ElasticPress.io Autosuggest – ElasticPress.io

In order to provide the most performant Autosuggest search experience, ElasticPress.io includes a custom API layer that enables your site visitors to quickly search your site’s public content while limiting access to the Elasticsearch database that stores and powers the ElasticPress search experience.

Why a custom API layer?

As you may be aware, the ElasticPress plugin establishes a connector between your WordPress site and an Elasticsearch database, or index. While Elasticsearch is a powerful search and query tool, it must be secured, just like the MySQL database that powers your WordPress site.

For most queries, ElasticPress sends requests from the WordPress site/server to the Elasticsearch index, which makes it relatively straightforward to secure Elasticsearch through the use of username/password authentication. Most Elasticsearch cloud services offer some version of this authentication, and you are able to save credentials for this connection in your wp-config.php file in the same manner as you would store your MySQL credentials. This means that queries that run through your WordPress server are at least somewhat protected (though we do recommend additional layers of security should you choose to self-host, such as IP limitations).

With Autosuggest, the fastest way to perform these queries is directly against the Elasticsearch index. This enables us to skip loading WordPress (necessary for any typical AJAX request like the ones created by some autosuggest plugins), and it allows us to skip using a custom PHP proxy on the WordPress site (cumbersome to maintain and keep compatible with Elasticsearch, and prone to failure, while also requiring an additional network hop).

However, Elasticsearch security is not granular enough to prevent access to unwanted content, such as making draft posts or WooCommerce Orders available if Protected Content is enabled. ElasticPress.io solves this by implementing a custom service that provides necessary security while maximizing security. As a result, ElasticPress.io Autosuggest is secure, performant, and configuration free for any subscriber!