sent via the reverse proxy, then the data must be decrypted and re-encrypted, which requires the private keys of the SSL/TLS certificate. If a hacker gains access to this reverse proxy, they have the potential to log passwords and insert malicious code into websites.

A reverse proxy can create a single point of failure if neither you nor your users can access the main server directly. For example, if one reverse proxy serves multiple domains, any disruption will render all those sites inaccessible. If a third-party reverse proxy is used, don’t forget that you’re sharing important details about the site with them.

Conclusion

Setting up a reverse proxy for WordPress can benefit website security and performance. The steps to set up a reverse proxy for WordPress vary depending on the server and configuration. Generally, they include configuring the proxy server, setting up the backend web server, and setting up the WordPress site. Although setting up a reverse proxy server can be beneficial, it has limitations.