More from this category
GITHUB – WORDPRESS AWS TEMPLATES w/permissions/security/all settings ready to deploy
https://github.com/aws-samples/aws-refarch-wordpress
Cloudfront – Extended Configuration Info – AWS DOC
Level 1 Article
https://aws.amazon.com/cloudfront/getting-started/
Level 2 Article (applicable info)
Cloudfront conifg explanation – full article on aws (click here) | Adding security to aws (click here)
https://aws.amazon.com/blogs/startups/how-to-accelerate-your-wordpress-site-with-amazon-cloudfront/
Extra – Bitnami configuration cdn / is there an ubuntu?
Amazon S3 Quick Start Guide
- Set up AIM USER
- Set up bucket with permissions
- Https and CName
- Cron Job
- Cloudfront setup for Media Items
- Bucket Permissions
- Upload Media
- File CDN distribution settings – ASSETS PULL ADD-ON – Info on lauch of asset pull
- Creating a custom origin to serve the assets
- Edit the default cache behaviour of the distribution
- Create a cache behaviour for the S3 origin
- Assets pull testing / fix errors
- Compatability additions
Introduction
This guide aims to help you start offloading your WordPress Media Library to an Amazon S3 bucket with WP Offload Media as quickly as possible.
We also have Quick Start Guides for other storage providers.
This article covers the following steps:
- Login to the AWS Console
- Create an Amazon Web Services (AWS) User
- Saving the AWS User’s access details for WP Offload Media to use
- Activate Your WP Offload Media License
- Configure WP Offload Media to offload newly uploaded media to an Amazon S3 bucket
- Offload Your Existing Media Library
- Next steps for setting up WP Offload Media to use a CDN
Login to the AWS Console
Already have an Amazon Web Services (AWS) account? Sign in here.
If you don’t have an AWS account yet, you will need to sign up here.
Create an IAM User
Once you have logged into the console, you will need to create a new IAM user:
Navigate to the IAM Users page in the AWS Console, click the Add user button.
Enter a name for the user in the User name field.
Names are case insensitive and must be unique within your AWS account. User names can be a combination of up to 64 letters, digits, and these characters: plus (+), equal (=), comma (,), period (.), at sign (@), and hyphen (-).
Under Access type select the checkbox for Programmatic access, then click the Next: Permissions button.
To allow the new user to manage buckets and objects in the S3 service, you need to grant it specific permissions.
Click the “Attach existing policies directly” button, and then enter “s3” in the filter policies input box.
Select the “AmazonS3FullAccess” policy, then click the Next: Review button at the bottom of the page.
If everything looks good, click the Create user button.
You will be shown the security credentials for the user, which consists of an Access Key ID and a Secret Access Key. Amazon will not show these again so please download them as a .csv and also copy them somewhere safe. If you lose them, you can always create a new set of keys from the console but you cannot retrieve the secret key again later.
Define Your Access Keys
Now that you have your AWS Access Keys, you need to add them to your site so that WP Offload Media can use them to work with the Amazon S3 service.
For better security, we recommend defining your access keys in your wp-config.php:
define( 'AS3CF_SETTINGS', serialize( array(
'provider' => 'aws',
'access-key-id' => '********************',
'secret-access-key' => '**************************************',
) ) );
These should be placed before the following block of code in your wp-config.php:
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');
Warning: If you define your access keys after this block of code, WP Offload Media will not be able to read them.
IAM Roles
If you’re running your site on an Amazon EC2 instance, you might like to use an IAM Role instead. This is even more secure than defining your access keys in wp-config.php.
Questions?
Each of the above quick start guides should help you with getting started with WP Offload Media but if you run into any issues, you can search these docs via the search bar above.
Bucket set up
Configure WP Offload Media
To start offloading newly uploaded media to Amazon S3 you need to first tell WP Offload Media which bucket it should use. If you have not already created a bucket to use with WP Offload Media, it can be created for you from WP Offload Media’s Settings page.
Go to the “Media Library” tab of WP Offload Media’s Settings page in the WordPress admin dashboard. If you have followed the steps above then you should see something like the following.
If you have already created the bucket you want to offload your media to, then you can enter the bucket name in the above input and click the “Save Bucket” button.
If you haven’t created the bucket yet, then you can click the “Create new bucket” link to get a form where you can specify the new bucket’s name and region.
As long as you haven’t restricted your IAM User’s access to list buckets then you can also “Browse existing buckets.”
Regardless of how you specify the bucket, once saved, WP Offload Media will be set up to offload newly-uploaded media to the bucket with some recommended default settings.
this sounds strange to me? but apparently we already did it
Bucket Permissions
Access Denied to Bucket
If you see an “Access Denied to Bucket” error notice after selecting a bucket created in the AWS Console, the chances are you have “Public Access Settings” enabled for the bucket. You can tell by selecting the bucket in the AWS Console’s list of buckets and looking at the “Public access settings” option within the “Permissions” section of the pop-over panel.
WP Offload Media needs to be able to make objects in the bucket public readable (not editable) so that your site visitors can see them, this is safe to do as it is on a per object basis and is different from making the bucket public. Even if you’re only going to use WP Offload Media to offload “private” objects for WooCommerce, Easy Digital Downloads or similar, it still needs to be able to change the permissions on individual objects in the bucket.
If “Public access settings” does not say “Disabled“, click the “Permissions” section link in the pop-over panel and click “Edit”.
Uncheck all of the settings and save the changes, you’ll need to confirm the change if asked.
Refresh WP Offload Media’s settings page and the “Access Denied to Bucket” error should disappear.
IMPORTANT: There is also a Block public access (account settings) page that can be accessed from the Amazon S3 sidebar that can also be used to disable public access to objects in all existing and new buckets. If the AWS account is relatively new, or someone has visited this settings page and turned on the blocking of public access, you may need to visit the page, click “Edit”, clear the “Block all public access” checkbox, and then save the changes.
HTTPS
Configure a Custom Domain for CloudFront with HTTPS
This article assumes that you’ve already configured CloudFront, as detailed in our CloudFront Setup guide.
Generate a Certificate
Log into the AWS console and visit the AWS Certificate Manager.
IMPORTANT: Make sure you switch to the “US East (N. Virginia)” region using the region selector at the top right, CloudFront only works with certificates that are created in that “global” region.
Click ‘Get Started’ and you will be prompted to enter your first domain.
Enter your domain and any subdomains you want the certificate to cover, or enter a wildcard as I have. Click ‘Review and request’ followed by ‘Confirm and request’. Shortly after you should receive an authorization email.
Once you approve the request your certificate is ready to use.
Adding the Certificate to CloudFront
Open the CloudFront console page and select your distribution.
Click ‘Edit’ and add your custom domain to the ‘Alternate Domain Names’ option. Change the ‘SSL Certificate’ to ‘Custom SSL Certificate’ and select your previously created certificate from the drop-down list.
Make a note of your unique CloudFront URL and log into your DNS control panel. Add a new CNAME entry that points to your CloudFront domain. This entry should match that entered in the ‘Alternate Domain Names’ from within the CloudFront console.
Add Your Custom Domain to WP Offload Media
Log into your WordPress dashboard and open the WP Offload Media settings screen. Change the ‘Domain’ option to ‘CloudFront or Custom Domain’ and enter your new custom domain. If you’re using the Assets addon remember to also update the ‘CloudFront or Custom Domain’ option on the Assets tab.
Now if you load the front-end of your site and open the developer tools you should see that the URLs point to your custom domain.
SET UP CRON JOB
Make Sure Cron Is Set Up
We highly recommend that you configure a proper cron job on your server as WP Offload Media relies heavily on background processing. See our Cron Setup doc for details on how to accomplish this.
Cron Setup
WP Offload Media relies heavily on cron functioning correctly for background processing. Out of the box WordPress checks for cron jobs on every single page load by firing a request off to wp-cron.php, which is very inaccurate. If a site doesn’t receive any visits for a set amount of time, cron will not run during this period. This is also true of sites that implement full page caching, as WordPress is generally bypassed. Basic auth and some security plugins can also restrict cron if not correctly configured.
To ensure that cron runs more often, you need another method of hitting wp-cron.php. If your site is running on Linux and you have access to SSH you can you use the built in crontab. If not, a cron service can be used.
Regardless of which method you choose, a cron schedule of 5 minutes or less is recommended.
Cron Services
There are various cron services available and most offer a free plan, however, the free plans usually limit the frequency in which cron jobs can be scheduled.
www.easycron.com
www.setcronjob.com
Signup for an account at your chosen provider and proceed to create your first cron job.
Enter the URL to your site’s cron file. The free plan at www.easycron.com limits cron jobs to 10 minute intervals.
Cron will now fire every 10 minutes, regardless of whether or not any visits are received.
Crontab
SSH to your server.
ssh username@server.com
Open the crontab. If this is the first time, you may be asked to select an editor. Option 2 (nano) is usually the easiest.
crontab -e
Add a new line to the end of the file, ensuring that you specify the absolute file path to your WordPress install.
*/5 * * * * cd /var/www/example.com/public; php -q wp-cron.php >/dev/null 2>&1
Alternatively, you can use cURL if PHP CLI causes you issues.
*/5 * * * * curl http://example.com/wp-cron.php?doing_wp_cron >/dev/null 2>&1
Hit CTRL-X followed by Y to save and exit. Cron will now fire every 5 minutes, regardless of whether or not your site receives any visits.
Testing Cron
You can test that cron is correctly configured by installing WP Crontrol. Once installed and activated head to Tools > Cron Events.
Each scheduled event will have it’s next run time displayed. An event which has now in the next run column is due for processing and should be handled on the next cron tick. If the next run time doesn’t update and the cron interval you have configured has elapsed, then cron jobs are not being processed. You need to check that your cron job is configured correctly, as detailed above.
Disable WP Cron
On high traffic sites, you may wish to disable WP Cron once you’ve configured a custom cron job and confirmed that it’s working correctly. To do so add the following line to your wp-config.php file:
define('DISABLE_WP_CRON', true);
Once set, WordPress will no longer fire off a request to wp-cron.php on every page request.
MEDIA ONLY::
Once the Status has changed from In Progress to Deployed, you can configure WP Offload Media to start serving from CloudFront using the cloudfront.net domain provided. However, we highly recommend that you configure a custom domain for your CloudFront distribution. Using the cloudfront.net domain name is not great for your site’s SEO. See the doc Configure a Custom Domain for CloudFront with HTTPS for step-by-step instructions.
CloudFront Setup for Media Offloaded to Amazon S3
This article assumes that you’ve already set up an Amazon S3 bucket and followed the steps within our Amazon S3 Quick Start Guide.
Once the above steps are taken care of, login into the AWS console and visit the CloudFront page. Click Create Distribution followed by Get Started under the Web delivery method.
Populate Origin Domain Name with the desired S3 bucket, however, leave Origin Path blank. Feel free to customize the remaining options if required, but the defaults are fine in most cases.
Click Create Distribution. CloudFront will begin copying all of your files from the specified bucket to its edge servers. This can take a while depending on the size of your Media Library.
Once the Status has changed from In Progress to Deployed, you can configure WP Offload Media to start serving from CloudFront using the cloudfront.net domain provided. However, we highly recommend that you configure a custom domain for your CloudFront distribution.
Our Cloudfront Distributions
Using the cloudfront.net domain name is not great for your site’s SEO. See the doc Configure a Custom Domain for CloudFront with HTTPS for step-by-step instructions.
If you are fine with using the cloudfront.net domain name, head over to your WordPress site. Visit the WP Offload Media screen and enter your cloudfront.net domain name into the Custom Domain (CNAME) option.
Click Save Changes. All of your media library files will now be served from the CloudFront distributed servers.
Offload Your Existing Media Library
Now that your site is configured to offload newly-uploaded media to Amazon S3, you might want to offload any existing media to the bucket too.
In the right-hand sidebar of WP Offload Media’s “Media Library” tab you should see what we call the “Offload Tool”, this can be used to offload existing media to the bucket.
If you have not offloaded anything yet, then you’ll see a “Your Media Library needs to be offloaded” message in the Offload Tool with an “Offload Now” button.
If you have already offloaded a few items, then you might see a message like “66% of your Media Library has been offloaded” in the Offload Tool, with an “Offload Remaining Now” button.
Either way, clicking the Offload Tool’s button will start an upload to the bucket of all existing media yet to be offloaded.
The media offload progresses in small batches in the background to keep things efficient. You can close the tab and just forget about it, when the tool finishes its job, you’ll get a notice in the WordPress dashboard, or you can monitor progress from WP Offload Media’s settings page.
Once complete, the Offload Tool displays a “100% of your Media Library has been offloaded, congratulations!” message and the “Download all files from bucket to server” and “Remove all files from bucket” tools are made available.
Sending our images up in versioned folder
Set up File CDN
Use the Same CloudFront Custom Domain with WP Offload Media and the Assets Pull Addon
If you use WP Offload Media with CloudFront and a custom domain with HTTPS, then you might want to use the same domain and CloudFront distribution for the Assets Pull addon as well to serve your site’s assets.
Using the same domain will have a performance benefit over two DNS entries, as there will be only one open connection which will utilize the multiplexing feature of HTTP/2 to make requests asynchronously.
This guide assumes you have already set up a CloudFront distribution with a custom domain running on HTTPS. The only origin of the distribution is currently pointing to the S3 bucket. The article covers setting up one CloudFront distribution to serve both your media library and site assets with the following steps:
- Creating a custom origin to serve the assets
- Edit the default cache behaviour of the distribution
- Create a cache behaviour for the S3 origin
Assets Pull Addon – Steps shortened
NOTES::
assets.nakedsword.com – I searched my email – no mention of it before this? so not sure where it came from? It is possible it was not set up for this?
the site being on sworddevelop.wpengine.com – do you guys think this could be an issue?
– I asked if we could give it a non-wpengine ulr – the only way is to move this site into a new install and put it at production – that is the only site in wpengine that can have own url.
Origin Setting – aws docs – perhaps we will need to change this section – /DeveloperGuide/using-https-cloudfront-to-custom-origin.html – I do not know what we would use –
STEPS::
- domain to pull assets – any sub-domain that points to sworddevelop.wpengine.com
-
cdn.thesword.com + set up a wildcard domain for assets
– here we may have a problem – it is on wpengine.com –
BUT can we use *thesword.com?
for example – anything-at.thesword.com points to sworddevelop.wpengine.com? and will that work? (url issue) – not sure what the plugin will do honestly. -
CloudFront distribution to “pull” and cache assets from site on-demand –
- For Origin Domain Name, enter sworddevelop.wpengine.com
- For Origin Protocol Policy, select Match Viewer.
Everything else within the Origin Settings section can be left at the default value.
-
Default Cache Behavior Settings – control what CloudFront will do with the response it gets from sworddevelop.wpengine.com
- Query String Forwarding and Caching, select Forward all, cache based on all.
This is necessary to ensure the proper version of an asset is served when WordPress, plugins and themes are updated. - For Compress Objects Automatically, choose Yes.
- Query String Forwarding and Caching, select Forward all, cache based on all.
-
Distribution Settings –
- Adjust the Price Class based on your requirements and budget. Use All Edge Locations – best performance, but will cost slightly more.
- For Alternate Domain Names, enter cdn.thesword.com into the field.
- SSL – says choose custom ssl
- Select your certificate from the dropdown menu (indicated by *.thesword.com).
-
Cloudfront Domain – CloudFront will begin to deploy your new distribution – can take some time depending on the Price Class chosen
- Save your distribution’s unique CloudFront Domain Name for use in the next step. E.g. dXXXXXXXXXXXXX.cloudfront.net
-
CNAME Setup – Set DNS for your chosen subdomain so assets are served through CloudFront using your own domain –
-
Create a CNAME record for the “cdn” subdomain to your CloudFront distribution’s domain name.
NOTE FROM AWS IN SUBDOMAIN ARE
You must list any custom domain names (for example, www.example.com) that you use in addition to the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files. Specify up to 100 CNAMEs separated with commas or put each on a new line. You also must create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net. For more information, see the Help.
-
Create a CNAME record for the “cdn” subdomain to your CloudFront distribution’s domain name.
-
ERROR CODES: (click for doc)
EXTENDED VERSION
The Assets addon will guide you through the set up of Amazon CloudFront. Once complete, it will start rewriting URLs to your enqueued styles and scripts so that they are served from CloudFront rather than your server.
If you prefer to use a CDN other than CloudFront, you can skip the set up, go directly to the settings page, and enter the domain name you’ve configured with your other CDN.
CloudFront Set Up
The following steps will walk you through the process of setting up the Assets addon with Amazon CloudFront.
Each step is clearly outlined with screenshots to guide you through these 3 basic processes:
- Choosing and configuring your domain name to use for serving your assets
- Requesting a free SSL certificate through the Amazon Certificate Manager
- Creating and configuring a new CloudFront distribution to serve your assets
The whole process usually takes about 15-30 minutes, depending on your pace, and external factors (such as DNS propagation).
When you’re ready to begin, click Get Started below.
What domain name would you like to serve your assets from?
could be any sub-domain that points to develop.wpengine.com
We highly recommend using a subdomain of wpengine.com for better
SEO.
ALL SSL INFO HERE
Next: Creating an HTTPS Certificate
For maximum security and performance*, we highly recommend serving your assets via HTTPS.
To get started, we need to request a free SSL certificate for your CloudFront distribution using the AWS Certificate Manager.
To request a certificate, go to AWS Certificate Manager and click the
Get Started button.
If this is not your first certificate with Amazon’s Certificate Manager, click Request a certificate.
IMPORTANT: Make sure you switch to the “US East (N. Virginia)” region using the region selector at the top right, CloudFront only works with certificates that are created in that “global” region.
* Using HTTPS with CloudFront lets your visitors benefit from significantly faster load times by leveraging HTTP/2 where possible.
Step 2 of 12
Next, we are going to submit a request for a free wildcard SSL certificate which will be valid for the given domain name as well as any subdomains.
- Enter *.thesword.com into the Domain name field.
- Click the Review and request button.
- Confirm the domain is correct (this cannot be changed later).
- Click the Confirm and request button.
A verification email will be sent to the following registered email addresses in WHOIS:
- Domain registrant
- Technical contact
- Administrative contact
In addition, the following addresses will also receive the verification email:
- administrator@thesword.com
- hostmaster@thesword.com
- postmaster@thesword.com
- webmaster@thesword.com
- admin@thesword.com
If your domain has WHOIS privacy enabled you will need to temporarily disable it to receive the verification email. If you’re having problems you can read more about
validating domain ownership.
Back to Previous Step
After submitting your request in the previous step, you will receive an email from Amazon Certificates, which contains a link to verify your ownership of the domain name.
- Click the link in the email from Amazon Certificates.
- On the certificate approval screen (shown below), click the I Approve link.
Step 4 of 12
Once your domain has been validated you should see the certificate listed in the AWS Certificate Manager with a status of
Issued.
Step 5 of 12
CloudFront Distribution
Now we will create a CloudFront distribution which will “pull” and cache assets from your site on-demand.
- Navigate to the CloudFront service.
- Click the Create Distribution button.
- Under Web, click the Get Started button.
Step 6 of 12
The Origin settings control how the distribution will access your site for any assets which CloudFront does not have a cached version to serve.
- For Origin Domain Name, enter sworddevelop.wpengine.com
- For Origin Protocol Policy, select Match Viewer.
Everything else within the Origin Settings section can be left at the default value.
Step 7 of 12
The Behavior settings control what CloudFront will do with the response it gets from the Origin (your site).
- Scroll to the Default Cache Behavior Settings section.
-
For Query String Forwarding and Caching, select Forward all, cache based on all.
This is necessary to ensure the proper version of an asset is served when WordPress, plugins and themes are updated. -
For Compress Objects Automatically, choose Yes.
CloudFront will serve compressed versions of your assets to browsers that support it and uncompressed versions to browsers that don’t. This can significantly reduce the size of the data needed to be downloaded by the browser making for faster load times.
Step 8 of 12
- Scroll to the Distribution Settings section.
-
Adjust the Price Class based on your requirements and budget.
Choosing Use All Edge Locations will give you the best performance, but will
cost slightly more.
-
For Alternate Domain Names, enter cdn.thesword.com
into the field.NOTE FROM AWS – entering the origin domain again may not be necessary
You must list any custom domain names (for example, www.example.com) that you use in addition to the CloudFront domain name (for example, d1234.cloudfront.net) for the URLs for your files. Specify up to 100 CNAMEs separated with commas or put each on a new line. You also must create a CNAME record with your DNS service to route queries for www.example.com to d1234.cloudfront.net. For more information, see the Help. - For SSL Certificate, select Custom SSL Certificate.
-
Select your certificate from the dropdown menu (indicated by *.thesword.com).
If you do not see a certificate to select for your domain, revisit the steps for
requesting a certificate and
approving the certificate before continuing. - Complete the configuration by scrolling to the end of the page and clicking the Create Distribution button in the bottom right corner.
Step 9 of 12
CloudFront will begin to deploy your new distribution (indicated by the spinning arrows in the Status column), but this can take some time depending on the
Price Class chosen in the previous step.
-
Save your distribution’s unique CloudFront Domain Name for use in the next step.
E.g.dXXXXXXXXXXXXX.cloudfront.net
Step 10 of 12
Now we are going to configure the DNS for your chosen subdomain so assets are served through CloudFront using your own domain.
-
Log into your DNS provider, and navigate to the DNS records for the thesword.com domain.
Steps will vary by provider. - Create a CNAME record for the cdn subdomain to your CloudFront distribution’s domain name.
Step 11 of 12
If your theme uses web fonts you may experience issues with CORS.
If you notice that font files aren’t loading correctly, or receive the following error in the browser console then you need to modify your server configuration.
Please refer to this guide on how to configure your web server. https://deliciousbrains.com/wp-offload-media/doc/configure-cors-to-resolve-web-font-issues/
Step 12 of 12
Use the Same CloudFront Custom Domain with WP Offload Media and the Assets Pull Addon
If you use WP Offload Media with CloudFront and a custom domain with HTTPS, then you might want to use the same domain and CloudFront distribution for the Assets Pull addon as well to serve your site’s assets.
Using the same domain will have a performance benefit over two DNS entries, as there will be only one open connection which will utilize the multiplexing feature of HTTP/2 to make requests asynchronously.
This guide assumes you have already set up a CloudFront distribution with a custom domain running on HTTPS. The only origin of the distribution is currently pointing to the S3 bucket. The article covers setting up one CloudFront distribution to serve both your media library and site assets with the following steps:
- Creating a custom origin to serve the assets
- Edit the default cache behaviour of the distribution
- Create a cache behaviour for the S3 origin
Creating a Custom origin to Serve the Assets
First create a new origin that will serve all the assets from the site as part of the Assets Pull addon. Edit your CloudFront distribution and select the Origins tab and click Create Origin. Set the Origin Domain Name to the domain of your site and set the Origin Protocol Policy to ‘Match Viewer’. Leave the other settings as they are:
Edit the Default Cache Behaviour of the Distribution
Next we need to edit the default behaviour for the distribution to point to the new origin. Select the Behavious tab, select the existing behaviour and click the Edit button:
Change the Origin to the new Custom origin we just created and ensure you turn on Compress Objects Automatically and set Query String Forwarding and Caching to ‘Forward all, cache based on all’.
Create a Cache Behaviour for the S3 Origin
Next add a new behaviour for the S3 origin for serving the site’s media files.
- Click Create Behaviour
- Set Origin as the S3 origin
- Edit the Path Pattern to match the uploads directory of your site with a wildcard for all files under that path, eg.
wp-content/uploads/* - Leave all the other settings as they are
Your behaviours should look like this:
Assets Pull: Configure CORS to Resolve Web Font Issues
If you notice that font files aren’t loading correctly, or receive the following error in the browser console then you need to modify your server configuration.
This is because web fonts are subject to Cross-Origin Resource Sharing (CORS). CORS is a way for a remote host to control access to certain types of resources.
To resolve this issue you need to ensure that your server is sending the correct Access-Control-Allow-Origin header when font files are requested. If you’re unable to modify your server configuration please contact your web host and link them to this article.
Apache
Add the following block to your .htaccess file:
<FilesMatch ".(eot|otf|ttf|woff|woff2)">
Header always set Access-Control-Allow-Origin "*"
</FilesMatch>
Nginx
Add the following location block to your virtual host file (usually within the server directive) and reload Nginx:
location ~* .(eot|otf|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
Invalidate CloudFront Distribution
Once the changes have been made you will need to invalidate the CloudFront cache with a path of “/*”.
Round 1 Steps – assets pull
Creating a Custom origin to Serve the Assets
First create a new origin that will serve all the assets from the site as part of the Assets Pull addon. Edit your CloudFront distribution and select the Origins tab and click Create Origin. Set the Origin Domain Name to the domain of your site and set the Origin Protocol Policy to ‘Match Viewer’. Leave the other settings as they are:
Edit the Default Cache Behaviour of the Distribution
Next we need to edit the default behaviour for the distribution to point to the new origin. Select the Behavious tab, select the existing behaviour and click the Edit button:
Change the Origin to the new Custom origin we just created and ensure you turn on Compress Objects Automatically and set Query String Forwarding and Caching to ‘Forward all, cache based on all’.
Create a Cache Behaviour for the S3 Origin
Next add a new behaviour for the S3 origin for serving the site’s media files.
- Click Create Behaviour
- Set Origin as the S3 origin
- Edit the Path Pattern to match the uploads directory of your site with a wildcard for all files under that path, eg.
wp-content/uploads/* - Leave all the other settings as they are
Your behaviours should look like this:
Test with assets pull plugin
Assets Pull Addon
With the Assets Pull addon you can start serving your site’s assets (CSS, JS, fonts, etc) from CloudFront, or another CDN in just a few clicks.
The addon contains a setup wizard which will walk you through the process of creating a proper CloudFront distribution for serving your assets using your own domain name.
Setup
Once installed and activated, the addon will prompt you to configure it using the wizard. Simply follow the steps to set up CloudFront, or skip to the settings at any time. The only required setting is the domain to use for the assets. If you followed the setup wizard this will already be configured for you.
Testing the Pull Domain
Once you have your domain configured, you can test the configuration of the domain to make sure that requests are flowing through the domain properly before enabling URL rewriting. This can be rechecked again at anytime simply by clicking the Check again link.
FAQ
Which assets will be served from the CDN?
By default, the Assets Pull addon will only rewrite URLs for styles (CSS) and scripts (JS) which are registered through the WordPress enqueue system, but any font or media files referenced via a relative URL will be served via the CDN too.
You can also rewrite URLs for any other kind of asset embedded in HTML using the get_asset_url filter.
Asset pull errors
Assets Pull: Domain Check Errors
The assets pull addon lets you test your chosen domain so you can find out about potential problems before enabling URL rewriting.
The domain check uses the WordPress REST API to be able to make assertions about the configuration of the pull domain that we would otherwise not be able to if we were simply testing a static file.
The following is a list of possible errors that you may encounter when checking the configuration of your domain.
Hostname [example.com] could not be resolved to an IP address
This means your server cannot resolve example.com to an IP address. This could be due to a typo in the domain name or if it is a new domain (or subdomain) you may need to wait a few minutes for DNS changes to propagate. When creating a new distribution with CloudFront, the dXXXXXXXXXXX.cloudfront.net domain for your distribution will be unresolvable for a few minutes after creating it. You can use the Check again link to try again every few minutes until you see this error go away. CloudFront domain names for a new distribution usually propagate within 3-5 minutes from creation.
S3 bucket set as CDN origin.
The CDN has been configured to pull from an S3 bucket instead of the site. The Assets Pull addon requires a different type of CloudFront distribution than used by the core WP Offload Media plugin to offload the Media Library. You must create a new CloudFront distribution for use with the Assets Pull addon.
Please re-run the set up wizard (there is a “Launch CloudFront Set Up Guide” link in the Assets tab once the settings have been saved) and follow its steps to properly configure a new CloudFront (or other CDN) distribution that pulls from the site, not an S3 bucket.
Invalid response code. Received [xxx] from test endpoint.
The cause varies based on the status code returned (xxx).
404 – This means that the requested resource could not be found.
This could happen for a number of reasons:
- The configured pull domain is incorrect
- The configured origin on CloudFront (or your CDN) is not configured correctly
500 – This is potentially due to an internal server error. Check your PHP error log.
Invalid response type. Received [xxxxxxxxxxx].
This will happen for any request that does not return JSON as expected by the test endpoint, which is likely caused by a misconfigured domain or origin.
Query string missing "ver" parameter. Check your configuration.
This means that your CDN is most likely stripping the query string from the URL (everything including and after the ?) to improve caching. It is important that your CDN is not configured to remove the query string to ensure that the proper version of your assets is served. At a minimum, it needs to be configured to allow the ver parameter, but we recommend allowing all.
For CloudFront Users
- Navigate to your CloudFront Distributions in the AWS console
- Select your distribution in the list and click Distribution Settings
- Select the Behaviors tab
- Select your origin from the list and click Edit
- Scroll down to the setting for “Query String Forwarding and Caching”
- Ensure this is set to Forward all, cache based on all
- If you made a change, make sure to scroll to the bottom and click Yes, Edit to save the changes
If you made a change, you will see the distribution will show a status of In Progress in your list of distributions. It may take 15 minutes or more for the changes to finish deploying to all CloudFront edge servers before you see it take effect.
Malformed response from test endpoint.
This means that the response returned a proper code and type, but the body of the response could not be read. This could happen if extra output was included with the response such as PHP errors or notices for example. Check your PHP error log, make sure is set to false and try again.
cURL error 60: SSL certificate problem: unable to get local issuer certificate
This error means your pull domain is using a self-signed certificate and it cannot verify its authenticity.
To bypass verification of SSL certificates (only for our domain check requests) you can add this filter:
add_filter( 'as3cf_assets_pull_test_endpoint_sslverify', '__return_false' );
Note: Do not add this filter on your production site as you want to make sure that your SSL is configured properly and using a valid certificate.
Invalid request signature.
The request signature checks that the response from the CDN came from the correct origin. This error would most likely happen if you were to test the domain from a staging environment using a domain configured to pull from your production site.
Other Errors
If you don’t see your error in this list, please open a support request with us through the Support tab of the WP Offload Media settings screen and be sure to include the message you’re getting.
assset pull
with other plugins
Compatibility With Other Plugins
WP Offload Media has been coded to use WordPress hooks and filters for uploading attachments and serving their URLs. This means that, for the most part, the plugin should be compatible with other plugins.
Most compatibility issues arise when WP Offload Media is configured to remove files from the server after uploading to the bucket. Many types of plugins like sliders, galleries and optimization tools require access to the local file. With so many of these kinds of plugins on the WordPress repository, not to mention premium plugins, it is hard to cater for them all. But we do attempt to cover those plugins we have encountered issues for as we find them.
WP Offload Media Lite
Out of the box the plugin supports the WordPress image editing and Customizer image tools, as well as the popular Regenerate Thumbnails plugin. It also allows plugins to communicate with bucket images, even if they have been removed from the server, fixing the majority of plugin compatibility issues.
WP Offload Media
The paid version adds compatibility with the following plugins and in some cases extra functionality:
- EWWW Image Optimizer
- OFT Regenerate Thumbnails
- Advanced Custom Fields
- Divi Builder
- Easy Digital Downloads
- Enable Media Replace
- Meta Slider
- WooCommerce
- WPML
If there is another plugin you are having issues getting to play nicely with WP Offload Media, then get in touch.
Caching Plugins
You should have no issues using WP Offload Media for your media library alongside a caching plugin like WP Total Cache or WP Rocket. It’s important to remember that WP Offload Media doesn’t provide a page caching solution, which is one of the most important things you can implement to speed up your website. WP Offload Media is designed to work alongside an existing caching solution such as Varnish or FastCGI caching, or a caching plugin.
If your caching plugin includes an option to cache the Media Library via a CDN you should turn that setting off as it will very likely conflict with WP Offload Media.
When using the Assets Pull addon you will need to turn off the CDN feature in your caching plugin for other assets too to avoid potential conflicts.
Third Party Addons
Whilst we can’t build a compatibility integration for every plugin that needs one, we do have a bunch of hooks and filters available that should allow a developer to build their own addon to accomplish what they need. A great starting point is our Tweaks plugin, and we will be happy to assist with development where necessary.
If you have built an addon let us know, it would be great to feature it below:
Plugins That Integrate With WP Offload Media
Although not verified or tested by Delicious Brains, we hear that the following plugins work with WP Offload Media:
- Church Content
- Modula Grid Gallery for WordPress
- ShortPixel Image Optimizer
- Smush Image Compression and Optimization
OFFLOAD MEDIA – How files are updated –
The primary difference is that the old addon would actively scan for asset files in the filesystem of the WordPress install, and upload these files to Amazon S3. Asset URLs could then be rewritten to use S3 URLs or a custom domain of your choice to use with a CDN.
The Assets Pull addon, does not scan or upload your files at all, nor does it have any background processing. It simply rewrites asset URLs to use your custom CDN domain which “pulls” uncached assets from your site on-demand. This is more efficient with system resources and generally advocates better practices such as using a CDN rather than serving directly from the bucket.
Setting up CDN
- Need a second url for the assets ourside of the media files
Rewrite Asset URLs
This is the master switch which controls whether your enqueued assets will be rewritten or not.
Pull Domain
This is the domain which your asset URLs will be rewritten with and is the domain that you need to configure Amazon CloudFront (or your CDN of choice) to pull from your site. The domain should be entered by itself, without any scheme or URL path.
E.g. cdn.example.com
We highly recommend using a subdomain of your site’s domain for SEO. That is, if your site’s main domain is example.com, or www.example.com then we would recommend using a subdomain on the same domain, such as cdn.example.com or assets.example.com.
This domain should be different than the one used for your media files as they serve from different origins, and will likely have other important differences in configuration.
Force HTTPS
By default, asset URLs will use HTTPS when the request is HTTPS and regular HTTP when the request is HTTP, but you may want to force the use of HTTPS always, regardless of the request.
This may be desirable on a site using HTTP, but wishes to take full advantage of performance benefits provided by HTTP/2 for assets which require using HTTPS.
Controlling Settings with Constants
All of the above settings can be defined in your wp-config.php which will override the value saved in the database. For more information, see Settings Constants
Settings Constants
All settings within WP Offload Media and the Assets Addon can be defined using two constants within your wp-config.php file.
WP Offload Media
define( 'AS3CF_SETTINGS', serialize( array(
// Storage Provider ('aws', 'do', 'gcp')
'provider' => 'aws',
// Access Key ID for Storage Provider (aws and do only, replace '*')
'access-key-id' => '********************',
// Secret Access Key for Storage Providers (aws and do only, replace '*')
'secret-access-key' => '**************************************',
// GCP Key File Path (gcp only)
// Make sure hidden from public website, i.e. outside site's document root.
'key-file-path' => '/path/to/key/file.json',
// Use IAM Roles on Amazon Elastic Compute Cloud (EC2) or Google Compute Engine (GCE)
'use-server-roles' => false,
// Bucket to upload files to
'bucket' => 'mybucket',
// Bucket region (e.g. 'us-west-1' - leave blank for default region)
'region' => '',
// Automatically copy files to bucket on upload
'copy-to-s3' => true,
// Rewrite file URLs to bucket
'serve-from-s3' => true,
// Bucket URL format to use ('path', 'cloudfront')
'domain' => 'path',
// Custom domain if 'domain' set to 'cloudfront'
'cloudfront' => 'cdn.exmple.com',
// Enable object prefix, useful if you use your bucket for other files
'enable-object-prefix' => true,
// Object prefix to use if 'enable-object-prefix' is 'true'
'object-prefix' => 'wp-content/uploads/',
// Organize bucket files into YYYY/MM directories
'use-yearmonth-folders' => true,
// Serve files over HTTPS
'force-https' => false,
// Remove the local file version once offloaded to bucket
'remove-local-file' => false,
// Append a timestamped folder to path of files offloaded to bucket
'object-versioning' => true,
) ) );
Assets Pull Addon
define( 'AS3CF_ASSETS_PULL_SETTINGS', serialize( array(
// Rewrite enqueued style/script URLs to CDN domain
'rewrite-urls' => false,
// CDN domain to use
'domain' => 'assets.example.com',
// Serve files over HTTPS
'force-https' => false,
) ) );
!!! IMPORTANT !!!
The above defines should be placed before:
/* That's all, stop editing! Happy blogging. */
/** Absolute path to the WordPress directory. */
if ( !defined('ABSPATH') )
define('ABSPATH', dirname(__FILE__) . '/');
/** Sets up WordPress vars and included files. */
require_once(ABSPATH . 'wp-settings.php');