[coding123]

I don't consider wordpress plugins a value. The more plugins you install, the higher the attack surface and less tested your overall setup is.

I am a developer with 30 years of experience. I installed a WP site for my wife with some plugins and themes. Within a few days I had tons of porn and 100 megabyte files being dumped on the server. I tried cleaning it up a ton of times, and looked for whatever plugin or script was being exploited.

After a few more days Google flagged it for being compromised, so I erased the server off amazon after some content backups, created a new server and deployed a Docker image with static content. Then I wrote to google saying I have deployed something that is impossible to hack: A static site being deployed in Docker so the host is not compromise-able. Google cleared the flag the next day.