After a year of working on transferring our blog that was on Strapi to WordPress (as I was hired to come in to do), the developers are once again fighting back for Strapi. Our CTO firmly believes that our WordPress will be hacked, then compromise our server/database- although I assured him we would have minimal, popular-known plugins implemented and I would be okay updating the WP plugins on a daily basis. We all decided that we would transfer our “internal” pages where servers interact with payment and private information thru another subdomain. The developers have said it would take so much time and resources that it’s not worth doing that. So the decision I have to make now is 1. Have WP be on the same domain but if we get hacked it’s my fault and I get fired 2. Continue using Strapi without an available local front-end developer and expect 1-2 month lag time because of our limited resources
Things that are unfortunate:
1. Our developers are very far and limited, let’s say Serbia and staying on Strapi will mean continued slow development to any SEO back-end change requests or even updates
2. To do WP, I have the freedom to make SEO organic and technical changes and not even interact with our developers at all
3. We all still want to optimize SEO and keep our blog on the same domain with a directory- issue is like the CTO mentioned is there is a risk of WP getting hacked and our customer information on the same database be compromised
I guess my question is has anyone’s blog really been compromised? How likely am I going to get fired?
Keeping WP secure is really as simple as: use good hosting, using popular/well-known plugins + themes, and keeping them up to date, and ensuring good user password hygiene (enforce complex passwords)… it’s really that simple. Wordfence + Cloudflare also help.
I run 3 WordPress websites for the US Airforce. The Whitehouse website is run on WordPress. CNN’s website is WordPress. Your cto needs to be schooled a little on the state of the world as far as WordPress goes.