Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have no idea if it’s still true but it used to be the case that you had 3 choices with a Wordpress install and even a couple plugins:

1) Have a part time job updating it and plugins, making sure you weren’t introducing vulns at every step

2) Leave it as is and hope that no vulns are discovered for your particular version or plugin versions

3) Have things auto-update and pray that your plugins don't get sold or compromised and backdoor your site



4) Don't use a stack of plugins, if you must use any keep them as dumb as possible and stick to those with a longstanding reputation.

A basic instance, set to auto-update, installed on a shared webhost where OS/web server updates are someone else's problem is pretty foolproof. A VPS running a long-term distro set to auto update is almost as good.

---

That said I personally dropped Wordpress for static site generation years ago because I realized I didn't actually need any of the dynamic features and wasn't using the WYSIWYG editor. Now I write Markdown in to a file in a git repo and then trigger a regeneration whenever I update it.


Sure, that's possible, but so much of the value of Wordpress is in the plugins.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: