The poor track record of Wordpress security is a recurring topic in this
mailing list, with some members going out of their way to look for
alternative blog engines [1]. We also often see reports of Mauritian
websites being compromised.
Here's an alternative solution what should be very resilient:
1) Use a static site generator like Jekyll [2]
2) Deploy the site as a read-only Docker container
We basically move the smarts from the page serving step to a publishing
step that is performed off server. The server serves static pages from a
read only-environment. It's a simple solution with very few moving parts,
and a reduced attack surface.
Thoughts?
[1]:
http://logan.hackers.mu/2015/05/what-is-under-the-hood
[2]:
http://jekyllrb.com
Received on Tue Jul 21 2015 - 06:14:05 PST