May. 16th, 2023
Secure, headless WordPress with Next.js and Vercel
How to protect and scale your content's performance
In today's digital landscape, web security is a top priority for businesses and organizations of all sizes. With the increasing number of cyber threats, attack vectors, it's more important than ever to ensure that your application is protected against potential security breaches.
WordPress is a popular CMS with plenty of history to back its success. It's also a great opportunity to improve the security of your web presence by using WordPress headlessly with Next.js.
On Vercel, you'll be able to take advantage of Vercel Secure Compute and Serverless Functions, enforcing security by default to create an isolated WordPress backend.
Why use headless WordPress?
As you've built your application on WordPress, it's likely that you've created a body of content that would be difficult to recreate in a more modern CMS solution. Your content authors are probably already familiar and efficient with the WordPress Admin experience.
As you move to a modern approach, you want to take advantage of these existing strengths but create bolster your systems where you can. Through composable solutions, digital transformation allows you to do keep the best parts of your existing stack while extending into best-of-breed technologies for your frontend. To learn more, visit our library of composable resources.
Using the combination of WordPress, Next.js and Vercel, we can leverage current assets while enhancing the security of your overall system. As creators and maintainers of Next.js, Vercel will always be the best place to deploy the world's leading React framework.
Limiting access to your WordPress server
There are drawbacks common to every WordPress monolith, and every WordPress host is different, introducing its own special mix of potential vulnerabilities.
Running WordPress as a monolith, your frontend is tightly coupled with your content, database, and administrative panel. If something goes wrong with your server, both your frontend and backend will go down.
Opting to run WordPress headlessly with Next.js and Vercel creates a more resilient overall system.
Scalability
With both your frontend and backend on the same server, your monolith isn't as nimble as it could be to respond to variable workloads. If your next marketing cycle goes viral, your monolith may not be able to allocate the right resources to handle the capacity, taking down both your backend and frontend.
Alternatively, a headless approach with Vercel allows your frontend to scale from zero to infinity and back to zero at a moment's notice, protecting your WordPress backend server from spikes.
DDoS protection
Preventing attacks and handling them when they inevitably happen can consume the resources of an entire internal team. Rather than have your DevOps teams rebuild Distributed Denial of Service (DDoS) protection properties for your frontend, they can utilize existing solutions.
Vercel Firewall provides intelligent protection to help protect your website or application from DDoS attacks, which can overload your server and cause your site to become unavailable. On Vercel, you can quickly create custom firewall rules, blocking malicious actors, and unwanted traffic.
Global CDN
Content Delivery Networks (CDNs) are a technology built to improve uptime, availability, and performance for globally distributed resources. If you plan on serving users at any scale, a CDN is a must.
Vercel's Edge Network includes a global CDN to distribute your content and applications to users around the world. Not only does this provide a layer of protection for your backend, but it also helps to reduce latency and improve the performance of your website or application for your users.
Using Vercel Secure Compete to restrict access further
With this headless approach, you've made it so that traffic to your frontend no longer needs to contact your WordPress server directly—but we can take things one step further to continue improving your security posture.
With Vercel Secure Compute, your deployments and build container will be placed in a private network with dedicated IP addresses in a region of your choice and logically separated from other containers. This lets you restrict the rest of your infrastructure's private network, blocking everything except your Vercel frontend cloud.
Improve security with Vercel Serverless Functions
With Vercel, your frontend will be powered by Serverless Functions, bringing you the built-in performance and security properties of a serverless architecture. This proven model enhances your ability to scale with security as a default.
Limited attack surface
Serverless Functions run in a fully managed environment so you don't have to worry about managing and patching software versions. This can help reduce the attack surface for your application, as there are fewer components that become stale and brittle over time.
Better isolation
Serverless functions are isolated from each other. If one function is compromised, it will not affect any of your other compute. This brings better security than serverful schemes, where a compromised server can potentially give an attacker access to all the resources running on that server.
Event-driven
Vercel Serverless Functions are event-driven so they can't be taken advantage of while they aren't actively working on something. In contrast, an always-on, long-running server, is always potentially vulnerable (rather than only while it is trying to answer to requests).
Composable architecture in the frontend cloud
As the frontend cloud continues to evolve, more sites and applications are finding reduced risk and increased reliability with their composable architectures. Headless WordPress will let your existing content continue to be available to your frontends
If you'd like to learn more about the technical aspects of how to set up, visit our guide on setting up headless WordPress with Vercel.
