[kephra]

You need a 2nd trusted but independent person, who writes an application that runs on your webserver checking its own signature, and the hash sums of your code, after this trusted person started it with a password only he knows to access the encrypted database of hashkeys and other metadata.

The drawback is, that you can show that the site is not compromised directly after a reboot, but you need to call your friend to login, to give the password for his validity checker. Once his app runs, other can connect to it, and use the public key of the app to check if your own app is ok.

The problem is to find someone who is independent of you, so your community trusts him, and you also need to trust him, as his code is running on your server.