- Codebase Audit
About the Client
Digital content has traditionally been monetized through a combination of ads & subscriptions. While ad-supported content has a low barrier to access, it has come under increased scrutiny for targeting, data collection and privacy. Subscription models, on the other hand, require the consumer to have a trust-based relationship with the provider, which is a chicken and egg problem for brands that are trying to provide a new, subscription-backed offering.
Since their inception in 2010, LaterPay has pioneered a third option – an access-first-pay-later model. This novel solution to digital monetization takes the risk off of consumers by providing them with a convenient way to purchase one-time access to digital content, often at cost cheaper than a cup of coffee. Content creators, on the other hand, are fairly compensated for their work and often see an increase in conversions.
LaterPay’s innovative technology has changed the content monetization landscape and was thus an excellent fit for WordPress VIP’s Technology Partners Program. They engaged rtCamp to help them navigate the code review process that is designed to ensure performance at scale, security, ease of use for hundreds of millions of page views that VIP serves every day.
Phase 1: Codebase Modification
In order to guarantee performance and security for websites at a global scale, all plugins deployed to WordPress VIP infrastructure need to meet a certain set of architectural requirements and coding standards.
The focus of the first phase of the project, then, was to make LaterPay’s plugin conformant with WordPress VIP’s specialized architectural requirements.
As a WordPress VIP Gold Partner, rtCamp was well positioned to help LaterPay do just that.
General Codebase Modifications
Since server-side cookies wouldn’t pass through a full page cache like the one WordPress VIP uses, rtCamp implemented a solution that works with the full page cache. We also made modifications to the way that the plugin handles external API requests in order to reduce the potential attack surface and improve security.
The following general modifications were made to ensure that LaterPay’s codebase could be deployed to VIP’s infrastructure:
- Integrating PHP CodeSniffer to run on TravisCI for continuous integration
- Implementing caching for custom SQL database queries to streamline performance
- Implementing correct input sanitization & output escaping and incorporating nonces as part of standard security practices
Modifications Specific To VIP Classic
WordPress VIP Classic uses a shared tenant infrastructure that doesn’t support custom database tables. Since LaterPay originally relied on custom tables, rtCamp rewrote all existing database queries within the plugin to work with the standard database tables that WordPress provides. Modifications were also made to ensure that the plugin is fully compatible with WordPress multisite installs.
Modifications Specific To VIP Go
VIP Go uses a container infrastructure that treats the filesystem as ephemeral. If needed, plugins can access the filesystem only through a specific set of APIs and functions. rtCamp made the necessary modifications to LaterPay’s codebase to support these interfaces.
Phase 2: VIP Code Review & Ongoing Development
With LaterPay’s plugin codebase updated for compatibility with WordPress VIP’s infrastructure, rtCamp passed it to VIP for review. The review workflow uses GitHub issues and pull requests for incremental feedback cycles.
Once LaterPay was VIP compatible, rtCamp pitched in with its WordPress expertise to implement new features into the existing codebase in an ongoing way. rtCamp also acted as the liaison between LaterPay and WordPress VIP’s engineering team as necessary through ZenDesk, GitHub, Slack and email to vet the changes and ensure they are performant, secure and stable on VIP’s infrastructure.
Finally, rtCamp was on hand to provide integration support for LaterPay’s customers moving to the WordPress VIP platform.
Access To A Whole New Market Segment
LaterPay could make their revolutionary service available to their existing and future partners on WordPress VIP within just 6 weeks of initial contact with rtCamp. Further, several of the optimizations were carried to LaterPay’s publicly available plugin on WordPress.org, bringing it to world-class codebase standards.
Through the WordPress VIP platform, LaterPay can now be integrated with any one of the websites that serve millions of users every day. Through rtCamp, LaterPay has an engineering partner who can manage ongoing and future development.
rtCamp continues to provide ongoing maintenance, feature development and acts as a liaison between WordPress VIP’s engineering team and LaterPay.