Other posts in this series

Yes, you read that title right: WordPress as a SaaS (Software As A Service) application platform. But wait… WordPress is a blogging platform right – what’s this about building applications? Well, as it turns out, you can do a whole lot more with WordPress than you may think. Using the power of WordPress and the community around it, we built Hello Bar in about 1 month, monetized it, scaled it and eventually sold it. This is the first article in a series where we’ll be exploring how we used community plugins (as well as our own), custom theming, a good server setup and a little automation to build a full subscription based application using WordPress.

The Plugin Community is Your Friend

One of the most powerful things about WordPress is the community around it. Some very talented developers have created thousands of plugins that elevate and expand this little CMS platform lightyears beyond just being a blog. This availability of quality, pre-built plugins and the fact that we were already very familiar with the capabilities of the platform itself were some of the primary reasons we chose to build Hello Bar using WordPress. We wanted to get something built with minimal effort, time and cost, but still have a great product in the end. Functionality provided by community plugins enabled us to focus on building our application and create a compelling product.

Managing Your Users

As with any SaaS application, the first thing we needed was a way to manage our users. WordPress’ built-in user system coupled with a good membership plugin saved us a lot of setup time and provided us with nearly all the functionality we needed with little effort. We evaluated quite a few plugins out there including WPMU Membership, WishList Member, WP E-Commerce Membership and s2Member amongst others. In the end we determined that s2Member was the right combination of features and price to get a low cost application started.

With s2Member installed, we had a turn-key solution to subscription management, payment processing, brute force login security, as well as diverse page access restrictions for multiple user tiers and capabilities. s2Member is a fremium plugin with a very capable free offering and a paid Premium plugin to complement its features. Even with the free version of the plugin we were able to get all of the previously mentioned capabilities as well as integrate a free PayPal account and accept payment subscriptions. s2Member also provided a highly hooked architecture via WordPress’ powerful action and filter based Plugin API, allowing us to execute our own actions on significant events like account tier upgrades and cancellations.

Securing Your Site

WordPress is the perfect system for a publicly accessible website, but it requires a little customization to lock it down for use as an application platform. Knowing this, Automattic set WordPress up in a way that all of these customizations (most of which are free) are readily available in the plugin community. s2Member provided us some brute force login protection as well as the ability to lock down access to certain pages and URLs so only logged in, registered users could view them. VaultPress by Automattic, while not free, provided us an inexpensive way to keep our WordPress application secure and backed up. A few dollars a month for real time backups of our database, theme, and plugins as well as plugin and theme scanning for malicious code was well worth it.

Custom Plugins and Themes to Build an Application Experience

While community plugins got us up and running quickly with a platform base, we eventually needed to start writing our own code to customize our application’s experience. WordPress’ powerful APIs for building plugins, shortcodes, themes, and widgets, it’s highly configurable and flexible code, and its database architectures all gave us a powerful set of tools to accomplish what we set out to do.

Managing all the Data

We created a custom plugin for management of all the Hello Bars that a user would create. This plugin took advantage of WordPress’ custom post type system to store Hello Bar data. This provided us with the ability to use many of WordPress’ built in functionalities for the CRUD (Create, Read, Update, Delete) actions surrounding the data. By using custom post types as the storage method for Hello Bars, we could:

Customizing the Onboarding Experience

To keep our application running smoothly as we got things started, we created a custom plugin that would require users to be manually approved before they could access the website. This plugin also enabled users to enter unique beta keys either at registration or post registration to activate their accounts. We utilized WordPress’ action and filter API system to hook into the user login and registration processes to enact our own status policies and authentication policies in addition to WordPress’ giving us finer control over who and how many people could access the system.

We later expanded on the capabilities of this plugin by adding a viral sharing component to it through a secondary plugin. This secondary plugin hooked in via actions and filters into the initial Beta Key plugin and allowed approved users to share beta keys with their friends. This grew Hello Bar’s popularity significantly and created a lot of buzz around it, driving the community’s desire to get into our exclusive application.

Besides the Beta Key plugin and its viral sharing add-on, being a design company, we also wanted to have a little more granular control over how the registration and login process looked. While s2Member did provide some basic login and registration page customization capabilities, we wanted to go a little further. To accomplish this we created a simple plugin that allowed us to easily specify and load custom stylesheets for the different states of the login page as well as provide custom re-write rules to make for some URLs a little prettier than /wp-login.php?action=login. By the time we were done, you’d never have guessed it was a WordPress login page.

Customizing the Application Experience

We love WordPress, but this was an application, not a blog or website, so we need to customize the experience to reflect that. To start, we didn’t want users to even realize it was WordPress they were using, nor did we want to expose any administration interfaces that would take them out of the application’s simple and streamlined experience. To do this, we started by locking down access to /wp-admin. s2Member provides this functionality out of the box, so it was a pretty easy goal to accomplish. In addition to locking things down, we customized some of the URL paths by redefining a few constants to obfuscate that we were using WordPress. This allowed us to change where any files were uploaded, where our plugins existed, and where the contents of /wp-content lived. Of course, some plugins didn’t like that we weren’t using standard WordPress paths, so we needed to modify some files manually to make the file paths matched our configuration. Keep this in mind if you decide to change file paths with your application; it makes things a little hard for bots to find, but it might make some plugins a little more difficult to integrate.

Once we had our WordPress environment customized to our liking, it was time to create the application interface itself. We created a few Page entries and utilized the public pages for Hello Bar’s custom post type entries for editing interfaces. This allowed us to easily lock down access to those areas using s2Member’s access restriction system. Of course, since s2Member only provides account tier level access restriction, we still needed to write our own author level restriction for access to individual Hello Bars and their related pages, but everything else just used the currently logged in user’s information to determine the correct data to display.

To output interaction areas for users, we took heavy advantage of WordPress’ theme template engine and Shortcode API. We created page templates and custom styled both a logged in and public experience within a single theme thanks to the Multi Header capability of get_header() and Multi Footer capability of get_footer(). For self user management, s2Member provides numerous shortcodes for users to update profile data, cancel their paid subscriptions, sign up for a new paid subscription, or upgrade an existing paid subscription. We liked this model of portable markup deployment and followed it with our own core plugin to provide shortcodes for Hello Bar interfaces. We used some custom page templates to provide the “wrapper” around the interfaces and then outputted the Hello Bar management table, editing interface, and eventually the statistics summary table and chart detail using shortcode deployment.


So, as you can see, WordPress provides lots of great tools and turn-key offerings to get your SaaS application up and running in no time. Using its powerful API system, plugin architecture and community created plugins you can build an application and start making money in no time. Next article I’ll talk about how we setup our server(s) to handle the service of our application to our users.

Got any questions about how we used WordPress to build Hello Bar or how we got over any hurdles I may not have addressed? Post a comment and I’ll answer you as best I can.

Useful Links for Building WordPress Applications: