In this article, we will look at how to deploy and create a WordPress site on App Service in Microsoft Azure.
WordPress can be hosted on a variety of platforms, such as WordPress.com, managed WordPress hosting, dedicated hosting, and cloud hosting where the hosting service provides flexible and scalable resources to host your WordPress site in the cloud.
To host WordPress in the cloud, you’ll need to sign up for a cloud hosting account with a provider that supports WordPress. Some popular cloud hosting providers that support WordPress include Amazon Web Services (AWS), Google Cloud Platform, and Microsoft Azure.
Table of Contents
Introduction
WordPress is one of the most popular and widely used content management systems (CMS) in the world. It was first released in 2003 and has since become the go-to platform for bloggers, small business owners, and large corporations alike.
WordPress is a free and open-source CMS that allows users to create and manage websites without any coding knowledge. It is built on PHP and uses a MySQL database to store content. WordPress is incredibly flexible and can be used to create all kinds of websites, from simple blogs to complex e-commerce platforms.
One of the key features of WordPress is its ease of use. The platform is designed to be intuitive and user-friendly, making it accessible to users of all skill levels. Additionally, WordPress is highly customizable, with thousands of themes and plugins available to extend its functionality.
WordPress can be installed and hosted as an Infrastructure as a Service (IaaS) using Virtual Machine in the Microsoft Azure cloud. However, WordPress can also be hosted using Platform as a Service (PaaS) hosting option on Azure App Service. This will eliminate the need to manage any Virtual Machines, enabling you to more easily and securely host WordPress in Microsoft Azure.
Microsoft announced that WordPress on App Service which was under public preview since February 15, 2022, is now generally available. With advanced, top features and revised hosting plans, you can now deploy and manage WordPress websites with ease.
Let’s take a look at the necessary steps to create and get a WordPress site up and running on Azure App Service!
Prerequisites
To follow this article, you just need only to have the following:
Azure subscription to deploy cloud resources, such as creating an Azure App Service to host a WordPress site – If you don’t have an Azure subscription, you can create a free one here.
Create a WordPress Site on App Service
Launch the Azure portal, click on the + Create a resource option on the left hamburger menu, then search the Azure Marketplace for WordPress on App Service.
Select the WordPress on App Service option and then click Create as shown in the figure below.
Please note that you can also find WordPress Virtual Machine options in the marketplace, be sure to choose the WordPress on App Service option from Microsoft to follow the steps described below.
In the Basics tab, under Project Details, you need to choose and select the following required options to configure before the resource can be provisioned in your Azure subscription.
Subscription: Select your desired subscription where you want to host your WordPress site.
Resource group: Select or create a new resource group to organize the resources for your WordPress website within your Azure Subscription.
Region: Choose the Azure region where to host your WordPress website within Microsoft Azure, here you need to select a region that is closer to your customer base to avoid latencies. Keep in mind that you can use a content delivery network (CDN) to improve your user experience (more on that later).
Name: Set a name for the default DNS name that is a subdomain of the .azurewebsites.net domain that will host the WordPress site initially. Keep in mind that you can set up a custom domain on the website (more on that later).
Next, we have to choose the hosting plan, enter the admin email and set the access credentials.
Hosting plan: Choose a pricing tier, or hosting plan, to use for your WordPress site within Azure App Service. The WordPress hosting plan dictates your App Service Plan, Database SKU, and other available features. Should you need to change the plan, click on Change Plan as shown in the figure below, then choose your desired plan from the plan picker sidebar.
Site language: Select the desired site language.
Admin email: Set the administrator email address for your WordPress setup.
Admin username: Set the username for the WordPress administrator. The username can have only uppercase letters, lowercase letters, numbers, underscores, hyphens, periods, and the @ symbol.
Admin & Confirm password: Set and confirm the password to be used for the WordPress administrator.
We have blur-boxed the value for obvious reasons.
Click Next: Advanced > to choose some advanced options that can be configured.
In the Advanced tab, you can opt for advanced features like Azure CDN or Azure Front Door (AFD), and Azure Blob Storage. It’s strongly recommended that you select Azure CDN and Azure Blob storage. If you select Azure AFD, then you will need to either select an existing AFD profile or create a new one. Please note that you can choose to select either Azure CDN or Azure Front Door.
In this example, we will not choose Azure CDN or Azure Front Door since will be using Cloudflare CDN instead.
Please note that if you opt to use Azure CDN, Azure Blob Storage, or Azure Front Door, you need to consider the additional costs associated with these services. Please check the Azure CDN pricing, Azure Blob Storage pricing, and Azure Front Door pricing pages.
Next, select Azure Blob Storage which allows you to store and access images, videos, and other files. This effectively reduces the load on your web server thereby improving performance and user experience.
For the Virtual Network, you can let Azure App Service create a new VNet for you, or select an existing VNet as shown in the figure below.
Last, click on the Review + create button. On the Review + create tab, you can see the summary details of the WordPress web application, you can download the JSON template for automation, and finally click Create.
The deployment might take around 10 to 15 minutes for all the resources to be deployed.
Access WordPress Site on App Service
Once the deployment has been completed, you can click Go to resource or go to the Resource Group that was created with all the new Azure resources for hosting your WordPress site on Azure App Service.
As shown in the figure below, you will see multiple Azure resources that were provisioned and configured to host your new WordPress site. These will include a MySQL database for the flexible server backend of WordPress, the App Service plan, the App Service resource that hosts the WordPress web application, and the Azure Virtual network used by the App Service and the MySQL database private access connection, among a few other resources created to set everything up.
Select and navigate to the App Service resource that will allow you to see the default domain name and other configuration options for the WordPress site.
As shown in the figure below, the default domain name can be used to access and use the WordPress site without needing to configure any custom domain. Keep in mind that a custom domain can be configured later as needed (more on that in a bit).
Copy the URL and then go to the website. You will land on the homepage of your WordPress site as shown in the figure below.
Now to access the default admin page of your WordPress, you need to add /wp-admin at the end of your URL. For example, https://websitename.azurewebsites.net/wp-admin will take you to the Admin page.
On the Admin page, you need to enter the credentials that you had set during the deployment of your WordPress Site on App Service.
And then you’re welcomed to the WordPress admin dashboard as shown in the figure below.
By default, the WordPress on Azure App Service team has included the following three WordPress plugins for you:
1) W3 Total Cache: We use this plugin for Redis cache and to enable integration with Azure CDN and Blob storage. Learn more about W3 Total Cache.
2) Smush: We use this plugin for image compression. Learn more about Smush.
3) Akismet: This plugin helps in protecting your website from malicious content. Learn more about Akismet.
Configure Custom Domain on WordPress Site
While you could host your website with the default domain name and the subdomain .azurewebsites.net of the Azure App Service. However, it’s recommended to purchase a domain name from your favorite domain registrars such as GoDaddy or Cloudflare to host your WordPress site instead.
If you don’t have a custom domain yet, you can purchase an App Service domain directly from Azure.
To configure your own custom domain to be used with your WordPress site, you need to navigate to the Custom domains pane under Settings of the App Service resource that was created for your WordPress web app, and then select ‘Add custom domain‘ as shown in the figure below.
In the Add custom domain page, set the following:
- Domain provider, select All other domain services.
- TLS/SSL certificate, select App Service Managed Certificate.
- TLS/SSL type, select SNI SSL. SNI binding is free of cost and supported by most modern browsers; IP-based SSL is supported only in the Standard tier or above and will incur additional costs.
- Domain, specify a fully qualified domain name you want based on the domain you own. For example, if you own domain.com, you can use www.domain.com.
- Don’t select Validate yet.
Now for each custom domain in App Service, you need two DNS records with your domain provider. As shown in the figure below, the Domain validation section shows you two DNS records that you must add with your domain provider. Select the respective Copy button to help you create the corresponding DNS records on your domain provider side.
Sign in to the website of your domain registrar, and find the page for managing DNS records, Domain Name, DNS, or Name Server Management (the exact page differs by domain provider).
1) Select Add or the appropriate widget to create a DNS record.
2) Select the DNS record type based on the Domain validation section in the Azure portal (CNAME or TXT).
3) Configure the DNS record based on the Host and Value columns from the Domain validation section as shown in the figure above.
4) Make sure to add two different records for your custom domain.
Once you are done on the domain registrar side, go back to the Add custom domain page in the Azure portal, and select Validate.
If the Domain validation section shows green check marks under the Status column next for both domain records, then you’ve configured them correctly, then you can click Add.
If the Status shows any red X, fix any errors in the DNS record settings on your domain registrar’s side.
Last, you should see the custom domain added to the list. Wait a few minutes for App Service to create the managed certificate for your custom domain. When the process is complete, the red X becomes a green check mark with Secured.
Finally, browse to the DNS names of your WordPress custom domain name that you configured as described in the previous steps.
That’s it there you have it… Happy WordPress-ing!
Manage Access Restriction To Your WordPress Site
You can set up access restrictions to your WordPress site on Azure App Service by defining a priority-ordered allow/deny list that controls network access to your website.
The list can include IP addresses or Azure Virtual Network subnets. When there are one or more entries, an implicit deny all exists at the end of the list.
The access restriction capability is implemented in the App Service front-end roles, which are upstream of the worker hosts where your WordPress site runs. Therefore, access restrictions are effectively network access control lists (ACLs).
To add an access restriction rule to your WordPress site, do the following:
1) Select and navigate to the App Service that you want to add access restrictions.
2) On the left pane, select Networking under Settings.
3) On the Networking pane, under Inbound Traffic, select Access Restriction as shown in the figure below.
On the Access Restrictions page, you can define lists of allow/deny rules to control traffic to your WordPress site. The rules are evaluated in priority order. If no created rule is matched to the traffic, the “Unmatched rule action” will control how the traffic is handled to your website.
To add an access restriction rule to your website, on the Access Restrictions page, select Add rule as shown in the figure below. After you add a rule, it becomes effective immediately.
Rules are enforced in priority order, starting from the lowest number in the Priority column. An implicit deny-all is in effect after you add even a single rule.
Next, you need to specify the IP Address Block in Classless Inter-Domain Routing (CIDR) notation for both the IPv4 and IPv6 addresses. To specify an address, you can use something like 1.2.3.4/32, where the first four octets represent your IP address and /32 is the mask. The IPv4 CIDR notation for all addresses is 0.0.0.0/0.
Now through the Azure portal, each access rule will allow you to add a single IP address block only, so if you need to add more than one IP range, then you need to create another access rule. This is not efficient!
What about if you have many IP addresses or address ranges that you want to allow or block?
The good news is that we can have multi-source rules that allow you to combine up to eight IP ranges or eight Service Tags in a single rule. You might use this if you’ve more than 512 IP ranges or if you want to create logical rules where multiple IP ranges are combined with a single HTTP header filter.
Let’s see how to manage access restrictions at scale for WordPress on App Service.
To use multi-source rules, you need to use Azure PowerShell, Azure CLI, ARM JSON, or Bicep. The Multi-source rules are defined the same way you define single-source rules, but with each range separated with a comma (maximum eight IP ranges).
Here is a PowerShell example that you can use to protect your WordPress site (adjust the values to match your needs):
# Allow Access IPv4 Rule01 with Priority 100
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "ResourceGroupName" -WebAppName "WordPressAppName"
-Name "IPv4-Allow-Rule01" -IpAddress "173.245.48.0/20,103.21.244.0/22,103.22.200.0/22,103.31.4.0/22" `
-Priority 100 -Action Allow
# Allow Access IPv6 Rule01 with Priority 200
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "ResourceGroupName" -WebAppName "WordPressAppName"
-Name "IPv6-Allow-Rule01" -IpAddress "2400:cb00::/32,2606:4700::/32,2803:f800::/32,2405:b500::/32" `
-Priority 200 -Action Allow
# Block Access IPv4 Rule01 with Priority 300
Add-AzWebAppAccessRestrictionRule -ResourceGroupName "ResourceGroupName" -WebAppName "WordPressAppName"
-Name "IPv4-Block-Rule01" -IpAddress "18.157.105.182/32,3.126.25.160/32,34.248.174.237/32,52.16.85.139/32" `
-Priority 300 -Action DenyPlease note that there is a limit of 512 access restriction rules. If you require more than 512 access restriction rules, then it’s recommended that you consider installing a standalone security product, such as Azure Front Door, Azure App Gateway WAF, or use Cloudflare WAF security.
Additional WordPress Features on App Service
Apart from using these Azure services mentioned above, the WordPress on Azure App Service team at Microsoft has been undertaking the following features to make sure you have the best WordPress hosting experience.
Updated Technology Stack
The updates for Linux, PHP, and Nginx are installed automatically. New WordPress versions will be available for new deployments within two weeks of release. However, for existing deployments, you will have to upgrade your WordPress version yourself.
The offering also comes with an out-of-the-box implementation of Redis Cache in the Web Server which improves performance and reduces the load on your database.
Azure App Service Hosting Plans
Microsoft Azure provides you with three hosting plans for you to pick according to your WordPress requirements as follows:
* Basic (B1):
- WebApp Server: 1 vCore, 1.75 GB RAM, 10 GB Storage.
- MySQL Flexible Database Server: 1 vCore, 2 GiB RAM, 32 GiB storage, 400 IOPS.
* Standard (P1V2):
- WebApp Server: 1 vCore, 3.5 GB RAM, 250 GB Storage.
- MySQL Flexible Database Server: 2 vCores, 8 GiB RAM, 128 GiB storage, 700 IOPS.
* Premium (P1V3):
- WebApp Server: 2 vCores, 8 GB RAM, 250 GB Storage.
- MySQL Flexible Database Server: 2 vCores, 16 GiB RAM, 256 GiB storage, 1100 IOPS.
To learn more about the estimated cost, please check the App Service Plan pricing and Azure Database for MySQL pricing pages for your WordPress project.
Summary
In this article, we showed you how to deploy and create a WordPress site on Azure App Service in Microsoft Azure.
WordPress on Azure App Service is built on top of Azure App Service and takes advantage of all the advanced features in Azure App Service to build, deploy, and manage your WordPress applications.
WordPress on Azure App Service will also make use of other Azure services like MySQL Flexible server, Azure CDN, Azure BLOB storage, Azure Virtual Network (VNet), and Azure Front Door (AFD) to give you the best WordPress experience. In addition to using these Azure Products, the WordPress on Azure App Service team at Microsoft makes sure that you get the latest versions of all underlying technology including a dedicated support team.
Now go ahead and start creating a WordPress site at Create WordPress on App Service – Microsoft Azure Marketplace.
__
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.
-Charbel Nemnom-
