When I used to blog 10+ years ago I had a killer list of WordPress blogs I followed but as time went on I sort of gave up on the whole blogging thing and forgot about most of them. Now that WP is part of the fediverse I’m curious, what are some of your favorites?
Self-hosted WordPress blogs were actually already able to federate with the fediverse (if the blog admin installs the requisite plugin). The recent news is that blogs hosted on WordPress.com are now also able to federate.
WordPress.com is the name of the hosting service by the creators of WordPress, but you can also choose to host the WordPress software elsewhere (and many do).
Also note that WordPress.org is run by a non-profit organization called the WordPress Foundation which is a separate entity from Automatic, the for-profit business that runs WordPress.com and provides hosting for their own proprietary version of WordPress that costs significantly more than the vast majority of WordPress hosting platforms that provide the unmodified version of the software with all of the features and none locked out behind a paywall.
Moved my personal site off of WordPress around 5 years ago because, for my single-user purposes it was resource heavy compared to a static site generator like Hugo or Pelican. I also had quite a lot of spam traffic, even with anti-spam plugins, and eventually I just disabled comments outright and the new user registration page. Admittedly, I was never that active with it, so I’m fully willing to accept that it could have been a me problem.
I also recall the general security of WordPress being a concern around that time, mostly because it was a popular target, so a big part of me moving to a static site generator was just to avoid having to constantly get on and update WordPress for security patches, when I only posted on the blog a few times a year at most.
Fediverse support has me considering returning to WordPress, but I’m curious how much upkeep running your own instance is these days.
IIUC the main problem with security (and how most WP sites get pwned) is the plugin ecosystem. There are thousands of plugins out there, which means that among many secure ones, there are also many (very) insecure ones. If you’re judicious and don’t install low-quality plugins, it shouldn’t be a major problem.
WordPress itself has automatic updates turned on by default, so if a vulnerability is patched in WP core, that will land on your site automatically without any effort on your part.
One plugin that’s I use on my WP sites is the free version of the Wordfence firewall. While not really necessary given the above, it does give me a little peace of mind.
All that said, the main draw for WP is to be able to manage a website without having to touch code. If you’re happy to write your pages by hand, a static site generator is definitely a lot more lightweight than a CMS like WordPress.
It’s literally the same issues, except that the market usage of WordPress is much higher now at over 43% of the entire Internet and around 60% of sites that use a CMS.
You can use WordPress as a “headless CMS” to generate static pages, but at that point just use something else.