Exposing WordPress Custom Post Types via REST API
register_post_type() with show_in_rest: true is just the start. Custom endpoints, field sanitization, and Bearer token auth make it production-ready.
9 read
Member Articles
Deep dives into headless CMS architecture, edge authentication, ISR, and more.
Preview titles and abstracts — full access requires membership.
Unlock all articles:$99.00/yr (Annual) $12.00/mo (Monthly) $4.99 per article
Server + Client Component Composition in the App Router
The App Router default is Server Components. Client Components are opt-in. Understanding the boundary is the key skill interviewers test.
5 read
ISR vs On-Demand Revalidation — When to Use Each
Time-based ISR is simple but blunt. On-demand revalidation with revalidateTag() lets WordPress trigger precise cache busts without a redeploy.
8 read
Auth at the Edge: Next.js Middleware + httpOnly Cookies
Why httpOnly cookies beat localStorage for auth tokens, and how Edge Middleware enforces access before a single byte of page JS loads.
6 read
Getting Started with Headless WordPress
How to decouple your WordPress backend from the frontend using the REST API and a modern JS framework.
7 read