Velocity Stack

where security meets speed

3.3 Configuration Management

Configuration management ensures consistent security, caching, and optimization across all Velocity Stack Editions. This page documents configurations in deployment order — from foundational security through fine-tuned performance.

Key principle: Velocity Stack achieves sub-100ms load times with all security controls active. Performance is built on top of security, not instead of it.

Optimization Process

The configuration process follows a systematic approach:

  1. Establish security baseline (non-negotiable)
  2. Run performance metrics (Pingdom, GTmetrix)
  3. Identify largest bottleneck by content type
  4. Apply targeted optimization
  5. Re-test and measure improvement
  6. Repeat until goal is reached

For Velocity Stack, the goal is maximum speed — as fast as possible while maintaining full security.

1. Application Security

Application Security is configured first, before any performance work. Every optimization runs on top of these controls.

User Security

SettingValuePurpose
Login LockoutEnabledBrute force protection
Max Login Attempts3Lock after 3 failures
Lockout Duration60 minutesDelay repeated attempts
Force Logout480 minutesSession timeout (8 hours)
Disable Username EnumerationEnabledHide valid usernames

Firewall

SettingValuePurpose
Basic FirewallEnabledBlock common attacks
Pingback ProtectionEnabledPrevent DDoS vector
Block Debug Log AccessEnabledHide sensitive logs
Disable XML-RPCFully disabledRemove attack surface

File Security

SettingValuePurpose
File Permissions CheckRun and fixCorrect insecure permissions
Application File EditingDisabledNo UI/capability editor
Application File AccessBlock readme, licenseHide version info

Server Rules

RuleStatusPurpose
Block Directory BrowsingEnabledHide folder contents
Disable Trace and TrackEnabledPrevent XST attacks
Block Malicious Query StringsEnabledFilter common exploits

2. Cache Orchestration Layer

Server-Side Caching provides the largest single performance improvement — page caching alone can reduce load times by 90%.

General Settings

SettingValueRationale
Enable CacheONCore functionality
Cache Logged-in UsersOFFAdmin sees live changes
Cache CommentersOFFFresh content after commenting
Cache REST APIONFaster API responses
Cache MobileONSame cache for responsive design

TTL (Time To Live)

Cache TypeTTLNotes
Default Public Cache604800 (1 week)Static content
Default Private Cache1800 (30 min)User-specific
Default Front Page604800 (1 week)Homepage
Default Feed604800 (1 week)RSS feeds

Page Optimization

SettingValueImpact
CSS MinifyONReduces CSS file size
CSS CombineONFewer HTTP requests
Load CSS AsyncONNon-render-blocking
Unused CSS RemovalONRemoves unused styles per page
JS MinifyONReduces JS file size
JS CombineONFewer HTTP requests
Load JS DeferredONNon-render-blocking
HTML MinifyONReduces document size

Image Optimization

SettingValueImpact
Auto Request CronONAutomatic optimization queue
Auto Pull CronONAutomatic retrieval
Optimize Original ImagesONCompress source files
Remove Original BackupsOFFKeep originals for rollback
WebP ReplacementONModern format, smaller files
Lazy Load ImagesONDefer offscreen images
Add Missing DimensionsONPrevents CLS

3. CDN Layer

The CDN Layer provides 6 layers of edge caching through a global network.

CDN Layers

LayerWhat It CachesBenefit
Page CacheFull HTML pagesFastest possible response
Object CacheDatabase queriesReduces database load
Browser CacheStatic assets locallyZero requests on repeat visit
CSS CacheOptimized stylesheetsCombined, minified CSS
JS CacheOptimized scriptsCombined, minified JS
Image CacheOptimized imagesWebP conversion, compression

CDN Setup

  1. Server-Side Caching → General → Request Domain Key
  2. Wait for key generation (usually instant)
  3. Server-Side Caching → CDN → Enable CDN
  4. Verify CDN status shows “Connected”

4. Global DNS & SSL

Global DNS provides worldwide distribution and SSL termination.

DNS Settings

Record TypeNameProxy StatusNotes
A@ (root)ProxiedEdge handles root
CNAMEwwwDNS onlyRequired for CDN Layer
CNAMEdevDNS onlyRequired for CDN Layer
MX@DNS onlyMail routing
TXT@ (SPF, DMARC)DNS onlyEmail authentication

Critical: CDN Layer requires DNS-only mode (gray cloud) for subdomains. Proxied records break CDN functionality.

SSL/TLS Settings

SettingValue
SSL/TLS ModeFull (strict)
Always Use HTTPSON
Automatic HTTPS RewritesON
Minimum TLS VersionTLS 1.2

5. Application Layer Settings

General

SettingValue
TimezoneAmerica/New_York (or client TZ)
Date FormatF j, Y
Time Formatg:i a

Permalinks

SettingValueReason
Permalink Structure/%postname%/SEO-friendly, cacheable

Reading

SettingDevelopmentProduction
Search Engine VisibilityDiscourage indexingAllow indexing

6. UI Layer

The UI Layer includes cleanup functions that remove unnecessary overhead.

functions.php Sections

SectionPurposeImpact
1. Enqueue StylesLoad stylesheets, preload fontsCritical path optimization
2. Disable External FontsRemove external font requestsEliminates 2 HTTP requests
3. CleanupRemove emoji, Gravatar, dashiconsReduces unused assets
4. Custom CopyrightDynamic footer copyrightMinimal impact

7. Font Optimization (Fine-Tuning)

After major optimizations are in place, font loading often remains as the largest content type. This is the final optimization step.

Default vs. Optimized

ApproachRequestsPayload
External Fonts (4 weights)2 external~200KB
Self-hosted (4 weights)4 local~200KB
Self-hosted, subsetted (1 weight)1 local~10KB

Optimization Steps

  1. Identify which font weights are actually used on the site
  2. Download required weight(s) only
  3. Subset using font editing tool — remove unused glyphs
  4. Export optimized WOFF2 to /fonts/
  5. Preload in functions.php
  6. Disable external font requests

Result: 95% reduction in font payload (~200KB → ~10KB)

Configuration Export/Import

Server-Side Caching

  1. Cache Settings → Toolbox → Export
  2. Download settings file
  3. Store in SDLC Platform repository or template

Application Security

  1. Security Settings → Export/Import
  2. Export settings to file
  3. Store securely (contains security rules)

Configuration Checklist

  • ☐ Application Security configured and active
  • ☐ Firewall rules enabled
  • ☐ Login protection active
  • ☐ Server-Side Caching installed and configured
  • ☐ CDN Layer domain key active
  • ☐ Page caching enabled
  • ☐ CSS/JS optimization enabled
  • ☐ Unused CSS removal complete
  • ☐ Image optimization enabled
  • ☐ Global DNS configured (DNS-only for subdomains)
  • ☐ SSL/TLS set to Full (strict)
  • ☐ Application Layer permalinks set to /%postname%/
  • ☐ UI Layer active
  • ☐ External fonts disabled
  • ☐ Fonts subsetted and preloaded
  • ☐ Cache warmed and verified