WordPress as an Enterprise CMS

The Challenge

Large companies are facing a challenge in the modern digital world. They desperately need to adapt their legacy systems to be more agile, dynamic and responsive. To do this they will need to migrate toward a flexible CMS and separate business application to facilitate scalability and future development of each area. The goal of this article is to provide links and resources advocating WordPress as the driving force of the corporate forward facing website. Symfony, as well as other solutions, could allow for business logic applications to be seamlessly and securely integrated into pages and templates created by WordPress.

WordPress Security Concerns

The first issue brought up when considering WordPress as an Enterprise CMS is security. Because of WordPress’ popularity and widespread usage, threats against WordPress sites are common. The reality of this threat is often overblown. Many steps can be taken to ensure your WordPress installation is secure, whether for your personal site or for a large corporation.

One of the most common security lapses is to not keep your WordPress core and plugins up to date. WordPress releases patches and full version updates often to address security issues, bugs, and overall improvements. If WordPress was so vulnerable as many portray, then it would fail as a platform. This is clearly not happening. There are a couple of precautions and best practices you can implement to put remaining security objections from the CTO to rest.

Here are three of the best security plugins that can give you added assurance:

Sucuri WordPress Pluginhttp://sucuri.net/wordpress-security-monitoring

Better WP Securityhttp://wordpress.org/plugins/better-wp-security


Here are some additional resources to keep your security efforts proactive:

Hardening WordPresshttp://codex.wordpress.org/Hardening_WordPress

Stop Brute Force Attackshttp://blairwilliams.com/2013/09/09/a-new-tool-to-stop-brute-force-attacks-on-wordpress

Just Say No to Hackershttp://www.searchenginejournal.com/just-say-no-to-hackers-how-to-harden-your-wordpress-security

Securing WordPress: Hardening Basics  - http://www.tripwire.com/state-of-security/vulnerability-management/hardening-wordpress-basics

Hosting and CDN

Another issue to consider is hosting. Most companies traditionally have propped up their own servers internally. While this may have been a way to secure the boxes themselves, there were still risks involved including uptime, monitoring, and regular maintenance. Not to mention bandwidth demands.

There are undeniable advantages to being in the cloud. Security can actually increase, uptime is very high depending on the provider, and many are utilizing CDNs (Content Delivery Network). There is one solution that does it all. Enterprise level security, cloud storage, redundancy, content delivery, and trusted by many of the world’s best companies.

Amazon Web Servies (AWS) – http://aws.amazon.com/

Here is a great presentation of an advanced AWS + WordPress setup: http://harish11g.blogspot.com/2012/01/scaling-wordpress-aws-amazon-ec2-high.html

WordPress + Web Service

One of the most common ways to address legacy data is the use of a web services layer. This solution can work for corporate websites as well as mobile applications. Here is one of the best posts I’ve found on the subject: http://scotty-t.com/2012/02/09/wordpress-web-services. In a corporate environment, this of course should not be left to the web designer. I would put this in the hands of an information architect or server administrator to design the stack.

For the developer, here is a good read about creating a JSON REST API for WordPress.

Music to ITs Ears

After you’ve addressed security, hosting and architecture, you will still be face with some integration challenges. Enter Symfony. Symfony is a solid PHP framework that can ease some of the pain of connecting information and services to a WordPress driven front end site. Here are some resources for combining the power of WordPress with the flexibility of Symfony:

Symfony 2 application with WordPress as CMShttp://stackoverflow.com/questions/14395074/symfony-2-application-with-wordpress-as-cms

Use Symfony2 components inside WordPress - http://www.slideshare.net/miziomon/use-symfony2-components-inside-wordpress

Integrate Symfony 2 with WordPresshttps://gist.github.com/kayue/1170134

It’s All About the Data

In a business environment, you’ll likely need you WordPress site to share some of the functionality of the business applications. Wouldn’t it be nice to simply iframe that? Well unfortunately there are too many risks involved in that, but below are two promising options that demand further exploration:

Porthole – Secure Cross Domain iframe Communication - http://ternarylabs.github.io/porthole

HookPress plugin – http://wordpress.org/plugins/hookpress


This is a very complex and contested topic. I myself do not have the expertise in all areas to say with authority that WordPress is the ultimate solution as an Enterprise CMS. That may vary on a case-by-case basis, but the links and resources in this article, plus a talented development team, would make a compelling argument for WordPress as the driving force behind a successful corporate website. Many well known organizations already use WordPress for their online presence. Here are just a few:

The New York Times corporate site – http://www.nytco.com/

NASA APPEL – http://appel.nasa.gov/

The New York Posthttp://nypost.com/

Best Buy Mobile – http://bestbuymobile.com/

SAP Community – http://en.sap.info/

Fordhttp://social.ford.com/ & http://blog.ford.ca/

ebay inc – http://blog.ebay.com/


The Next Webhttp://thenextweb.com/

BBC Americahttp://www.bbcamerica.com/

UPS Racing – http://racing.ups.com/

Todd Lyda

Making my way through the world as an in-house, WordPress evangelist.

Leave a Reply