122
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 12 Oct 2023
122 points (98.4% liked)
Fediverse
28220 readers
243 users here now
A community to talk about the Fediverse and all it's related services using ActivityPub (Mastodon, Lemmy, KBin, etc).
If you wanted to get help with moderating your own community then head over to !moderators@lemmy.world!
Rules
- Posts must be on topic.
- Be respectful of others.
- Cite the sources used for graphs and other statistics.
- Follow the general Lemmy.world rules.
Learn more at these websites: Join The Fediverse Wiki, Fediverse.info, Wikipedia Page, The Federation Info (Stats), FediDB (Stats), Sub Rehab (Reddit Migration), Search Lemmy
founded 1 year ago
MODERATORS
Moved my personal site off of WordPress around 5 years ago because, for my single-user purposes it was resource heavy compared to a static site generator like Hugo or Pelican. I also had quite a lot of spam traffic, even with anti-spam plugins, and eventually I just disabled comments outright and the new user registration page. Admittedly, I was never that active with it, so I'm fully willing to accept that it could have been a me problem.
I also recall the general security of WordPress being a concern around that time, mostly because it was a popular target, so a big part of me moving to a static site generator was just to avoid having to constantly get on and update WordPress for security patches, when I only posted on the blog a few times a year at most.
Fediverse support has me considering returning to WordPress, but I'm curious how much upkeep running your own instance is these days.
IIUC the main problem with security (and how most WP sites get pwned) is the plugin ecosystem. There are thousands of plugins out there, which means that among many secure ones, there are also many (very) insecure ones. If you're judicious and don't install low-quality plugins, it shouldn't be a major problem.
WordPress itself has automatic updates turned on by default, so if a vulnerability is patched in WP core, that will land on your site automatically without any effort on your part.
One plugin that's I use on my WP sites is the free version of the Wordfence firewall. While not really necessary given the above, it does give me a little peace of mind.
All that said, the main draw for WP is to be able to manage a website without having to touch code. If you're happy to write your pages by hand, a static site generator is definitely a lot more lightweight than a CMS like WordPress.
It's literally the same issues, except that the market usage of WordPress is much higher now at over 43% of the entire Internet and around 60% of sites that use a CMS.
You can use WordPress as a "headless CMS" to generate static pages, but at that point just use something else.