On Tue, Jul 21, 2015 at 10:13 AM, Vy-Shane Sin Fat <shane_at_node.mu> wrote:
> The poor track record of Wordpress security is a recurring topic in this
> mailing list, with some members going out of their way to look for
> alternative blog engines [1]. We also often see reports of Mauritian
> websites being compromised.
>
> Here's an alternative solution what should be very resilient:
>
> 1) Use a static site generator like Jekyll [2]
If there is little maintainance, then it's worth it in terms of
manpower invested.
> 2) Deploy the site as a read-only Docker container
Docker is a very interesting technology, that makes such deployment of
web applications very easy. Deploying as a read-only container would
indeed help !
>
> We basically move the smarts from the page serving step to a publishing step
> that is performed off server. The server serves static pages from a read
> only-environment. It's a simple solution with very few moving parts, and a
> reduced attack surface.
And not that much of overhead in terms of performance.
>
> Thoughts?
>
> [1]: http://logan.hackers.mu/2015/05/what-is-under-the-hood
> [2]: http://jekyllrb.com
>
Received on Wed Jul 22 2015 - 19:58:17 PST