Use a static site generator plugin for Wordpress, host it completely behind IP restrictions or firewall rules, for only whoever needs to actually update it. The static site plugin will regenerate/update plain HTML files out of your WP instance whenever you tell it to; then it transfers those to your location of choice where they’ll just be hosted statically.
Wordpress is a pile of garbage from a security standpoint and having it exposed to the internet is basically asking to be hacked constantly by spammers and script kiddies. But it is useful as an easy content generation tool anyone can use, and at the cadence most people actually update it, the regeneration compute time is trivial.
Huh? What’s the link between generative ai and the need for a wp like tool? Or indeed lambda functions? Does the author think that _everyone_ is using aws?
It only moved off that because Conde Nast (parent company) had their own CMS and wanted to unify what all their brands used.
Many publishers (large and small) use it quite reliably at an enterprise level.
Terrible idea, terrible platform. For example, you want metadata on posts, you install ACF. You want to filter on that metadata, good luck if it's over a couple filters simultaneously, the SQL queries will time out. You're guaranteed to need different tweaks that get dumped into a scripts file, feels like patterns from 20 years ago. There are some people trying to untangle the Wordpress trash pile by refactoring and bolting Laravel onto it, but every layer is just a nightmare; the authors of different parts can barely assess why things randomly break.
You might find WP appealing for the plugin ecosystem, but the plugins are completely random in implementation, so you're likely to get a bloated scramble of CSS and JS pushed to your users.
I moved to Directus and Astro, but I would probably use a Laravel-based CMS like October or Statamic for more generalized PHP deployment.
There is still a lot of interest in wordpress, compared to say joomla which had its day in the sun but is now on the way out. However there seems to be a big move towards people using more SAAS (e.g. your broucure site being instagram) and less maintaining your own kit.
Also anecdote: my sax repair guy is moving off woocommerce onto an offering provided by his PoS vendor. PoS integration is also quite common - a local non profit I'm involved in also does this.
It's been quiet since they launched that, and I've never used it but it sounds like a good option for those who never really learned PHP
Was checking out the SSG scene and with the exception of a couple of gems its a loud, confused buzzword cacophony screaming for attention.
For comparison, Microsoft Windows still holds about 75% market share, a figure that has barely budged in the last five years, despite Apple making major inroads.
Recently I have had to help restore one that was completely infected, before we acquired the business. The amount of BS that still is exactly the same as it was the last time i was forced to manage WP in the early 2000's is insane. I get the draw, I just don't agree with it and would never openly advocate for it to be considered.
Every reason to not use it can be excused if you want to make an excuse for it or do something different with it, but at the end of the day it's dated and offers more headache and pain than any usefulness of it as a tool in hosting a site.
Here's some of my bug A boos...
- Doesn't scale
- Wants open permissions on files
- Wants you to use plugins
- Exposes services it doesn't need to expose
- Hardcode's FQDN in links and resources, and everything it can
- Defaults to be the dumbest install settings to make it "easy" for everyone
- Debugging is still a nightmare
- Logging is not consistent
- Maintains state on a machine, preventing you from scaling or high availability
- Codebase has no real framework to extend and use, preference on adding your own bad code to it in order to make it work.
- Does not work well with CI/CD automations
- Is a huge target of vulnerability scanners
- Page updates use a huge post size that is expensive to inspect w/firewall
- Making changes can and will take your site down
- Lets you modify a template file from the gui, but only the first directory level, making you still need to push changes to underlying files in a template.
- Performance is a joke
- Problem with a plugin can crash the full site
- SQL injection is still a significant problem
again, i know someone can rationalize them all away; you are putting in a ton of work that you could have done otherwise with a better solution and not have the ongoing limitations and nightmare associated with it. If you run it, you should consider it to already be hacked and move accordingly.
Often times i hear the argument, well there's nothing i need on there so it's not a security risk...i think your customers would dissagree when they start getting infected with crypto miners, clicking affilitate links that aren't yours, linking to malware, viewing content you didn't add, downloading files that are dangerous, using your hacked system to attack others, and on and on.