Our Infrastructure

Staq is a high performance AWS WordPress Hosting platform. Below is how our infrastructure works.

Staq Container

Our entire infrastructure is built on Amazon Web Services (AWS) using clusters hosted inside Virtual Private Clouds (VPC) and consist of customized AWS EC2 instances that fully integrate with the following AWS services:

  • CloudFront - Content Delivery Network (CDN)
  • S3 - Cloud Object Storage
  • RDS - Fully Managed Relational Database
  • IAM - Identity and Access Management
  • EBS - High-Performance Block Storage
  • Lambda - Serverless Computing Platform
  • ACM - Amazon SSL Certificates Manager
  • ElastiCache Redis - Managed Caching Service for Redis
  • Shield - Managed DDoS Protection Service
  • Route53 - Scalable and Highly Available DNS service

to provide best performance and security for our users.

To learn more how each AWS is integrated into Staq, please click here.

EC2 Instances (Server)

Our EC2 instances run on Amazon Linux 2, and every site on the instance runs as an isolated linux user with strict permissions to guarantee privacy when using the resources that run the site.

For example, each site can run up to 10 (configurable to more with a click of a button) simultaneous processes of PHP pools and therefore cannot access resources of other sites.

Burstable Resources & Load Balancers

Each EC2 server is a burstable performance instance and does not contain more than 30 live sites per instance.

All sites have access to a baseline of 2 vCPUs with the ability to burst above the baseline at any time for as long as required, 6 GB of RAM and an elastic file system (EBS).

If you require additional resources, we can scale up to 96 vCPUs and 192GB memory and can attach application load balancers.

Having said that, all of the instances on our platform include:

  • monitors
  • intrusion prevention softwares
  • watch dogs

that run in the background to ensure targeting internal and external types of abuse.

For example, we have watch dogs that observe the CPU and RAM usage per site in real time and act on those processes right before they affect the whole server.

Plus, our monitors collect analytical data per site which is viewable from our dashboard for our users. In the case of continuous abuse we may decide to move one site from a standard plan to a better and suitable plan.

Decoupled Infrastructure

In addition to being burstable instances, our team has designed a decoupled infrastructure to take full advantage of AWS services.

We've developed amazing built-in tools to ensure the distribution and minimizasation of the work-load on our EC2 servers, which leads to fascinating performance and the highest security measures to keep your site running seamlessly.

This is how our environment decouples services to ensure maximum performance of EC2 Instances (servers):

  • Decoupled RDS databases that is separate from the EC2 Instance server. The RDS database runs on a non-public network (accessible only within the Virtual Private Cloud) powered by MariaDB.
  • Redis Object Caching to optimize the delivery and execution of scripts and to minimise requests to the database.
  • A built-in page caching plugin that fully integrates with Nginx on the server level without reaching PHP processes (which is required on other hosting platforms that require you to use 3rd party caching plugins such as WP Rocket).
  • A built-in integration between the WordPress media library and S3 by using IAM users to secure communication to offload the images and traffic outside the EC2 server. Moreover, the optimization of the images is done by AWS Lambda workers that are serverless; totally decoupled from the EC2 instances.
  • On top of Fail2ban, an open-source software to mitigate DDoS attacks, we have built our own complex add-ons and customised filters to watch the Nginx access logs per site, analyse them and smartly decide to ban abusive traffic while double checking the identity of the banned IP based on the geo-location and client's behaviour.
  • A built-in solution to allow your whole site to be behind AWS CloudFront CDN (installed with a click of a button) that acts as a proxy and boosts up your site's performance and security to the highest limits possible with a serverless experience to the site visitors, where traffic does not even reach the EC2 instances, unless a server request is required. Additionally to our internal protection softwares, all our CDN distributions come with AWS Shield to provide another layer of protection to the site behind the CDN.

Note that all of our tools come as part of the standard plan with no additional costs.