Author

Chris Scott

WordPress — isn’t that just for blogs and small sites? Not any more. It’s now more than capable of handling large, complex, and highly integrated websites.

In this series of posts, we’ll explore how WordPress can be used to rise to the challenge.

The past

WordPress began life as a simple blogging platform. Its global popularity quickly made it a target for hackers, while poor coding from early theme and plugin developers fuelled historic security concerns.

WordPress, engineered

Today, WordPress can be a robust, resilient platform — when properly engineered. Key ingredients include:

  • Layered security infrastructure
  • Coding standards that ensure maintainability
  • Editorial tools that balance creative freedom with brand control
  • Code-driven custom content structures
  • Strict roles and permissions management
  • Comprehensive error logging and reporting
  • Unified, well-structured, integrated data
  • Rigorous development and deployment workflows

With these foundations in place, WordPress is more than capable of powering even the most demanding websites.

Security infrastructure

Let’s look first at security.

Since those early days, WordPress has implemented a dedicated security team to audit the core, make rapid security updates, and vet its plugin directory.

Security plugins such as Wordfence and Sucuri provide an application level firewall, malware scanning, login security, vulnerability monitoring, real-time threat intelligence, and automated blocking of known vulnerabilities. These services also provide 24×7 incident response.

If you’re running single sign-on (SSO), that’s not a problem. WordPress can use an SSO service to enable its logins. If your site is standalone, enforce long and complex passwords and mutli-factor authentication.

WordPress has a customisable roles and permissions model enabling granular control of what users can and cannot do.

As with any site, irrespective of its platform, we recommend using a CDN such as Cloudflare, Fastly or CloudFront to provide shielding from ‘edge’ firewall services and DDoS attacks.

In part 2 I’ll be covering how WordPress can be engineered for optimal maintainability.

See also

WordPress’ Cockney secret

Unexpected autocorrection behaviour on a multi-language WordPress website.

Open Source isn’t really what clients want

Headscape used to offer its own content management system (CMS) to would be clients. It was first developed back in the early noughties when CMSs were ridiculously expensive and awful to use.

How to choose the right technology for your project

Sometimes we have technologies foisted upon us. Sometimes that’s bad. Sometimes it’s good. This post examines approaches we can all learn from when selecting technologies.