MCP WordPress Server

# Production Deployment Guide Complete guide for deploying MCP WordPress Server to production environments. ## Table of Contents - [Quick Start](#quick-start) - [Docker Deployment](#docker-deployment) - [Environment Management](#environment-management) - [Security Configuration](#security-configuration) - [Performance Optimization](#performance-optimization) - [Monitoring & Logging](#monitoring--logging) - [Backup & Recovery](#backup--recovery) - [Troubleshooting](#troubleshooting) ## Quick Start ### Prerequisites - Docker 20.10+ or Node.js 18+ - WordPress site with REST API enabled - Application passwords or JWT authentication configured ### Production Checklist ```bash # 1. Build verification npm run build npm test # 2. Security scan npm run security:scan # 3. Performance validation npm run test:performance # 4. Coverage check npm run coverage:full # 5. Docker deployment docker-compose up -d --build ``` ## Docker Deployment ### Official Docker Image ```bash # Pull latest stable version docker pull docdyhr/mcp-wordpress:latest # Run with environment file docker run -d \ --name mcp-wordpress \ --env-file .env.production \ -p 3000:3000 \ docdyhr/mcp-wordpress:latest ``` ### Docker Compose (Recommended) ```yaml # docker-compose.prod.yml version: "3.8" services: mcp-wordpress: image: docdyhr/mcp-wordpress:latest restart: unless-stopped ports: - "3000:3000" environment: NODE_ENV: production LOG_LEVEL: info env_file: - .env.production volumes: - ./config:/app/config:ro - ./logs:/app/logs - cache_data:/app/cache healthcheck: test: ["CMD", "npm", "run", "health"] interval: 30s timeout: 10s retries: 3 networks: - mcp_network # Optional: Redis for enhanced caching redis: image: redis:7-alpine restart: unless-stopped command: redis-server --appendonly yes volumes: - redis_data:/data networks: - mcp_network volumes: cache_data: redis_data: networks: mcp_network: driver: bridge ``` ### Multi-Stage Dockerfile Optimization ```dockerfile # Dockerfile.prod FROM node:18-alpine AS builder WORKDIR /app COPY package*.json ./ RUN npm ci --only=production COPY . . RUN npm run build # Production stage FROM node:18-alpine AS production RUN addgroup -g 1001 -S nodejs && \ adduser -S nodejs -u 1001 WORKDIR /app COPY --from=builder --chown=nodejs:nodejs /app/dist ./dist COPY --from=builder --chown=nodejs:nodejs /app/node_modules ./node_modules COPY --from=builder --chown=nodejs:nodejs /app/package*.json ./ USER nodejs EXPOSE 3000 HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \ CMD npm run health || exit 1 CMD ["npm", "start"] ``` ## Environment Management ### Production Environment Variables ```bash # .env.production NODE_ENV=production LOG_LEVEL=info DEBUG=false # WordPress Configuration WORDPRESS_SITE_URL=https://your-production-site.com WORDPRESS_USERNAME=production_user WORDPRESS_APP_PASSWORD=xxxx xxxx xxxx xxxx xxxx xxxx WORDPRESS_AUTH_METHOD=app-password # Security ENABLE_CORS=false TRUSTED_ORIGINS=https://your-domain.com API_RATE_LIMIT=100 API_RATE_WINDOW=900000 # Performance CACHE_TTL=3600 CACHE_MAX_SIZE=1000 ENABLE_COMPRESSION=true MAX_REQUEST_SIZE=10mb # Monitoring ENABLE_METRICS=true METRICS_PORT=9090 HEALTH_CHECK_TIMEOUT=5000 ``` ### Multi-Site Production Config ```json { "sites": [ { "id": "production", "name": "Production Site", "config": { "WORDPRESS_SITE_URL": "https://main-site.com", "WORDPRESS_USERNAME": "prod_user", "WORDPRESS_APP_PASSWORD": "secure_app_password", "WORDPRESS_AUTH_METHOD": "app-password" } }, { "id": "staging", "name": "Staging Site", "config": { "WORDPRESS_SITE_URL": "https://staging.main-site.com", "WORDPRESS_USERNAME": "staging_user", "WORDPRESS_APP_PASSWORD": "staging_app_password", "WORDPRESS_AUTH_METHOD": "app-password" } } ], "security": { "enableRateLimit": true, "maxRequestsPerWindow": 100, "windowSizeMs": 900000, "enableCors": false, "trustedOrigins": ["https://main-site.com"] }, "performance": { "cache": { "enabled": true, "defaultTTL": 3600, "maxSize": 1000 }, "compression": true, "maxRequestSize": "10mb" }, "monitoring": { "enableMetrics": true, "metricsPort": 9090, "healthCheckTimeout": 5000, "logLevel": "info" } } ``` ## Security Configuration ### Authentication Best Practices 1. **Application Passwords (Recommended)** ```bash # WordPress Admin → Users → Your Profile → Application Passwords # Generate unique password for MCP server WORDPRESS_APP_PASSWORD=xxxx xxxx xxxx xxxx xxxx xxxx ``` 2. **JWT Authentication** ```bash # Install JWT Authentication plugin # Configure JWT secret in wp-config.php define('JWT_AUTH_SECRET_KEY', 'your-secret-key'); define('JWT_AUTH_CORS_ENABLE', true); ``` ### Network Security ```nginx # nginx.conf - Reverse proxy configuration upstream mcp_wordpress { server 127.0.0.1:3000; keepalive 32; } server { listen 443 ssl http2; server_name api.yourdomain.com; # SSL configuration ssl_certificate /path/to/cert.pem; ssl_certificate_key /path/to/key.pem; ssl_protocols TLSv1.2 TLSv1.3; # Security headers add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; # Rate limiting limit_req_zone $binary_remote_addr zone=api:10m rate=10r/s; limit_req zone=api burst=20 nodelay; location / { proxy_pass http://mcp_wordpress; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_cache_bypass $http_upgrade; proxy_read_timeout 86400; } } ``` ### Secrets Management ```bash # Using Docker secrets (Docker Swarm) echo "your_app_password" | docker secret create wp_app_password - # Using Kubernetes secrets kubectl create secret generic mcp-wordpress-secrets \ --from-literal=wp-app-password=your_app_password \ --from-literal=jwt-secret=your_jwt_secret ``` ## Performance Optimization ### Cache Configuration ```typescript // Production cache settings const cacheConfig = { // Memory cache maxItems: 5000, maxMemoryMB: 512, // TTL settings (seconds) ttl: { posts: 1800, // 30 minutes pages: 3600, // 1 hour users: 7200, // 2 hours media: 86400, // 24 hours settings: 43200, // 12 hours }, // Compression enableCompression: true, compressionLevel: 6, }; ``` ### Database Optimization ```sql -- WordPress database indexes for REST API performance ALTER TABLE wp_posts ADD INDEX idx_post_status_type_date (post_status, post_type, post_date); ALTER TABLE wp_posts ADD INDEX idx_post_name (post_name); ALTER TABLE wp_postmeta ADD INDEX idx_meta_key_value (meta_key, meta_value(191)); ``` ### Load Balancing ```yaml # docker-compose.scale.yml version: "3.8" services: mcp-wordpress: image: docdyhr/mcp-wordpress:latest deploy: replicas: 3 resources: limits: cpus: "0.5" memory: 512M reservations: cpus: "0.25" memory: 256M restart_policy: condition: on-failure delay: 5s max_attempts: 3 environment: NODE_ENV: production networks: - app_network nginx: image: nginx:alpine ports: - "80:80" - "443:443" volumes: - ./nginx.conf:/etc/nginx/nginx.conf:ro - ./ssl:/etc/ssl/certs:ro depends_on: - mcp-wordpress networks: - app_network ``` ## Monitoring & Logging ### Health Checks ```bash # Built-in health check endpoint curl -f http://localhost:3000/health || exit 1 # Detailed health check npm run health # Performance metrics curl http://localhost:9090/metrics ``` ### Structured Logging ```json { "timestamp": "2025-08-11T04:50:00.000Z", "level": "info", "message": "Request completed successfully", "context": { "method": "GET", "endpoint": "/posts", "duration": 145, "statusCode": 200, "cacheHit": true, "siteId": "production" } } ``` ### Monitoring Stack ```yaml # monitoring/docker-compose.yml version: "3.8" services: prometheus: image: prom/prometheus ports: - "9090:9090" volumes: - ./prometheus.yml:/etc/prometheus/prometheus.yml - prometheus_data:/prometheus grafana: image: grafana/grafana ports: - "3001:3000" environment: GF_SECURITY_ADMIN_PASSWORD: admin volumes: - grafana_data:/var/lib/grafana - ./grafana/dashboards:/etc/grafana/provisioning/dashboards loki: image: grafana/loki ports: - "3100:3100" volumes: - ./loki-config.yml:/etc/loki/local-config.yaml - loki_data:/tmp/loki volumes: prometheus_data: grafana_data: loki_data: ``` ## Backup & Recovery ### Data Backup Strategy ```bash # Backup configuration tar -czf config-backup-$(date +%Y%m%d).tar.gz \ .env.production \ mcp-wordpress.config.json \ docker-compose.prod.yml # Cache backup (if needed) docker exec mcp-wordpress tar -czf - /app/cache > cache-backup-$(date +%Y%m%d).tar.gz # Database backup (if using local DB) docker exec postgres pg_dump -U postgres wordpress > db-backup-$(date +%Y%m%d).sql ``` ### Recovery Procedures ```bash # 1. Stop services docker-compose -f docker-compose.prod.yml down # 2. Restore configuration tar -xzf config-backup-20250811.tar.gz # 3. Pull latest image docker-compose -f docker-compose.prod.yml pull # 4. Start services docker-compose -f docker-compose.prod.yml up -d # 5. Verify health npm run health ``` ## Troubleshooting ### Common Production Issues #### 1. High Memory Usage ```bash # Check memory usage docker stats mcp-wordpress # Adjust cache limits export CACHE_MAX_SIZE=500 export CACHE_MAX_MEMORY_MB=256 # Restart service docker-compose restart mcp-wordpress ``` #### 2. WordPress Connection Issues ```bash # Test WordPress connectivity curl -I https://your-wordpress-site.com/wp-json/wp/v2/ # Check authentication npm run test:auth # Verify application password wp user application-password list admin --allow-root ``` #### 3. Performance Degradation ```bash # Check cache hit rate curl http://localhost:9090/metrics | grep cache_hit_rate # Monitor request latency curl http://localhost:9090/metrics | grep request_duration # Check for memory leaks docker exec mcp-wordpress node --inspect=0.0.0.0:9229 dist/index.js ``` #### 4. SSL/TLS Issues ```bash # Test SSL connection openssl s_client -connect your-domain.com:443 -servername your-domain.com # Check certificate expiration echo | openssl s_client -connect your-domain.com:443 2>/dev/null | openssl x509 -noout -dates ``` ### Debug Mode ```bash # Enable debug logging export DEBUG=true export LOG_LEVEL=debug # Restart with debug enabled docker-compose restart mcp-wordpress # View debug logs docker-compose logs -f mcp-wordpress ``` ### Performance Profiling ```bash # CPU profiling docker exec mcp-wordpress node --prof dist/index.js # Memory profiling docker exec mcp-wordpress node --inspect=0.0.0.0:9229 dist/index.js # Heap snapshots docker exec mcp-wordpress node -e " const v8 = require('v8'); const fs = require('fs'); const heapSnapshot = v8.writeHeapSnapshot(); console.log('Heap snapshot written to', heapSnapshot); " ``` --- ## Production Deployment Summary ### Deployment Process 1. **Pre-deployment**: Build → Test → Security Scan → Performance Check 2. **Deployment**: Docker build → Environment setup → Service start → Health check 3. **Post-deployment**: Monitoring setup → Backup configuration → Performance validation ### Key Production Features - **56.37% test coverage** with c8 integration - **485 ESLint violations** (down from 506, ongoing optimization) - **Multi-site support** with centralized configuration - **Enhanced caching** with TTL and LRU eviction - **Structured logging** with context and sanitization - **Security hardening** with rate limiting and CORS - **Performance monitoring** with metrics and health checks ### Maintenance Schedule - **Daily**: Health checks, log review, performance metrics - **Weekly**: Security updates, cache optimization, backup verification - **Monthly**: Full security audit, performance benchmarking, dependency updates - **Quarterly**: Architecture review, capacity planning, disaster recovery testing 🚀 **Production Ready**: MCP WordPress Server is now fully prepared for enterprise production deployments with comprehensive monitoring, security, and performance optimization.