Overview
A multinational client required a secure, scalable, and high-performance WordPress platform to serve both internal and external audiences. The system needed to handle variable traffic loads, integrate with corporate authentication through Microsoft Entra ID (Azure AD) for SSO, and support a fully custom PHP-based theme tailored to the company’s brand and accessibility standards.
The solution was architected on AWS using EC2 Auto Scaling, Elastic Load Balancing (ELB), and CloudFront CDN, ensuring both reliability and optimal performance across global regions.
Objectives
- Build a custom WordPress theme with reusable PHP components for flexible content management.
- Implement enterprise-grade authentication with Microsoft Entra ID (formerly Azure AD).
- Achieve 99.9% uptime with automatic scaling under high-traffic conditions.
- Enable secure access and fast global delivery of web assets.
Challenges
Authentication Integration: WordPress’ native user management needed to be replaced with Microsoft Entra ID single sign-on to comply with internal IT policies.
Scalability: The site had to handle unpredictable traffic peaks during product launches and internal announcements.
Stateful Architecture: Managing sessions and uploads in an Auto Scaling environment required shared storage and consistent state handling across instances.
Performance: Static assets and dynamic content had to remain fast and cacheable despite backend complexity.
Solution
Architecture
The infrastructure was deployed on AWS using:
- EC2 Auto Scaling Group: Automatically adjusts instance count based on CPU and network metrics.
- Elastic Load Balancer (ELB): Evenly distributes traffic and ensures fault tolerance.
- EFS (Elastic File System): Shared persistent storage for /wp-content/uploads, ensuring consistency across EC2 instances.
- RDS (MySQL): Managed database with backups and high availability.
- CloudFront CDN: Global asset delivery with reduced latency.
- Route 53: DNS management with health checks and failover.
Custom Theme Development
A fully custom PHP theme was developed:
- Modular Blade-like templating for maintainability
- Custom post types and ACF fields for structured, flexible content
- Performance-optimized PHP hooks with minimal plugin usage
- REST API integrations for headless and internal apps
Single Sign-On with Entra ID
SSO was implemented using OAuth 2.0 and OpenID Connect:
- Users authenticate via Microsoft’s login page
- WordPress receives a JWT and maps user roles
- Permissions managed centrally in Entra ID
This ensured security compliance while providing seamless access for employees.
Results
- 99.98% uptime in the first six months
- 46% faster page loads globally with CloudFront
- Seamless SSO for all internal users
- 32% cost reduction via Auto Scaling and CDN optimization
- Reduced maintenance through centralized logging and CloudFormation IaC
Tech Stack
| Category | Tools / Technologies |
|---|---|
| Frontend | PHP, HTML5, Bootstrap 5, JavaScript |
| Backend | WordPress (Custom Theme), PHP 8.x |
| Infrastructure | AWS EC2, Auto Scaling, EFS, RDS, CloudFront, Route 53, ELB |
| Authentication | Microsoft Entra ID (OAuth 2.0 / OIDC) |
| CI/CD | GitHub Actions, AWS CodeDeploy |
| Monitoring | CloudWatch, AWS Logs, UptimeRobot |
Key Takeaways
This project showed that WordPress can operate as an enterprise-grade CMS when supported by cloud-native scalability and modern authentication. The final architecture delivers a high-performance, compliant, flexible environment — demonstrating that PHP platforms can excel in a DevOps ecosystem.