Why WordPress is part of our tech stack

Why use WordPress for big and professional platforms?

Initially, WordPress was a popular tool among bloggers. However, in recent years, the platform has become so much more. It has evolved into a full-fledged CMS and is considered one of the best and most popular content management systems on the market. More than 43% of all websites on the internet run on WordPress (source: w3techs, 2022). And that percentage continues to grow.

At iO, we’ve been using WordPress for quite a while, and the platform has long since proven its worth. It helps us build high-performance websites and mission-critical applications for both professional and editorial environments. In addition, WordPress has tens of thousands of plugins that we can use to quickly and efficiently develop custom websites for our clients. If one of these plugins can’t help us create the functionality or logic we need, we develop the necessary custom extension or integration for WordPress ourselves.

Furthermore, WordPress as a CMS is incredibly user-friendly. Thanks to the platform’s intuitive interface, putting new content online or modifying existing content is very easy for our clients.

The advantages of WordPress speak for themselves and make the platform an indispensable part of our tech stack.

iO’s approach to Enterprise WordPress

Our WordPress stack gives us everything we need to meet our clients’ digital needs. But tools and technologies are worthless if you don’t use them correctly. That’s why we established specific standards and implementation guidelines for everything we do, from site and app development to continuous monitoring and support. These standards and guidelines are the foundation of our entire development policy and are based on the ISO 27001 standard for information security.

Safer development process through strict controls

One of our most important policy pieces is our Secure Software Development Life Cycle (SSDLC). Using the SSDLC, we guarantee a higher level of security throughout the entire development process. In other words, it helps us build secure apps more efficiently.

The SSDLC consists of multiple controls that iO developers have to follow or execute to the letter. For example, our developers take part in secure development training sessions periodically. During these sessions, they learn about the most common cyber attacks and security incidents (e.g. OWASP 10 and SANS top 25) and how they can better protect our websites and apps against said attacks and incidents. In addition, our developers follow secure development guidelines and apply best practices to always deliver the best possible code in every stage of the development process.

Some – but certainly not all – controls in our SSDLC are:

Threat modelling
Security risk rating
Dependency tracking
PEN testing

Want to know more about our development process? Discover how we use our SSDLC to build safe applications.

Better code quality through automatic deployments

Another focal point of our Enterprise WordPress approach is code quality, which we strictly monitor using an automated and standardised process.

When coding, our developers use a method called continuous integration. Following this method, they immediately upload any code adaptation they make to a repository (one central point for version management). Here, both code quality and security are extensively and automatically tested using static (SAST) en dynamic (DAST) application security testing.

SAST scans the source code for mistakes and safety risks and automatically corrects the code before it goes to the production environment. DAST actively tries to break the application in real-time and is essentially a simulation of a cyber attack or intrusion.

Using SAST and DAST, we make sure that our code and applications meet the necessary guidelines and standards and massively decrease the chance of safety risks and leaks.

Higher performance and better security through managed hosting

Last but not least, our Enterprise WordPress service also includes managed hosting. This means that we take on the entire (behind-the-scenes) management of our client’s servers, websites and applications. On top of that, our managed hosting includes many features that help us guarantee a high website and/or app performance and a better overall security . Some of these features are:

A CDN (Content Delivery Network) that is used to load assets such as images, documents and videos from another server in order to avoid web server overload;
DDoS protection on our hosting environments as well as those of our hosting partners.
A strict review process for external plugins that helps us to only implement safe plugins and easily hand over projects between developers, departments, external parties, etc. ;
Monthly updates to make sure our clients’ websites and applications always run on the latest WordPress and PHP versions. Examples of tools we use for updates are DependencyTrack, Renovate (Bot) and DefectDojo;
Commands/scripts that constantly monitor our web servers and notify us of any suspicious changes or activity;
Disaster recovery and redundancy to cope with server outages in data centres and prevent downtime. If something goes wrong, we can react quickly without any inconvenience for our clients.

Jeff Maes

Technology director

With a background in web development as well as web project management, Jeff, being SLD Technology in Herentals, is the permanent point of contact for many. For the latest developments in Drupal, PHP, jQuery, JavaScript, CSS, (X)HTML and more, or for help with the eternal puzzle that is every web project.