Asymmetric operates a managed WordPress/WooCommerce stack built on WP Engine with Cloudflare as the front-line layer. The stack is designed to deliver layered security, bot and AI scraper blocking, advanced caching, and consistently high site health scores. Clients hosted on this stack routinely achieve 99–100/100 health scores; clients on third-party platforms (Shopify, Webflow) typically cannot reach the same baseline without significant workarounds.
| Layer | Tool | Role |
|---|---|---|
| DNS & CDN | Cloudflare | Bot blocking, geo-filtering, security rules, edge caching |
| Hosting | WP Engine | Server-level bot blocking, server-side caching |
| E-commerce | WooCommerce | Drop-in Shopify replacement; same payment processor setup |
| Page caching | Rocket (plugin) | CDN caching, edge caching, performance optimization |
| Indexing | Crawl Scout | Daily Google index requests for all unindexed pages |
| Monitoring | Aggregated dashboard + AI | 30+ data sources unified; AI-driven insight layer |
Security is enforced at multiple points rather than relying on any single tool.
Cloudflare (front-of-stack)
- Blocks bots before they reach the origin server
- Supports geo-blocking by country or IP range (e.g., blocking all non-US/EU/CA traffic)
- Web Application Firewall (WAF) rules, including regex-based custom rules
- AI bot blocking — prevents scraping of content and images for model training or video generation
- Security headers (the two headers that cannot be set via HTML must be configured here)
WP Engine (server layer)
- Catches traffic that passes Cloudflare
- Server-level firewall and caching rules
- Provides a second enforcement point independent of Cloudflare
Security Headers
- Asymmetric configures the full set of security headers; four can be injected via HTML, two require Cloudflare
- Moving a client from no headers to a full set typically improves their security grade from D to A
- Firewalls with strict policies will flag or penalize domains missing security headers
Three caching layers interact to maximize speed:
This layered approach, combined with proper DNS configuration, is what enables the 99–100/100 health scores Asymmetric targets for all hosted clients.
Crawl Scout runs daily against every client site and submits index requests to Google for any page not yet indexed. This ensures:
- New and updated pages are indexed as quickly as possible
- Orphaned or low-visibility pages are surfaced and investigated
- The team has daily visibility into how many pages are unindexed and why
All data sources — health scores, indexing status, traffic, security events, ad performance — are aggregated into a single dashboard. An AI layer evaluates the combined inputs and surfaces insights that would not be visible from any single tool alone.
Bot surges are a common problem for clients not on the managed stack. Typical symptoms include:
Remediation options (in order of precision):
papertube.co.uk for UK traffic, allowing finer-grained accept/block rules without affecting the main domainPaperTube example: Bot traffic surged starting February 4–5. The site had Cloudflare configured but the setup was not optimized. Asymmetric offered to audit the Cloudflare configuration and tighten bot protection rules as an immediate step, ahead of any potential full migration to the managed stack. See [1].
| Capability | Asymmetric Stack | Shopify | Webflow |
|---|---|---|---|
| Full Cloudflare control | ✅ | ❌ | ❌ |
| Server-level bot blocking | ✅ | ❌ | ❌ |
| Security header control | ✅ Full | ⚠️ Partial | ⚠️ Partial |
| Multi-layer caching | ✅ | ⚠️ Limited | ⚠️ Limited |
| Daily indexing requests | ✅ | ❌ | ❌ |
| Health score target | 99–100 | Variable | Variable |
Clients on Shopify or Webflow can receive partial improvements (e.g., security headers via HTML injection, DNS moved to Cloudflare), but the full stack benefits require migration to WP Engine + WordPress/WooCommerce.
For e-commerce clients migrating from Shopify:
- WooCommerce is a functional equivalent; payment processor setup is comparable
- Product catalog, orders, and customer data require migration planning
- The primary client-facing experience is unchanged; the security and performance gains are infrastructure-level