May. 16th, 2023
Secure, headless WordPress with Next.js and Vercel
How to protect and scale your content's performance
In today's digital landscape, web security is a top priority for businesses and organizations of all sizes. With the increasing number of cyber threats, attack vectors, it's more important than ever to ensure that your application is protected against potential security breaches.
WordPress is a popular CMS with plenty of history to back its success. It's also a great opportunity to improve the security of your web presence by using WordPress headlessly with Next.js.
On Vercel, you'll be able to take advantage of Vercel Secure Compute and Serverless Functions, enforcing security by default to create an isolated WordPress backend.
Why use headless WordPress?
As you've built your application on WordPress, it's likely that you've created a body of content that would be difficult to recreate in a more modern CMS solution. Your content authors are probably already familiar and efficient with the WordPress Admin experience.
As you move to a modern approach, you want to take advantage of these existing strengths but create bolster your systems where you can. Through composable solutions, digital transformation allows you to do keep the best parts of your existing stack while extending into best-of-breed technologies for your frontend. To learn more, visit our library of composable resources.
Using the combination of WordPress, Next.js and Vercel, we can leverage current assets while enhancing the security of your overall system. As creators and maintainers of Next.js, Vercel will always be the best place to deploy the world's leading React framework.
Take the next step
Reach out to an expert to learn more about security on Vercel for your Enterprise.
Limiting access to your WordPress server
There are drawbacks common to every WordPress monolith, and every WordPress host is different, introducing its own special mix of potential vulnerabilities.
Running WordPress as a monolith, your frontend is tightly coupled with your content, database, and administrative panel. If something goes wrong with your server, both your frontend and backend will go down.
Opting to run WordPress headlessly with Next.js and Vercel creates a more resilient overall system.
Using Vercel Secure Compete to restrict access further
With this headless approach, you've made it so that traffic to your frontend no longer needs to contact your WordPress server directly—but we can take things one step further to continue improving your security posture.
With Vercel Secure Compute, your deployments and build container will be placed in a private network with dedicated IP addresses in a region of your choice and logically separated from other containers. This lets you restrict the rest of your infrastructure's private network, blocking everything except your Vercel frontend cloud.
Improve security with Vercel Serverless Functions
With Vercel, your frontend will be powered by Serverless Functions, bringing you the built-in performance and security properties of a serverless architecture. This proven model enhances your ability to scale with security as a default.
Limited attack surface
Composable architecture in the frontend cloud
As the frontend cloud continues to evolve, more sites and applications are finding reduced risk and increased reliability with their composable architectures. Headless WordPress will let your existing content continue to be available to your frontends
If you'd like to learn more about the technical aspects of how to set up, visit our guide on setting up headless WordPress with Vercel.