diff --git a/.github/workflows/aosus-wordpress.yml b/.github/workflows/aosus-wordpress.yml
new file mode 100644
index 0000000..eb5bf4e
--- /dev/null
+++ b/.github/workflows/aosus-wordpress.yml
@@ -0,0 +1,51 @@
+name: deploy-aosus-wordpress
+
+on:
+  push:
+    paths:
+      - '.github/workflows/aosus-wordpress.yml'
+      - 'aosus-wordpress/**'
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    environment:
+      name: aosus.org
+      url: https://aosus.org
+    steps:
+      - name: checkout
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Tailscale
+        uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd
+        with:
+          oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }}
+          oauth-secret: ${{ secrets.TAILSCALE_SECRET }}
+          tags: tag:deploy-ci
+          hostname: Github-actions
+          version: ${{ vars.TAILSCALE_VERSION }}
+
+      - name: Add secrets to compose
+        env:
+          MARIADB_PASSWORD: ${{ secrets.aosus_wordpress_mariadb_password }}
+          MARIADB_ROOT_PASSWORD: ${{ secrets.aosus_wordpress_mariadb_root_password }}
+        run: |
+          sed -i "s|(aosus_wordpress_mariadb_password)|$MARIADB_PASSWORD|g" $GITHUB_WORKSPACE/aosus-wordpress/docker-compose.yml
+          sed -i "s|(aosus_wordpress_mariadb_root_password)|$MARIADB_ROOT_PASSWORD|g" $GITHUB_WORKSPACE/aosus-wordpress/docker-compose.yml
+
+      - name: Start Deployment
+        uses: FarisZR/docker-compose-gitops-action@v1.0.1
+        env:
+          MARIADB_PASSWORD: ${{ secrets.aosus_wordpress_mariadb_password }}
+          MARIADB_ROOT_PASSWORD: ${{ secrets.aosus_wordpress_mariadb_root_password }}
+        with:
+          remote_docker_host: ${{ secrets.server_address }}
+          tailscale_ssh: true # no need for manual private and public keys
+          compose_file_path: aosus-wordpress/docker-compose.yml
+          args: -p aosus-wordpress up -d --remove-orphans
+          upload_directory: true
+          docker_compose_directory: aosus-wordpress
\ No newline at end of file
diff --git a/aosus-wordpress/custom.ini b/aosus-wordpress/custom.ini
new file mode 100644
index 0000000..5f31c50
--- /dev/null
+++ b/aosus-wordpress/custom.ini
@@ -0,0 +1,5 @@
+file_uploads = On
+memory_limit = 256M
+upload_max_filesize = 64M
+post_max_size = 64M
+max_execution_time = 600
\ No newline at end of file
diff --git a/aosus-wordpress/docker-compose.yml b/aosus-wordpress/docker-compose.yml
new file mode 100644
index 0000000..d93bca7
--- /dev/null
+++ b/aosus-wordpress/docker-compose.yml
@@ -0,0 +1,45 @@
+networks: 
+  default:
+    enable_ipv6: true
+  web:
+    external: true
+
+services:
+  wordpress:
+    image: wordpress:6.4.3-apache@sha256:01fb62485c4a70c13a7f5fd02d56235c904b748f810be29027a337f1400dc4ea
+    container_name: aosus-wordpress
+    restart: always
+    environment:
+      WORDPRESS_DB_HOST: mariadb
+      WORDPRESS_DB_USER: aosusworddb
+      WORDPRESS_DB_NAME: wordpress
+      WORDPRESS_DB_PASSWORD: (aosus_wordpress_mariadb_password)
+      # WORDPRESS_DEBUG: true
+    networks: 
+      default:
+      web:
+    volumes:
+      - /home/aosus/aosus-wordpress/html:/var/www/html:rw
+    configs:
+      - source: custom-ini
+        target: /usr/local/etc/php/conf.d/custom.ini
+
+  mariadb:
+    image: mariadb:11.2.2@sha256:a9385bb457ebf4600da632cc331f11a5328c582bfb492aa76517282bcae1dcc9
+    restart: always
+    environment:
+      MARIADB_USER: aosusworddb
+      MARIADB_DATABASE: wordpress
+      MARIADB_PASSWORD: (aosus_wordpress_mariadb_password)
+      MARIADB_AUTO_UPGRADE: true
+      #MARIADB_RANDOM_ROOT_PASSWORD: '1'
+      MARIADB_ROOT_PASSWORD: (aosus_wordpress_mariadb_root_password
+    volumes:
+      - mariadb:/var/lib/mysql
+
+volumes:
+  mariadb:
+
+configs:
+  custom-ini:
+    file: /home/aosus/aosus-wordpress/custom.ini
diff --git a/caddy/configs/aosus-wordpress.caddyfile b/caddy/configs/aosus-wordpress.caddyfile
new file mode 100644
index 0000000..2ab8cc2
--- /dev/null
+++ b/caddy/configs/aosus-wordpress.caddyfile
@@ -0,0 +1,22 @@
+aosus.org {
+	header {
+		Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+	}
+	handle_errors {
+		# handle_errors is only triggerd on erros from Caddy and not the proxy, that's why we don't specifiy any errors here.
+		rewrite * /proxy_error_page.html
+		file_server {
+			root /srv/
+		}
+	}
+	# https://matrix-org.github.io/synapse/latest/reverse_proxy.html#caddy-v2
+	header /.well-known/matrix/* Content-Type application/json
+	header /.well-known/matrix/* Access-Control-Allow-Origin *
+	respond /.well-known/matrix/server `{"m.server": "matrix.aosus.org:443"}`
+	# add sliding sync availability (https://github.com/matrix-org/sliding-sync)
+	respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://matrix.aosus.org:443"},"org.matrix.msc3575.proxy":{"url":"https://syncv3-matrix-proxy.aosus.org"}}`
+	# redirect old links
+	redir /t/* https://discourse.aosus.org{uri} permanent
+	reverse_proxy aosus-wordpress:80
+	encode zstd gzip
+}