Open
Description
In order to improve the security and reduce maintenance costs we may do a PoC to try to introduce a concept of having whole Wordpress behind basic auth and serving only statically generated HTML to the visitors. Of course that should be an optional mode.
Benefits:
- Reduces security surface significantly
- Improves performance (no WAF required to protect WordPress, no security plugins required, visitors does not trigger PHP & Database)
- No need to setup extra caching, just the client-side caching headers
Solutions worth to try:
- https://wp2static.com/developers/wp-cli/ (has a CLI support, so we can write a simple Go application that would watch for changes in WP posts table, then trigger rebuild)
Requirements:
- Setup NGINX to behave differently (what about WP installation process to be available when this mode is on?)
Metadata
Metadata
Assignees
Labels
No labels