If devs don't want to bother with the undelying CMS security issues (or don't know how), they should stick to static site generators like Jekyl. Or even build using WP/Joomla and use the many plugins available for the CMSes that export the whole site as a static one. Then if there's to be anything dynamic it should be from a read-only JSON endpoint o something.
↧