Yes, you can get the performance benefits with caching solutions like Varnish, but what about the security benefits I outlined above, how do you get those?
You don't. Still, I'm not aware of any tooling around WordPress that makes this a viable strategy for the average WordPress customer, which I guess is the answer why nobody does it.
There is tooling: take a look at roots.cx It has a workflow for using WordPress as a backend to manage a static site (generated by roots): https://github.com/carrot/roots-wordpress
In addition, it's not that hard to come up with a home-grown workflow using WordPress's REST API (now a plugin but soon to become part of the core application). Middleman has native support for generated static pages from a JSON API (dynamic "proxy pages") and it's not hard to make a Jekyll plugin to do the same.
Server 1 is based on the the free tier on OpenShift.
Server 2 is based on the free tier on Google App Engine (or Amazon EC2).
On server 1 you install Apache, WordPress, Varnish and a file sync solution like syncthing.
On server 2 you setup the DNS settings for your site plus the sync client.
On server 1, you have WordPress use the Varnish plugin to automatically populate the Varnish cache with all pages on your site. Syncthing (or something similar, if syncthing doesn't work with GAE or EC2) looks at the Varnish cache folders and pushes all changes to Server 2.
That's about all you need to do. It basically gives you a fast and hack-resistant WordPress website, and you only pay for the site domain name.
