Hacker News new | past | comments | ask | show | jobs | submit login

> running your own Wordpress is one of the worst thing you can do on your own server, putting your whole server at risk, not just your website.

My personal experience says this is 100% true.

Even when I've managed to stay on top of WP updates my server is invariably targeted more often by automated attacks more often than others that are hosting static sites and other frameworks. I strongly suspect that attackers maintain lists of server addresses that host WordPress sites and use that to make assumptions about their running services. If they know that it's a "self-hosted" webserver, even if they can't break WordPress there's a very good chance that some other unmatched vulnerability exists.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact