Process Dec 29, 2025 7 min read
Neuroblastoma Research Foundation — Technical Case Study
WordPress backend modernization using PHP 8.3, Docker Compose, MariaDB 10.5.4, and Nginx with production media fallback. Implemented environment-aware configuration, 3-tier caching (OPcache, Memcached, Redis), Virtual Orders v2.1, and 4 payment gateways. 59-plugin enterprise stack with OWASP security compliance for medical research fundraising platform.
Lushano Perera
Author
Backend Infrastructure Modernization for a Medical Research WordPress Platform
Context
The Neuroblastoma Research Foundation website (neuroblastoma.org) is a mission-critical WordPress platform serving a pediatric cancer research organization in Italy. The original website was developed by a previous agency, creating a production-stable multisite installation supporting donation processing, multi-language content, and medical research communications.
Scope of Work
This case study documents the backend infrastructure modernization, focusing on:
- Docker containerization for local development
- Environment-aware configuration management
- Database migration and production synchronization
- Virtual Orders system implementation (v2.1)
- Performance optimization and security hardening
Business Context
- Organization: Italian medical research foundation (pediatric cancer)
- Mission: Neuroblastoma research funding, patient support, medical community engagement
- Audience: Researchers, donors, families, medical professionals
- Languages: Italian (primary) + English (international)
Technology Stack
| Category | Technology | Version | Purpose |
|---|---|---|---|
| CMS | WordPress | 6.8.3 | Content management, multisite |
| PHP | PHP-FPM | 8.3 | Application server |
| Database | MariaDB | 10.5.4 | Data persistence |
| Web Server | Nginx | Latest | Reverse proxy, static assets |
| Caching | Memcached | Latest | Object caching |
| Caching | Redis | Latest | Session/cache extension |
| Caching | OPcache | PHP 8.3 | Bytecode caching |
| Containerization | Docker Compose | v2 | Development environment |
| Theme | Avada | Latest | Frontend design (agency work) |
| Page Builder | Fusion Builder | 3.13.3 | Visual editing (agency work) |
PHP Extensions Configured
# From php/Dockerfile
FROM php:8.3-fpm
# Core extensions
docker-php-ext-install pdo_mysql mysqli curl
docker-php-ext-configure gd --with-freetype --with-jpeg
docker-php-ext-install gd
# Performance extensions
pecl install -o -f redis
echo "extension=redis.so" > /usr/local/etc/php/conf.d/redis.ini
echo "opcache.enable_cli=1" >> /usr/local/etc/php/conf.d/docker-php-ext-opcache.ini
Architecture
Docker Services Architecture
Production Media Fallback
A key infrastructure decision was implementing a production media fallback in Nginx, enabling development without syncing large media libraries:
# From nginx/default.conf
# Matches any URL containing /wp-content/uploads/
location ~ "^(.*)/wp-content/uploads/(.*)$" {
try_files $uri @prod_serv;
}
# Redirects to production server for missing media
location @prod_serv {
rewrite "^(.*)/wp-content/uploads/(.*)$"
"https://neuroblastoma.org/wp-content/uploads/$2" redirect;
}
# Image fallback with DNS resolution
location @image_fallback {
resolver 208.67.222.222; # OpenDNS
proxy_pass https://neuroblastoma.org;
}
Benefits:
- Eliminates need to sync 10+ GB media library
- Development environment stays lightweight
- Seamless user experience during development testing
- Reduces local storage requirements
Key Implementation: Environment-Aware Configuration
Challenge
The existing wp-config.php lacked proper environment separation, making local development error-prone and requiring manual configuration changes.
Solution
Implemented intelligent environment detection supporting both web and CLI contexts:
// From wp-config.php - Environment Detection
// Handle both web and CLI contexts
$is_local = false;
if (defined('WP_CLI') && WP_CLI) {
// WP-CLI context - assume local environment
$is_local = true;
} elseif (isset($_SERVER['HTTP_HOST']) &&
strpos($_SERVER['HTTP_HOST'], 'neuroblastoma.org.local') !== false) {
// Web context - local environment
$is_local = true;
}
if (!$is_local) {
// Production environment
define('FORCE_SSL_ADMIN', true);
if (isset($_SERVER['HTTP_X_FORWARDED_PROTO']) &&
strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS']='on';
}
}
// Environment-based database configuration
if ($is_local) {
// Local Docker environment
define('DB_NAME', 'c16_neuroblast');
define('DB_USER', 'c16_neuroblast');
define('DB_PASSWORD', '***');
define('DB_HOST', 'mariadb'); // Docker container name
} else {
// Production environment
define('DB_NAME', 'wp_neuro');
define('DB_USER', 'wp_neuro');
define('DB_PASSWORD', '***');
define('DB_HOST', 'localhost:3306');
}
Implementation Details
| Feature | Implementation |
|---|---|
| WP-CLI Support | Detects CLI context to prevent HTTP_HOST errors |
| SSL Handling | Supports load balancer X-Forwarded-Proto header |
| Database Switching | Automatic host switching (Docker vs. production) |
| Memory Management | 512MB limit for large content operations |
| Error Logging | Dynamic path resolution for any document root |
Virtual Orders System (v2.1)
Overview
A significant backend implementation was the Virtual Orders system, enabling automated order processing for the donation and e-commerce platform.
Documentation Generated
| Document | Purpose | Size |
|---|---|---|
VIRTUAL_ORDERS_V2.1_IMPLEMENTATION_SUMMARY.md | Complete technical overview | 16KB |
VIRTUAL_ORDERS_V2.1_CHANGELOG.md | Version history and changes | 14KB |
VIRTUAL_ORDERS_V2.1_TEST_PLAN.md | Comprehensive test scenarios | 21KB |
VIRTUAL_ORDERS_V2.1_OPERATIONS_GUIDE.md | Operational procedures | 17KB |
VIRTUAL_ORDERS_V2.1_SECURITY_COMPLETE.md | Security audit results | 16KB |
PERFORMANCE_ANALYSIS_VIRTUAL_ORDERS_V2.1.md | Performance benchmarks | 46KB |
SECURITY_AUDIT_VIRTUAL_ORDERS_V2.1.md | OWASP compliance review | 18KB |
Quality Assurance
- Formal code review documentation
- Security audit with OWASP compliance verification
- Performance analysis and optimization
- Comprehensive test plan with scenarios
Plugin Architecture
Core Donation System
The platform utilizes a dual donation system:
| Plugin | Purpose | Integration |
|---|---|---|
| Give | Primary donation platform | Recurring donations, forms |
| Give Form Field Manager | Custom form fields | Donor data collection |
| Give Recurring | Subscription donations | Monthly/annual giving |
| YITH Donations | WooCommerce donations | Product-based donations |
Payment Gateway Stack (Italy-Focused)
Payment Gateways
├── Stripe (International)
│ └── Cards, Apple Pay, Google Pay
├── PayPal Payments
│ └── Global payment processing
├── GestPay (Banca Sella)
│ └── Italian bank integration
└── Satispay
└── Italian mobile payments
Custom Donation Page Integration
The page-donazioni-on-line.php implements direct GestPay SOAP integration:
// From wp-content/themes/Avada-Child-Theme/page-donazioni-on-line.php
// Production GestPay credentials
$shopLogin = '9008631';
$currency = '242'; // Euro
// Membership fee validation (minimum €100)
function checkQuota() {
if (jQuery("#causale").val() == "Quota associativa") {
if (selecteditem == "altro") {
if (jQuery("#importo-donazione-altro").val() < 100) {
jQuery("#quota_msg").html(
"Per la quota associativa, l'importo minimo è €100,00."
);
return false;
}
}
}
return true;
}
// NuSOAP client for GestPay encryption
require_once($_SERVER["DOCUMENT_ROOT"]."/lib/nusoap.php");
$wsdl = "https://ecomms2s.sella.it/gestpay/gestpayws/WSCryptDecrypt.asmx?WSDL";
$client = new nusoap_client($wsdl, true);
// Encrypt payment parameters
$param = array(
'shopLogin' => $shopLogin,
'uicCode' => $currency,
'amount' => $amount,
'shopTransactionId' => $shopTransactionID
);
$objectresult = $client->call('Encrypt', $param);
Plugin Inventory Summary
| Category | Count | Notable Plugins |
|---|---|---|
| Donation/Fundraising | 4 | Give, Give Recurring, YITH Donations |
| E-Commerce | 9 | WooCommerce, Checkout Manager Pro |
| Payment Gateways | 4 | Stripe, PayPal, GestPay, Satispay |
| Multilingual | 3 | WPML, String Translation, Loco |
| Security | 4 | Really Simple SSL, Role Editor |
| SEO | 1 | Yoast SEO Premium |
| Performance | 3 | Varnish Purge, OPcache Reset |
| Backup/Migration | 4 | Duplicator, AIOIM, WP Migrate DB Pro |
| Custom | 1 | wp-neuroblastoma-export |
| Total | 59 | Full enterprise stack |
Database Architecture
Configuration
# From docker-compose.yml
mariadb:
image: mariadb:10.5.4
volumes:
- ./mariadb:/var/lib/mysql
environment:
MYSQL_DATABASE: c16_neuroblast
MYSQL_USER: c16_neuroblast
ports:
- "3306:3306"
Key Settings
| Setting | Value | Purpose |
|---|---|---|
| Table Prefix | neuro_ | Namespace isolation |
| Character Set | utf8mb4 | Full Unicode support |
| Multisite | WP_ALLOW_MULTISITE = true | Multi-language support |
| Memory Limit | 512MB | Large content operations |
Directory Structure
neuroblastoma.org/
├── docker-compose.yml # Container orchestration
├── wp-config.php # Environment-aware configuration
│
├── nginx/
│ ├── Dockerfile # Nginx image build
│ └── default.conf # Production fallback config
│
├── php/
│ └── Dockerfile # PHP 8.3-FPM + extensions
│
├── mariadb/ # Database persistent storage
│ └── c16_neuroblast/ # Database files
│
├── eng/ # English subdirectory (multisite)
│ ├── wp-admin/
│ ├── wp-content/
│ └── wp-includes/
│
├── wp-content/
│ ├── themes/
│ │ ├── Avada/ # Commercial theme (agency)
│ │ └── Avada-Child-Theme/ # Customizations
│ │ └── page-donazioni-on-line.php # Custom donation
│ ├── plugins/ # 59 plugins installed
│ └── mu-plugins/ # Must-use plugins
│
└── docs/ # Generated documentation
├── CASE_STUDY_TECHNICAL.md
└── CASE_STUDY_EXECUTIVE.md
Development Timeline
| Date | Milestone | Description |
|---|---|---|
| March 23, 2021 | Repository Creation | Initial Git tracking of production site |
| March 31, 2021 | Production Sync | Aligned repository with live environment |
| October 6, 2025 | Modernization | wp-config.php overhaul, database import |
| October 7-9, 2025 | Virtual Orders v2.1 | Complete system implementation |
Git History Summary
Commits: 3 total (production-first development)
Contributors: 1 (backend specialist)
Timespan: 4.6 years (March 2021 - October 2025)
Security Implementation
SSL/TLS Configuration
// Session security (Really Simple SSL)
@ini_set('session.cookie_httponly', true);
@ini_set('session.cookie_secure', true);
@ini_set('session.use_only_cookies', true);
// Production HTTPS enforcement
define('FORCE_SSL_ADMIN', true);
if (strpos($_SERVER['HTTP_X_FORWARDED_PROTO'], 'https') !== false) {
$_SERVER['HTTPS'] = 'on';
}
Security Measures
| Measure | Implementation |
|---|---|
| SSL Enforcement | FORCE_SSL_ADMIN + load balancer detection |
| Admin Protection | Custom admin login URL |
| Cookie Security | httpOnly, secure, cookie-only sessions |
| PCI Compliance | Stripe + GestPay certified gateways |
| GDPR | Cookie notice, data consent forms |
| Access Control | User Role Editor for fine-grained permissions |
Performance Optimizations
Caching Stack
Caching Layers
├── OPcache (PHP bytecode)
│ └── CLI enabled for WP-CLI performance
├── Memcached (Object cache)
│ └── WordPress transients and queries
├── Redis (Optional)
│ └── Session handling capability
└── Varnish HTTP Purge
└── Full-page cache invalidation
Docker Performance
# Optimized volume mounting
app:
image: php:8.3-fpm
volumes:
- .:/var/www/html:delegated # macOS performance optimization
Nginx Buffering
fastcgi_buffer_size 16k;
fastcgi_buffers 4 16k;
client_max_body_size 100m;
Quality Practices
Documentation Standards
- Comprehensive markdown documentation for all major features
- Security audit reports
- Performance analysis benchmarks
- Test plans with scenarios
- Operations guides for production
Code Review Process
VIRTUAL_ORDERS_CODE_REVIEW.md– Detailed reviewVIRTUAL_ORDERS_V2_FIXES_APPLIED.md– Issue tracking- Security audit documentation
Key Learnings
1. Production-First Development
The sparse Git history reflects a production-stable system where changes are carefully planned rather than frequently iterated.
2. Environment Isolation
Docker-based development with production media fallback enables efficient local development without massive data synchronization.
3. Plugin Ecosystem Management
59 plugins require careful dependency management and update coordination, addressed through:
- ManageWP remote monitoring
- Multiple backup systems (Duplicator, AIOIM, WP Migrate DB Pro)
- Varnish cache purging for updates
4. Medical Industry Requirements
Payment processing, donor data, and medical research content require:
- PCI-compliant payment gateways
- GDPR-compliant data handling
- SSL/TLS enforcement throughout
- Audit trails for donations
Technologies Demonstrated
- Backend: PHP 8.3, WordPress 6.8, Custom SOAP integrations
- Database: MariaDB 10.5.4, Query optimization
- Infrastructure: Docker Compose, Nginx, Memcached, Redis
- DevOps: Environment-aware configuration, Production fallbacks
- Security: SSL/TLS, OWASP compliance, PCI-DSS awareness
- Documentation: Technical writing, Security audits, Test plans
Conclusion
This backend modernization transformed a legacy WordPress installation into a professionally managed, containerized development environment while maintaining the stability required for a medical research foundation. The implementation demonstrates:
- Infrastructure expertise: Docker containerization with production-aware configuration
- Security consciousness: Multi-layer security implementation for medical/financial data
- Documentation standards: Comprehensive technical documentation for maintenance
- Performance optimization: Multi-tier caching for optimal user experience
The project successfully bridges the gap between the original agency-developed frontend and modern DevOps practices, ensuring the platform can continue serving the Neuroblastoma Research Foundation’s mission of advancing pediatric cancer research.