WordPress is the leading choice for websites. It’s an excellent way to manage dynamic content. It’s open-source, so you can add third-party code or write your own to enhance it.
It has some issues, though. You have to keep up with updates to maintain security. It’s all written in interpreted PHP, so it requires enough processing power to keep responses from lagging. A page with a complex theme and many plugins is especially likely to be slow.
An alternative is to use WordPress in “headless” mode as a back end for content, combining it with a different service to create the presentation. AWS Lambda can provide the front-end service, offering scalability and security. The architecture isn’t for everyone, but it’s an excellent choice for some websites.
Web services on AWS Lambda
Amazon’s AWS Lambda is a “serverless” computing platform. Running a Web server on a serverless platform sounds like a contradiction in terms. The explanation is that “serverless,” surprisingly, doesn’t mean “without a server.” It means that server management is transparent to the customer using Lambda.
Serverless computing goes by the more accurate name of “functions as a service.” You create the functions; the service handles the HTTP wrapper. It treats HTTP requests as events. An event triggers a function.
You define one or more functions, which depend on the request path. The functions return content, which the service sends back as an HTTP response. If you’re familiar with RESTful APIs, this should sound familiar. It’s more complicated than REST, since you have to deal with cookies, but the idea is broadly the same.
Lambda is scalable, so it can handle bursts of requests without slowing down significantly. The back end can still be a bottleneck.
Being serverless implies being stateless. You can’t build much of a dynamic Web service from Lambda alone, since it can’t hold state information. What you can do is combine it with a stateful back end. The back end creates dynamic content, handles user sessions, and controls access. The front end formats the content, adding static elements. It reports some error conditions, such as “404 not found” for paths that aren’t recognized.
Headless WordPress
Many different back ends will serve the purpose, but going with a popular and versatile one like WordPress has a lot going for it. When it’s used this way, WordPress goes back to the original meaning of a “content management system” (CMS). It’s managing just the content, not the presentation.
You can use WordPress this way because of its REST API. A front end can use the API to retrieve or modify content. The API handles authentication on protected pages. Communication is through JSON data. You have the full use of the WordPress database and can install plugins.
WordPress isn’t directly exposed to the outside world, so it’s very hard for anyone to exploit most of the weaknesses that may turn up. The file system isn’t on a machine which communicates with the browser. It’s much harder for an intruder to get at wp-config.php or other static files.
A headless WordPress needs to run on a Web server and have a database, like any other WordPress installation. It needs a theme because the software requires one, but it can be minimal. After you finish setting it up, all communication will be through your chosen front end.
Just as a “serverless” system isn’t really serverless, a headless WordPress installation isn’t utterly headless. You still manage it through the admin dashboard. You can severely restrict access to it, since outside browsers don’t need to reach any part of the installation. A good strategy is to make it reachable only from your local network.
Putting the two together
Having a separate front end on Lambda gives your user interface huge flexibility. You can choose from many programming languages. You can create a conventional page-oriented site or a single-page site.
This separation lends itself to multichannel content publishing. Any number of sites can draw content from the same WordPress back end. If you need to change a content item, you just change it on WordPress, and all the front end services that use it will automatically be updated.
Your Lambda costs are based on the amount of processing done on AWS. If you get a burst of traffic, Lambda will provide the resources to handle it. Invalid HTTP requests don’t go to the WordPress server, so it carries less of a burden. Attacks based on URL-related vulnerabilities won’t work, and denial-of-service attacks are less likely to cripple the site.
The WordPress back end can be heavy on business logic without burdening the front end. A site with a mixture of static and dynamic content will consistently deliver the static content, such as images and CSS files, quickly.
Some cautions
An architecture with a separate front and back end is considerably more complicated than a one-piece CMS. Linking the Lambda service to WordPress will require custom development by someone who knows the API well.
Being stateless, Lambda can’t cache content, so you’ll want to add a caching component, such as ElastiCache, for best performance. Headless WordPress can cache its own content but not the page as delivered to the browser.
Support is more complicated when you have two pieces that have to stay in sync. The WordPress REST API isn’t likely to have any backward-incompatible changes, but there could be subtle differences in behavior with a new version. You still need to keep the software up to the latest version; some vulnerabilities may remain exploitable, and there could be issues with the API (though they’re rare).
Is Lambda + headless WordPress for you?
For most websites, regular WordPress works fine without a separate front end. There are some cases, though, where replacing the front end with a Lambda Web service offers major advantages. Managing multiple sites with common content benefits from this architecture. Site security is better than with a normal WordPress site. AWS Lambda offers excellent scalability and fast responses with static content.
WordPress themes make the software versatile on the presentation side, but it may not be able to do everything you want by itself. With a custom user interface on Lambda, there are no limits on the user interface you can offer.
If your organization is up to the challenge, Lambda plus headless WordPress could be the best way to create the site you want. When you’re looking to go beyond the conventional, our consulting services can help you to find the best choice. Get in touch with us to find out how.
