| I used to have a static website, before I wised up and moved to Wordpress like everyone else. I found that, once I restricted myself to the features of static pages, the security risks of Wordpress were a lot less scary: - You can't hack form submissions if the site doesn't have any forms on it. - If you're going to require SSH to publish new pages, you can require SSH tunnels to log in to Wordpress or access any admin pages. (I should write up my nginx config for this.) - If you were prepared to make every site update require a Git push, you can surely afford to disable WP's very scary self-update-in-place feature and perform WP updates from a development server instead. - A WP site that could be usefully replaced by a static site is vulnerable... how, exactly? Static sites don't accept credit card numbers. Customers can't even log in, so they won't type in their darkest secrets even if they wanted to. Employees can be told to follow rules like "don't use your Gmail password for the corporate WP site" and "don't type anything into the public publishing engine that would cause an emergency if it were published to the public." The biggest risk is denial-of-service and defacement. Restore from your tamper-proof offline backups, which you need to have anyway. There are probably fifteen different services you could use to be alerted when the website changes unexpectedly or starts serving up malware. Of course, static websites are faster. Until you turn on Cloudflare's free plan, which makes everything faster still. |