We actually evaluated setting up WordPress with a completely separate set of servers and software (including their own cluster of bitcoin nodes). It's just a bit premature for it.
My standard advice for merchants: run
at least two nodes:
- Node with empty wallet, connected to Internet
- Node with wallet, handles all your bitcoin activity, connects only to the other node
Large merchants would be well advised to run multiple empty-wallet nodes, connecting their internal nodes only to those semi-trusted nodes they control.
(Note:
free business idea!)
Another option is a semi-trusted "backbone" This is a project I worked on for a first, but did not have the time to build it into a real business. Run a set of nodes, and permit your merchant-customers to connect to these nodes. In an ideal design, you would have multiple layers of security: merchants connect to an internal backbone ("cloud A"), and the internal backbone connects to a DMZ/public backbone ("cloud B") that talks to the Internet.
You would have to consider the possibility of a rogue merchant on the internal backbone, but any payment business in theory does a bit of customer vetting. And even so, it's still got the standard bitcoin level of security... full block and TX verification, etc.