26 Nov
2023
26 Nov
'23
10:54 a.m.
On 2023-11-26 10:05+0000, Peter Collins via BitFolk Users wrote:
A little narrow sighted, Wordpress is extremely secure
and as a core
platform it is proactively maintained to what I see has a high
standard.
Of course there may be issues with some plugins but those are
secondary choices to Wordpress itself.
Arguably the insecurity you are referring to is that of the system
administrator for not maintaining the local system, if the platform
isn't patched then by the same count debain isn't secure.
From a DoS point of view any WordPress site with search enabled is going
to be subject to high-load events when someone takes a grudge against
your business.
If you have a limited catalogue of products, I think static generation
is the place to be, is is going to be a faster experience for the user
and you'd handle more reqs/sec until you're at a shopping basket. Better
than nothing.
I'm toying with the idea of putting my static site into WordPress,
offline, and copy the statics. I don't have the time really to make my
site mobile friendly. A random template that's done that for me, bonus
points for markdown, seems a good route.
WordPress does have a reputation for vulnerabilities, but I don't know
how much of that has to be coupled with a sysadmin that sets things up
with poor permissions? How much of that reputation is down to PHP
scripting flaws on the plugin author's part?
Anyway, if the apache module I linked to earlier floats your boat, let
me know - I'm happy with it at the moment :)
Ed