Enhancing security by moving beyond Wordpress


BC Unclaimed’s website and user management was powered by Wordpress, with custom PHP scripts for handling the interface to BC Unclaimed’s main database. Wordpress is a capable content management system, but we needed a modern, scalable, fault-tolerant infrastructure with advanced security capabilities.

Our approach

  • Amazon Cognito with Advanced Security


  • AWS Web Application Firewall

  • AWS Lambda

  • Cloudwatch Turnstile


We used AWS’s Canadian cloud services to build a robust infrastructure:

  • Amazon Cognito with Advanced Security to handle user management and to detect and block suspicious sign-ins.

  • AWS VPC for a private connection to BC Unclaimed

  • AWS WAF to automatically detect and block malicious activity

  • AWS Lambdas written in Go for serverless, scalable data processing

  • Cloudwatch Turnstile to block bots and spam

The result is a secure but low-cost system that will meet BC Unclaimed’s needs for years to come.

Read next case study in this series on BC Unclaimed:

Tracking website success with surveys and dashboards