Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The WordPress hacking/plugin security issue has been a solved problem for well over 10 years now if you're even basically competent. Especially if you're using something like WP Engine or Pantheon for hosting.


WP Engine etc. cost a fortune - tens of thousands per year when you get a lot of traffic - for something that could be served statically for pennies.


Read my other comment. You can very easily use WordPress as just the CMS and still serve static content built from it.

So $30/mo for a secure, globally accessible backend for all of your content editors and pennies to serve it.


That's exactly what I advocate for as well. Static site export plugin for WP, and firewall WP behind an IP restriction. When Marketing updates the site every 3 weeks they can go click the big "Export" button to "publish it to the main site."


what is unique about those hosts with regards to plugin security?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: