diff --git a/k8s/kustomization.yaml b/k8s/kustomization.yaml
index dcf39fe..431cfbe 100644
--- a/k8s/kustomization.yaml
+++ b/k8s/kustomization.yaml
@@ -16,3 +16,4 @@ resources:
   - snipeit
   - system-upgrade-controller
   - tofu
+  - wordpress
diff --git a/k8s/operators/external-secrets/generators.yaml b/k8s/operators/external-secrets/generators.yaml
new file mode 100644
index 0000000..bc50e1e
--- /dev/null
+++ b/k8s/operators/external-secrets/generators.yaml
@@ -0,0 +1,14 @@
+apiVersion: generators.external-secrets.io/v1alpha1
+kind: ClusterGenerator
+metadata:
+  name: password
+spec:
+  kind: Password
+  generator:
+    passwordSpec:
+      length: 64
+      digits: 5
+      symbols: 5
+      symbolCharacters: "-_$@"
+      noUpper: false
+      allowRepeat: true
diff --git a/k8s/operators/external-secrets/kustomization.yaml b/k8s/operators/external-secrets/kustomization.yaml
index c64b680..995cd50 100644
--- a/k8s/operators/external-secrets/kustomization.yaml
+++ b/k8s/operators/external-secrets/kustomization.yaml
@@ -5,3 +5,4 @@ resources:
   - namespace.yaml
   - bundle.yaml
   - bitwarden.yaml
+  - generators.yaml
diff --git a/k8s/wordpress/hannah.yaml b/k8s/wordpress/hannah.yaml
new file mode 100644
index 0000000..7599260
--- /dev/null
+++ b/k8s/wordpress/hannah.yaml
@@ -0,0 +1,155 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: hannah
+spec:
+  selector:
+    matchLabels:
+      app: hannah
+  serviceName: hannah
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hannah
+    spec:
+      containers:
+      - name: wordpress
+        image: library/wordpress:6.7.1
+        env:
+          - name: WORDPRESS_DB_HOST
+            value: hannah-db
+          - name: WORDPRESS_DB_USER
+            value: wordpress
+          - name: WORDPRESS_DB_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: hannah-db
+                key: password
+          - name: WORDPRESS_DB_NAME
+            value: wordpress
+        ports:
+        - containerPort: 80
+          name: web
+        volumeMounts:
+        - name: www
+          mountPath: /var/www/html
+  volumeClaimTemplates:
+  - metadata:
+      name: www
+    spec:
+      accessModes: [ "ReadWriteOnce" ]
+      resources:
+        requests:
+          storage: 5Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hannah
+spec:
+  ports:
+  - name: web
+    port: 80
+  clusterIP: None
+  selector:
+    app: hannah
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: hannah-db
+spec:
+  selector:
+    matchLabels:
+      app: hannah-db
+  serviceName: hannah-db
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: hannah-db
+    spec:
+      containers:
+      - name: mysql
+        image: library/mysql:8.4.3
+        env:
+        - name: MYSQL_DATABASE
+          value: wordpress
+        - name: MYSQL_USER
+          value: wordpress
+        - name: MYSQL_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: hannah-db
+              key: password
+        - name: MYSQL_RANDOM_ROOT_PASSWORD
+          value: "1"
+        ports:
+        - name: mysql
+          containerPort: 3306
+        volumeMounts:
+        - name: data
+          mountPath: /var/lib/mysql
+          subPath: mysql
+        resources:
+          requests:
+            cpu: 500m
+            memory: 500Mi
+        livenessProbe:
+          exec:
+            command: ["mysqladmin", "ping"]
+          initialDelaySeconds: 30
+          periodSeconds: 10
+          timeoutSeconds: 5
+  volumeClaimTemplates:
+  - metadata:
+      name: data
+    spec:
+      accessModes: ["ReadWriteOnce"]
+      resources:
+        requests:
+          storage: 10Gi
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: hannah-db
+spec:
+  ports:
+  - name: mysql
+    port: 3306
+  clusterIP: None
+  selector:
+    app: hannah-db
+---
+apiVersion: external-secrets.io/v1beta1
+kind: ExternalSecret
+metadata:
+  name: hannah-db
+spec:
+  target:
+    name: hannah-db
+  dataFrom:
+  - sourceRef:
+      generatorRef:
+        apiVersion: generators.external-secrets.io/v1alpha1
+        kind: ClusterGenerator
+        name: password
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hannah
+spec:
+  rules:
+    - host: hannah-wp.janky.solutions
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name:  hannah
+                port:
+                  name: web
diff --git a/k8s/wordpress/kustomization.yaml b/k8s/wordpress/kustomization.yaml
new file mode 100644
index 0000000..44b8dca
--- /dev/null
+++ b/k8s/wordpress/kustomization.yaml
@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: wordpress
+resources:
+  - namespace.yaml
+  - hannah.yaml
diff --git a/k8s/wordpress/namespace.yaml b/k8s/wordpress/namespace.yaml
new file mode 100644
index 0000000..b7bac78
--- /dev/null
+++ b/k8s/wordpress/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: wordpress