High-Availability WordPress Platform with Custom PHP Theme and Entra ID SSO Integration

Overview

A multinational client required a secure, scalable, and high-performance WordPress platform to serve both internal and external audiences. The system needed to handle variable traffic loads, integrate with corporate authentication through Microsoft Entra ID (Azure AD) for SSO, and support a fully custom PHP-based theme tailored to the company’s brand and accessibility standards.

The solution was architected on AWS using EC2 Auto Scaling, Elastic Load Balancing (ELB), and CloudFront CDN, ensuring both reliability and optimal performance across global regions.

Objectives

• Build a custom WordPress theme with reusable PHP components for flexible content management.
• Implement enterprise-grade authentication with Microsoft Entra ID (formerly Azure AD).
• Achieve 99.9% uptime with automatic scaling under high-traffic conditions.
• Enable secure access and fast global delivery of web assets.

Challenges

1. Authentication Integration: WordPress’ native user management needed to be replaced with Microsoft Entra ID single sign-on to comply with internal IT policies.
2. Scalability: The site had to handle unpredictable traffic peaks during product launches and internal announcements.
3. Stateful Architecture: Managing sessions and uploads in an Auto Scaling environment required shared storage and consistent state handling across instances.
4. Performance: Static assets and dynamic content had to remain fast and cacheable despite the complexity of the backend.

Solution

Architecture

The infrastructure was deployed on AWS using:

• EC2 Auto Scaling Group: Automatically adds or removes instances based on CPU and network load metrics.
• Elastic Load Balancer (ELB): Distributes traffic evenly and ensures fault tolerance.
• EFS (Elastic File System): Provides shared persistent storage for /wp-content/uploads, ensuring consistency across multiple EC2 instances.
• RDS (MySQL): Manages the WordPress database with automated backups and high availability.
• CloudFront CDN: Delivers static and cached assets globally, reducing latency.
• Route 53: Manages DNS with health checks and automatic failover.

Custom Theme Development

The site uses a fully custom PHP theme built from scratch:

• Modular Blade-like templating for maintainable components.
• Custom post types and ACF fields for flexible content structures (e.g., case studies, news, documentation).
• Performance-focused PHP hooks, avoiding heavy plugins and minimizing database queries.
• Integrated REST API endpoints for headless consumption and internal applications.

Single Sign-On with Entra ID

SSO was implemented via OAuth 2.0 and OpenID Connect, using Microsoft Entra ID as the identity provider:

• Users authenticate via the Microsoft login page.
• WordPress receives a JWT token and maps user roles automatically.
• Admins can manage permissions directly from the organization’s Entra directory.

This ensured compliance with internal security policies and allowed seamless login for all employees.

Results

• 99.98% uptime maintained over the first six months of operation.
• Page load times improved by 46% globally after CloudFront integration.
• Seamless authentication for all internal users via Entra ID.
• Infrastructure costs reduced by 32% through Auto Scaling and CloudFront caching optimization.
• Maintenance time decreased thanks to centralized logging and IaC (Infrastructure as Code) deployment via AWS CloudFormation.

Tech Stack

Key Takeaways

This project demonstrated how WordPress can operate as an enterprise-grade CMS when combined with cloud-native scalability and modern authentication mechanisms. The final architecture delivers a seamless balance of flexibility, performance, and compliance — proving that PHP-based platforms can thrive in a DevOps-driven environment.