Business owner here, not a technologist. The setup I want is for our SSO to accommodate a Wordpress learning site hosted at WP Engine with a custom PHP app hosted elsewhere (Vultr).
I was able to get this setup configured and functional, but a technology advisor is telling me that such a dual-server arrangement opens up “massive security vulnerabilities.”
Can I get some insights / thoughts on this from those more knowledgeable than I about these matters?
Generally, you should be able to achieve what you are describing. I can’t speak directly to Vultr and WP Engine, but you should be able to SSO across the two applications even if they aren’t hosted on the same provider.
edit: This advice is fairly general given we don’t have an intimate understanding of your applications. Working with a professional is always recommended if you aren’t confident in setting up your application.