Hi HN long time lurker 1st time poster.<p>Over and over the question of "should we use Wordpress" comes up in my life working with startups. It's easy for everyone to work with, lots of themes, SEO works well.
But security is a constant headache.<p>What do people use? I've used Jekyll and Laravel in the past, but I need marketing people to be able to write and publish posts and edit pages.<p>Is there a good alternative?
If the answer is "just use wordpress", any novel approaches for keeping it secure? I'm checking out ManageWP for auto updates, and the possibility of doing private WP and publishing to static as well.<p>Thanks!
I love WordPress but you're right... it can be a PITA when it comes to security, not to mention a host of other issues.<p>I, too, have been looking for alternatives for certain projects, and while I can't specifically recommend any yet, as far as keeping WordPress secure goes I've always found that folks who consistently run into issues always seem to either choose poorly when it comes to basic security (i.e. crappy passwords, only ever using the Admin user, etc.) OR they haven't done any basic WordPress security hardening.<p>WordPress has a decent intro to making itself more secure here: <a href="https://codex.wordpress.org/Hardening_WordPress" rel="nofollow">https://codex.wordpress.org/Hardening_WordPress</a>, but if you just look up "wordpress hardening" in your search engine of choice you'll find a ton of resources to get you going.
I actually moved from Word Press to BlogSpot a few years ago. I like it a lot better. It is very user friendly for non-tech people and you can add authors, who have fewer permissions than admins. You can use a third party domain to make it a .com.<p>You can edit the HTML if you don't like their themes. A non coder can also do quite a lot to change the look, layout and functionality.<p>Google now handles backend updates and security for me. It is vastly less of a headache for me than Word Press was.<p>Full disclosure: I am not a programmer and I am not actually qualified to assert that BlogSpot is <i>more secure.</i> I just like it as a platform and I don't understand why it has such a terrible reputation as something you should not take seriously.
If you're looking or a CMS for Jekyll (or Hugo) sites, we're developing <a href="https://forestry.io" rel="nofollow">https://forestry.io</a><p>A lot of our users are building very high-performant, secure, static sites with these tools.