If i were to take a shot every time vulnerabilities are found in the WordPress ecosystem i’d be comatose by now…
What are alternatives of WordPress if I wanted to add something to my website?
If you want to add something to your website then you’re already running WordPress, no?
What are you trying to achieve?
- static site like a blog? - Hugo
- add comments? - Commento paid, or you can self-host
- cloud stuff (e.g. Google Drive replacement) - NextCloud
There’s a ton you can do, you don’t need WordPress just because you want a website. Figure out what you want your website to do, then look for tools to do that.
Just a side note, Commento is kinda dead on the self-hosting front at least as it’s been years since an update, which is probably not great for a public service.
However, Comentario is a updated fork that’s being maintained.
I’ve used https://getgrav.org for a while and it’s been pretty solid.
If you want a mostly straightforward WordPress-alike that’s not WordPress, you probably should at least consider Ghost. I’m using it for my blog and it’s got a slightly weird focus on “paid blog members”, but it’s super solid and doesn’t have a multi-decade history of endless security problems.
And, soon, it’ll be a happy member of the Fediverse.
I’d guess it’s not because of the inherent insecurity of WordPress, but the sheer size of the ecosystem and the fact that like 40% of the Internet is WordPress sites.
And inherent insecurity. It wasn’t designed to be secure, it was designed to be full-featured, so it has a pretty big attack surface.
That’s the ecosystem. WordPress itself is pretty basic, these things attack plugins, and their often not-very-experienced creators and users. The thing with WordPress is that this kind of vulnerability comes with the problem space, not the particular solution. If there was a different product in the same space, it would not fare better by default.
Also, I’d bet that a ton of CVEs are filed for C++ libraries, yet nobody is harping on about how insecure C++ is.
