diff --git a/.env.sample b/.env.sample
index b442e7b..5c9b497 100644
--- a/.env.sample
+++ b/.env.sample
@@ -44,3 +44,10 @@ COPY_ASSETS="$COPY_ASSETS icon.png|app:/web/dist/assets/icons/"
 # SECRET_NEXTCLOUD_ID_VERSION=v1
 # SECRET_NEXTCLOUD_SECRET_VERSION=v1
 # APP_ICONS="nextcloud:~/.abra/recipes/authentik/icons/nextcloud.png"
+
+
+# COMPOSE_FILE="$COMPOSE_FILE:compose.wordpress.yml"
+# WORDPRESS_DOMAIN=wordpress.example.com
+# SECRET_WORDPRESS_ID_VERSION=v1
+# SECRET_WORDPRESS_SECRET_VERSION=v1
+# APP_ICONS="$APP_ICONS wordpress:~/.abra/recipes/authentik/icons/wordpress.png"
diff --git a/abra.sh b/abra.sh
index 5008f22..d489439 100644
--- a/abra.sh
+++ b/abra.sh
@@ -6,6 +6,7 @@ export FLOW_RECOVERY_VERSION=v1
 export FLOW_TRANSLATION_VERSION=v1
 export SYSTEM_TENANT_VERSION=v1
 export NEXTCLOUD_CONFIG_VERSION=v1
+export WORDPRESS_CONFIG_VERSION=v1
 
 customize() {
     if [ -z "$1" ]
diff --git a/compose.wordpress.yml b/compose.wordpress.yml
new file mode 100644
index 0000000..6ccf043
--- /dev/null
+++ b/compose.wordpress.yml
@@ -0,0 +1,26 @@
+version: "3.8"
+services:
+  worker:
+    secrets:
+      - wordpress_id
+      - wordpress_secret
+    environment:
+      - WORDPRESS_DOMAIN
+    configs:
+      - source: wordpress
+        target: /blueprints/wordpress.yaml
+
+secrets:
+  wordpress_id:
+    external: true
+    name: ${STACK_NAME}_wordpress_id_${SECRET_WORDPRESS_ID_VERSION}
+  wordpress_secret:
+    external: true
+    name: ${STACK_NAME}_wordpress_secret_${SECRET_WORDPRESS_SECRET_VERSION}
+
+
+configs:
+  wordpress:
+    name: ${STACK_NAME}_wordpress_${WORDPRESS_CONFIG_VERSION}
+    file: wordpress.yaml.tmpl
+    template_driver: golang
diff --git a/icons/wordpress.png b/icons/wordpress.png
new file mode 100644
index 0000000..11e550c
Binary files /dev/null and b/icons/wordpress.png differ
diff --git a/wordpress.yaml.tmpl b/wordpress.yaml.tmpl
new file mode 100644
index 0000000..f871478
--- /dev/null
+++ b/wordpress.yaml.tmpl
@@ -0,0 +1,43 @@
+version: 1
+metadata:
+  labels:
+    blueprints.goauthentik.io/instantiate: "true"
+  name: Wordpress
+
+entries:
+
+- attrs:
+    access_code_validity: minutes=1
+    authorization_flow: !Find [authentik_flows.flow, [slug, default-provider-authorization-implicit-consent]]
+    client_id: {{ secret  "wordpress_id" }}
+    client_secret: {{ secret  "wordpress_secret" }}
+    client_type: confidential
+    include_claims_in_id_token: true
+    issuer_mode: per_provider
+    name: Wordpress
+    property_mappings:
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, openid]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, email]]
+    - !Find [authentik_providers_oauth2.scopemapping, [scope_name, profile]]
+    signing_key: !Find [authentik_crypto.certificatekeypair, [name, authentik Self-signed Certificate]]
+    sub_mode: user_username
+    token_validity: days=30
+  conditions: []
+  id: wordpress_provider
+  identifiers:
+    pk: 9998
+  model: authentik_providers_oauth2.oauth2provider
+  state: present
+
+- attrs:
+    meta_launch_url: https://{{ env  "WORDPRESS_DOMAIN" }}/wp-login.php
+    open_in_new_tab: true
+    policy_engine_mode: any
+    provider: !KeyOf wordpress_provider
+    slug: wordpress
+  conditions: []
+  id: wordpress_application
+  identifiers:
+    name: Wordpress
+  model: authentik_core.application
+  state: present