# ADR-0001: WordPress single-page architecture Date: 2026-06-24 Status: Accepted ## Context Azione!Lab needs a warm editorial single page whose primary content can be edited by non-developers. This branch explicitly explores WordPress as an alternative product architecture and starts independently from `main`. ## Decision Use pinned WordPress 7.0/PHP 8.3 with MariaDB 11.8 LTS. Build a dependency-free custom classic theme for exact semantic markup and responsive design. Store homepage fields as sanitized theme modifications, while a must-use plugin owns Shows and Gallery custom post types so structured content is not lost when changing themes. NGINX is the only public entry point. WP-CLI provides an idempotent opt-in bootstrap; Certbot provides opt-in direct TLS. Docker networks isolate the database. Runtime state uses host-based bind mounts with a preparation script for ownership/mode, while functional tests use separate Docker volumes. ## Consequences - Editors use familiar WordPress screens without a page builder or required plugin. - WordPress renders the page directly; there is no headless API/frontend deployment. - WordPress and MariaDB replace Astro, Wagtail, Django, and PostgreSQL in this branch. - Core/theme/plugin patches require an image rebuild in production. - Fixed participation cards remain code until editorial requirements justify another structured content type. ## Alternatives considered - A block theme was not selected because the first version prioritizes controlled markup and a compact implementation over full-site editing. - A commercial/custom-fields plugin was rejected as an unnecessary dependency. - A headless WordPress frontend was rejected because it would recreate the operational complexity this variant is intended to remove. ## Security impact The architecture inherits WordPress's public CMS attack surface. The implementation reduces it with network isolation, no direct application port, disabled file editing and XML-RPC, production immutability, sanitization/escaping, rate limiting, security headers, and fail-closed TLS. Admin MFA and allowlisting remain external controls. ## Operational impact Database and WordPress files are coordinated state and must be backed up together. Host bind-mount paths must be permissioned for the image users before startup. Operators must monitor upstream security releases and rebuild pinned images. SMTP and off-host storage are not part of this minimal base. ## Rollback Revert the implementation commit and rebuild. Preserve the configured WordPress, database, and certificate host directories unless data deletion is intentional. Restore data only from a verified coordinated backup.