WordPress as a SaaS Application Platform

Yes, you read that title right: WordPress as a SaaS (Software AA Service) application platform. But wait… WordPress is a blogging platform right – what’s this about building applications? Well, as it turns out, you can do a whole lot more with WordPress than you may think. Using the power of WordPress and the community around it, we built Hello Bar in about 1 month, monetized it, scaled it, and eventually sold it. This is the first article in a series where we’ll be exploring how we used community plugins (as well as our own), custom theming, a good server setup, and a little automation to build a full subscription-based application using WordPress.

The Plugin Community is Your Friend

The Plugin Community is Your Friend

One of the most powerful things about WordPress is the community around it. Some very talented developers have created thousands of plugins that elevate and expand this little CMS platform lightyears beyond just being a blog. This availability of quality, pre-built plugins, and the fact that we were already very familiar with the capabilities of the platform itself were some of the primary reasons we chose to build Hello Bar using WordPress. We wanted to get something built with minimal effort, time, and cost, but still, have a great product in the end. The functionality provided by community plugins enabled us to focus on building our application and creating a compelling product.

Read Also: Angular Vs React Vs Vue: A Complete Comparison

Managing Your Users

As with any SaaS application, the first thing we needed was a way to manage our users. WordPress’ built-in user system coupled with a good membership plugin saved us a lot of setup time and provided us with nearly all the functionality we needed with little effort. We evaluated quite a few plugins out there including WPMU Membership, WishList Member, WP E-Commerce Membership, and s2Member amongst others. In the end, we determined that s2Member was the right combination of features and price to get a low-cost application started.

s2Member

With s2Member installed, we had a turn-key solution for subscription management, payment processing, brute force login security, as well as diverse page access restrictions for multiple user tiers and capabilities. s2Member is a freemium plugin with a very capable free offering and a paid Premium plugin to complement its features. Even with the free version of the plugin, we were able to get all of the previously mentioned capabilities as well as integrate a free PayPal account and accept payment subscriptions. s2Member also provided a highly hooked architecture via WordPress’ powerful action and filter-based Plugin API, allowing us to execute our own actions on significant events like account tier upgrades and cancellations.

Securing Your Site

WordPress is the perfect system for a publicly accessible website, but it requires a little customization to lock it down for use as an application platform. Knowing this, Automattic set WordPress up in a way that all of these customizations (most of which are free) are readily available in the plugin community. s2Member provided us some brute force login protection as well as the ability to lock down access to certain pages and URLs so only logged-in, registered users could view them. VaultPress by Automattic, while not free, provided us with an inexpensive way to keep our WordPress application secure and backed up. A few dollars a month for real-time backups of our database, theme, and plugins as well as plugin and theme scanning for malicious code was well worth it.

Custom Plugins and Themes to Build an Application Experience

While community plugins got us up and running quickly with a platform base, we eventually needed to start writing our own code to customize our application’s experience. WordPress’ powerful APIs for building plugins, shortcodes, themes, and widgets, its highly configurable and flexible code, and its database architectures all gave us a powerful set of tools to accomplish what we set out to do.

Managing all the Data

We created a custom plugin for the management of all the Hello Bars that a user would create. This plugin took advantage of WordPress’ custom post type system to store Hello Bar data. This provided us with the ability to use many of WordPress’ built-in functionalities for the CRUD (Create, Read, Update, Delete) actions surrounding the data. By using custom post types as the storage method for Hello Bars, we could:

  • Easily update the data with wp_update_post()
  • Store and read configuration options with update_post_meta() and get_post_meta()
  • Read Hello Bar data with the WP_Query Class
  • Provide interface URLs for users to edit their Hello Bars with the custom post type’s public page
  • Allow users to enable, disable or non-destructively delete Hello Bars just by changing the post entry’s published status.
Customizing the Onboarding Experience

To keep our application running smoothly as we got things started, we created a custom plugin that would require users to be manually approved before they could access the website. This plugin also enabled users to enter unique beta keys either at registration or post-registration to activate their accounts. We utilized WordPress’ action and filter API system to hook into the user login and registration processes to enact our own status policies and authentication policies in addition to WordPress’ giving us finer control over who and how many people could access the system.

We later expanded on the capabilities of this plugin by adding a viral sharing component to it through a secondary plugin. This secondary plugin hooked in via actions and filters into the initial Beta Key plugin and allowed approved users to share beta keys with their friends. This grew Hello Bar’s popularity significantly and created a lot of buzz around it, driving the community’s desire to get into our exclusive application.

Hellow Bar

Besides the Beta Key plugin and its viral sharing add-on, being a design company, we also wanted to have a little more granular control over how the registration and login process looked. While s2Member did provide some basic login and registration page customization capabilities, we wanted to go a little further. To accomplish this we created a simple plugin that allowed us to easily specify and load custom stylesheets for the different states of the login page as well as provide custom re-write rules to make some URLs a little prettier than /wp-login.php?action=login. By the time we were done, you’d never have guessed it was a WordPress login page.

Customizing the Application Experience

We love WordPress, but this was an application, not a blog or website, so we need to customize the experience to reflect that. To start, we didn’t want users to even realize it was WordPress they were using, nor did we want to expose any administration interfaces that would take them out of the application’s simple and streamlined experience. To do this, we started by locking down access to /wp-admin. s2Member provides this functionality out of the box, so it was a pretty easy goal to accomplish. In addition to locking things down, we customized some of the URL paths by redefining a few constants to obfuscate that we were using WordPress. This allowed us to change where any files were uploaded, where our plugins existed, and where the contents of /wp-content lived. Of course, some plugins didn’t like that we weren’t using standard WordPress paths, so we needed to modify some files manually to make the file paths match our configuration. Keep this in mind if you decide to change file paths with your application; it makes things a little hard for bots to find, but it might make some plugins a little more difficult to integrate.

Hello bar - application interface

Once we had our WordPress environment customized to our liking, it was time to create the application interface itself. We created a few Page entries and utilized the public pages for Hello Bar’s custom post type entries for editing interfaces. This allowed us to easily lock down access to those areas using s2Member’s access restriction system. Of course, since s2Member only provides account tier level access restriction, we still needed to write our own author level restriction for access to individual Hello Bars and their related pages, but everything else just used the currently logged-in user’s information to determine the correct data to display.

To output interaction areas for users, we took heavy advantage of WordPress’ theme template engine and Shortcode API. We created page templates and custom styled both a logged-in and public experience within a single theme thanks to the Multi Header capability of get_header() and Multi Footer capability of get_footer(). For self user management, s2Member provides numerous shortcodes for users to update profile data, cancel their paid subscriptions, sign up for a new paid subscription, or upgrade an existing paid subscription. We liked this model of portable markup deployment and followed it with our own core plugin to provide shortcodes for Hello Bar interfaces. We used some custom page templates to provide the “wrapper” around the interfaces and then outputted the Hello Bar management table, editing interface, and eventually, the statistics summary table and chart detail using shortcode deployment.

Speed and Scalability

So, you’ve decided to use WordPress as your application platform. Where do you start so your application performs well and scales easily? Well, setting up an efficient WordPress application is one part web server configuration and two parts clever application software programming. Start with a good server architecture, well-programmed plugins, and themes, the right WordPress installation mode and you’ll set yourself up for success.

Server Configuration

A good server setup is a key to having a well-performing WordPress application. Shared hosting solutions you may normally use for a WordPress blog are not going to cut it for a full-blown application that thousands (and eventually hopefully millions) of users will be logging in and out of and interacting with on a regular basis. Your best bet is your own custom software stack, or a server, as a solution partner if you’re less command-line inclined (more on that later).

LNMP is the new hotness. LAMP is old and busted.

For Hello Bar we set up a higher performance web server stack using an LNMP stack (Linux, Nginx, MySQL, and PHP-FPM). The combination of Nginx and PHP-FPM (PHP as a FastCGI Processed Module) with APC installed makes for a much faster, lighter weight, lower memory use server stack that can help you scale your application easily and not force you to scale as early. Iliya Polihronov recently gave a talk at WordCamp San Francisco about setting up a WordPress server using this stack and provided a great starter configuration for your own stack. EndofWeb also has a great article on setting up a full server stack from scratch using Ubuntu.

Cache ALL the Things!

When dealing with thousands of requests per second, caching is the best thing you can do to speed up your web application. With Hello Bar we utilized everything including APC for Object caching and for speeding up PHP in general, Batcache with Memcached to cache publicly viewed pages, and even file caching with Nginx and URL rewrite capabilities. Caching systems that allow your webserver to pull the cached data directly, avoiding PHP altogether, provide a huge performance boost to those portions of your application. There are many caching technologies available and numerous caching plugins to help cache your web application. Just make sure that you are writing your application to clear caches when they need to be. You don’t want a list of entries a user has made to not update because the cache is stale.

cache the things

Replicated Database

When running a high-traffic site, one of the biggest bottlenecks becomes the database. Luckily, WordPress’ database library is implemented in a manner so that it can easily be adapted to multiple database solutions. By using the HyperDB database plugin, you can configure WordPress to distribute individual tables into multiple databases, provide failover support (when a connection to the database couldn’t be made), and most importantly, provide support for replicated MySQL database clusters. MySQL can be configured to automatically replicate any command sent to it to another MySQL database on another server. This creates two or more nearly real-time synced databases that WordPress can read from and serve back data. How To Forge has a good article about setting up a replicated MySQL server cluster and this article by HBY Consultancy also provides some good insight on getting this setup.

multi dbs

Ensuring Good Communication

Communication with your users is important and it’s most likely that you’ll be using email as your primary means of communication. To ensure the greatest deliverability of your email communications and to avoid a lot of the problems that go along with keeping your web server’s IP address white-listed, I recommend that you use an external email service. SendGrid is an easy to setup SMTP server that you can get integrated on the cheap. Just use a simple SMTP plugin such as WP Mail SMTP or WP SendGrid for your WordPress installation and all your wp_mail() function emails will be sent through the reliable, white-listed, and stats rich SendGrid service instead of your own host’s email.

Setting up WordPress for Success

While a good hardware configuration makes for a solid foundation for your application, it won’t mean a thing with poorly configured software.

Intelligent and Picky Shopper

Good Plugin Authoring

If you aren’t picky with the community plugins you choose to run or you’re a little sloppy with your own plugin authoring, then your WordPress application can become a bloated beast rapidly. Now, this doesn’t make WordPress a bad platform, it does however require some strategic planning when preparing it for use as an application platform due to its diverse community and ease of entry for plugin authorship. When authoring your own plugins and evaluating community plugins for use, consider some of the following practices:

  • Use good programming techniques to keep your code as flexible as possible. Take advantage of the numerous functions WordPress has made available to you for querying posts, database querying, object caching, and transient caching. All of these plugins are already set up to be adaptable and flexible for caching and scaling, no need to write it all from scratch.
  • Take advantage of the numerous constants WordPress defines to make your plugin data dynamic and flexible. WP Engineer has a great article on some of the most useful constants you’ll want to take advantage of.
  • Follow the Plugin Development Suggestions that the WordPress group provides in their codex.
  • Make sure to validate your data. Poorly validated or non-validated data submission can be the death of your application. The WordPress Codex has a great article on how you should be approaching data validation and sanitization.
  • Be as light on your client-side assets as possible. Only load the JavaScript and CSS files you need for your plugins to operate when they are needed and don’t just blanket load them across your entire website. WordPress provides numerous conditional functions for your plugin to be aware of where it is being requested from; use them when enqueuing assets.
  • The more files you load the larger your memory footprint. Try and load only those files that are necessary for your immediate needs. Take advantage of Class autoloading and PHP5’s magic methods for OOP development to load files only as they are needed.

Sometimes of course there will be plugins that you’ll absolutely want to use in your application, but you don’t need them to load everywhere. Check out something like the Disable Plugins MU plugin for a lightweight solution for filtering out plugins from being loaded where you don’t need them.

Pick the Right WordPress Operating Mode

Depending on the needs of your application, you may want to consider operating WordPress differently. WordPress out of the box is configured to run as a single website installation and this works fine for most situations. If your application is offering lots of user-controlled, maintained, and published content, you may want to consider running WordPress Network. This will provide additional super-administrative controls to you as the application owner and provide a better setup for horizontal hardware scaling and opportunities for sharding your databases with the previously mentioned HyperDB or ShardDB.

manual gear shift

A lesser-known mode for WordPress to operate in is a headless mode that gives you greater control over exactly what is being loaded and used to process your data. To enable this, just add define(‘SHORTINIT’, true); in your wp-config.php file before the require_once(ABSPATH . ‘wp-settings.php’); line. This will load the bare minimum of the WordPress system and give you better control of customizing what gets loaded. Check out this article on How WordPress Boots Up to get greater insight on what this constant does to your WordPress installation’s normal operating process to see if it’s the right move for your application.

Managing Your App

So now that you’ve setup your WordPress-powered web application and setup your environment for speed and scalability, it’s time to make it easy to manage it and work for you. Communicating and corresponding with a large community is a tricky task regardless of what application platform you choose, but WordPress gives you the tools to help you get a leg up on giving you a voice as the application author. By taking advantage of WordPress’ built-in user management tools, extending them with your own auxiliary add-ons, and creating automation, you can easily keep in touch with your users and manage your community.

WordPress User Management FTW

WordPress User Management FTW

One of the best reasons to use a platform like WordPress as the foundation of your application is turnkey user management. WordPress comes with an already fairly granular and extendable set of user Roles and Capabilities to get you started building a capability-based security system for your web application. Along with the roles and capabilities system comes a built-in user control panel for user search, modification, and management. The user control panel out-of-the-box allows you to:

  • Have an overview of your user totals
  • Edit individual user properties through a separate administrative interface
  • Provide a boilerplate for adding your own custom user property controls
  • Search for users based on their name, email, or any user meta associated with them

By hooking into the manage_users_custom_column (for table cell display) and manage_users_column (for column header display) filters, you can create your own columns in this management table to get a quick summary of pertinent user meta. With a little custom plugin programming, the tabular User Control Panel can be configured to very easily display vital information about users such as e-commerce subscription transaction IDs, conversion data, and even additional administrative functionality like logging in as a user. When managing a large web application community, in many circumstances, it is useful to be able to see things from a user’s perspective. When we made Hello Bar, we also wrote a simple plugin that adds buttons to the main User Control Panel that would then allow super administrators to log in as a different users. This was useful because we could see things from that user’s perspective, experience any error messaging they were seeing, and verify data displayed from their point of view. Of course, with great power comes great responsibility – so don’t abuse the fact that you can log in as a different user! As a sweet bonus, I’ve included a download to this plugin at the end of this article. Check out the comments in the plugin for a better understanding of how you can hook into this table and make it work for you.

Robo App – Automation is Your Friend

The biggest time sink in any application build is all of the manual management you have to do of the data you and your users generate, the status of your users, movement between account types (if you have multiple account types in your application) ad infinitum. WordPress makes it super easy to automate your application through the WP_Cron system.

With WP_Cron, you can schedule activities to happen in the background of your application on a scheduled basis without complex or hacky implementation. Any WP_Cron action will run in the background without user interaction and run with full access to all of WordPress’ functions, classes, and functionality. This makes it very easy for you to manipulate data on a scheduled basis, modify a user’s account after a specified period (a trial period for instance), schedule an automated email to go out to users… the possibilities are endless. With Hello Bar we utilized the WP_Cron system as well as regular cronjob technologies to automate numerous aspects of our application:

  • Summarizing Usage Statistics – instead of querying our statistics database for usage numbers every time the statistics were requested, for summary totals we would use a cronjob to automatically tally and cache the numbers.
  • Modifying User Subscriptions – If a user canceled their paid subscription with us, our payment processing system – S2Member – would automatically schedule a downgrade date with WP_Cron based on the end of their final billing cycle. The user would cancel their subscription immediately, but we wouldn’t have to modify their account since the app did it for us.
  • Communicating With Our Users – Hello Bars are all about improving the conversion on your website, so we wanted to make sure our users knew about their performance. We used a WP_Cron system to monitor users’ statistics and sent them scheduled emails every day, week, or month depending on their set preferences for their Hello Bar’s performance. This allowed our users to see how well an A/B test was performing, if they needed to improve their message, or if they were approaching their account tier’s limit threshold which might need them to upgrade to the next account tier.

WP_Cron does have a few caveats, but nothing that doesn’t have a solution to it. I highly recommend that when you set up your background automation, you read this great article on insight into WP-Cron by our friends at Envato on WPTuts+ (a fantastic WordPress development resource).

In Conclusion

  1. So, as you can see, WordPress provides lots of great tools and turn-key offerings to get your SaaS application up and running in no time. Using its powerful API system, plugin architecture, and community-created plugins you can build an application and start making money in no time. Next article I’ll talk about how we setup our server(s) to handle the service of our application to our users.
  2. Creating a high-performance, WordPress-powered application is founded on careful planning and a judicious selection of plugins from the community. So with the next WordPress app, you build, roll up your sleeves and do some planning beforehand. Make sure the plugins you choose are of good quality, plan your plugin creation strategy for speed and modularity, and layout your server setup for easy scaling and you’ll set yourself up for success.
  3. WordPress provides a great solution as a viable, turnkey software as a service application platform. Through an optimized WordPress high-performance server configuration, utilization of the excellent developer community, and its highly extensible system control panel, you can get a great application up and running, serving the world your greatest idea. WordPress’ built-in management control panel and its easy-to-implement WP_Cron system allow you to easily manage your application and automate many of the mundane time consumers, so you can focus on improving your users’ experience.

Ruben Harutyunyan

Back to top