... and what can be done about it
Many successful WordPress site owners have moved their sites over to WPEngine for their high performance and high speed even under very heavy traffic.
WP Engine is able to provide this kind of speed thanks to their "hand-built a WordPress-specific EverCache system" and "a fully-managed CDN service" (for more info see WP Engine's articles on speed and infrastructure).
However, digging deeper reveals, that Cookies and PHP Sessions don't work as one would expect or want:
- PHP Sessions are actually incompatible with WP Engine page caching. They list a number of security reasons for that, including Session Poisoning, Session Fixation, and Session ID Hijacking.
Sessions generally aren’t compatible with page caching, because the arguments at the end of the URL that carry
$_SESSIONinformation are dropped. This means that if you (or your users) are logged into WordPress, Sessions will likely work as expected. Otherwise, Session data will appear to be empty.
This does not mean that you cannot use PHP at all with cookies. If you want to use PHP, then you will need to use Ajax to make requests to the server and run PHP code. WordPress has native support for Ajax functionality, and also makes that functionality extensible. For more information on using Ajax with WordPress, see the Codex entries for Ajax and Ajax in Plugins.
All this sounds fine until you figure out that:
Plugin developers don't code with systems in mind that use such restrictive page caching. Which means that your average eCommerce system (like WooCommerce) will not be able to function without cookies.
WPEngine's standpoint is that
- or you need to ask WPEngine Support to turn cache off on your eCommerce system's front-end pages
Because these settings can vary from site to site, we currently require you to submit a ticket to request pages on your site be un-cached.
For our customers who are set up on clusters, we would have to completely change how our load balancers work, just to make sure that $_SESSION variables were available between different servers
Now let's imagine you have a burst of visits to your eCommerce site and you went with the second option - turning cache off.
Well, nicely put, your business will have a crisis as even WPEngine's environment cannot handle a huge number of visits, if caching is off and they hadn't prepared for the load in advance.
The above 502 error shows you just such a crisis. This happened to our client Dave McGeady this weekend. Dave's dream came true: his small business was featured in a full page article in the Daily Mirror national newspaper in the UK. Wyldsson Elite Nutrition has had a sudden spike in visitors. As Dave explains.
Rory McIlroy (golfer) was eating my products on television while he was playing golf on Sunday.
This is truly a great media mention. Such a huge amount of traffic to your site sounds like a great boost for your business, right? Well, not if your site cannot handle it.
A small business can only hope for a few such events per year. To lose that traffic to 502 errors is worse than frustrating.
The only solutions in such a case are, as far as I can tell, getting moved to a stronger server or node or disabling plugins you don't need desperately and WordPress functionality like (sending of emails), while the huge load lasts. Preferably both.
If you are a developer or have a team of developers and want to go with the first option - handle cookies in PHP with Ajax, here is a neat article about how to set it all up:
WP Engine Failed Dave McGeady: What WP Engine Should Have Done Better
The above is a cool developer's perspective written by Karol. I'm Alec the founder and creative director at Foliovision. As a business owner, I think a bit differently: I'd be furious if my (relatively) expensive hosting went down under load. My expectation would be completely different. Instead of making excuses for the failure as did John at WP Engine, shifting blame to payment provider Paymill, WP Engine should have moved Dave's site immediately to a high availability node and worked with Dave through the spike to keep his site up.
If you don't know how WP Engine bills, here's how it works: you pay per visitor. Therefore by keeping Dave's site up, WP Engine would make more money. WP Engine's services are anything but free: each visitor costs .00065 cents which adds up quickly: two million visitors would cost $1300/month. This is not huge traffic: two million visitors/month is just 60K odd visitors per day.
Hopefully WP Engine doesn't have the temerity to try to bill Dave for the visitors to whom they served 502 pages, throwing out high value traffic and a one time opportunity forever. I'm worried they might as billing is based on IP addresses and these failing IP addresses are still IP addressed.
Sure WP Engine could insist Dave take some steps to lower the load but throwing his site down the memory hole during his short term spike is bad business and very bad manners.
Long Term Solution to WP Engine eCommerce Woes
WP Engine expecting all site owners to run their ecommerce according to their narrow guidelines is a bit developer centric and unrealistic.
It's not an impossible technical order. Our preferred caching solution HyperCache does not suffer from these limitations (HyperCache is very flexible with mobile themes as well).
WP Engine is a good host and have some fantastic technology (staging areas, built-in caching, automated backups) but ecommerce support is an area where they could really improve.
Urgent Improvements to High Load Process
Even more so, WP Engine's reaction to heavy load must improve. Media events happen unexpectedly and a business calibre host has to be ready to support your site instantly when they do.
What we do for our VIP hosted clients: we make sure there's enough processor available, we cut back on any unnecessary processor intensive features (i.e.subscribe to comments), make some dynamic sections static and ride out the storm with our clients with next to zero downtime. With the advantage of scale, WP Engine can and should automate most of this routine.
Wyldsson Elite Nutrition should not have gone down for longer than five or ten minutes, the time it takes WP Engine's tech team to automatically detect a 502, determine that it's not DDOS (i.e. it's legitimate traffic) and duplicate the site out to a higher availability node.
What happens afterwards and how WP Engine charges for the extra traffic is up to them. Taking down business sites during media events is not acceptable for premium hosting.