Recently, in one of the Facebook groups I belong to, someone asked a question about how to make WordPress more secure.
Much as I love WordPress, I have to admit that for a risk adverse person it can be worrying to know that it is a target for hackers. People who build WordPress websites for clients are likely to recognise the scenario where they hand the site over to the client, stressing that it’s important to keep the theme and plugins up to date. A few months later the client asks them to do some more work, but when they log in to the WordPress dashboard they see several plugins that have not been updated. Hopefully the client, or their host, will have been keeping backups in case the worst happens.
There are ways to get WordPress plugins and themes to update automatically, and in fact this feature will be included in WordPress version 5.5 (due in August 2020). It’s possible to set up automatic backups too, but it would be nice not to have to worry about the more vulnerable aspects of WordPress.
Sometimes, I have used WordPress.com, rather than self-hosted WordPress, as this takes care of updates and security. However, it’s only with the relatively expensive Business plan that it is possible to use plugins or to install any theme you choose.
One of the other members of the Facebook group suggested that a possible solution would be to look into HardyPress.
A few days later, TechCrunch posted an article about Strattic titled “Strattic raises $6.5M to bring static WordPress to the masses“.
The premise behind these services, and others such as Shifter, is that WordPress is a great tool for building a website, but converting it to a static version results in a more secure, and faster loading, site. This approach wouldn’t be suitable for all websites as dynamic elements such as shopping carts, comments, social media feeds etc. would not work. But it seems to make sense for sites that don’t need that type of feature.