alt Hacker News> Also, if all these were so much concern, I doubt so much of the web would run on Wordpress.
I used to run a company that all we did was wordpress, joomla, and drupal maintenance, performance optimization, and hack recovery. It very much was and mostly continues to be that bad.
> Risk of breakage on update is a thing everywhere, not just Wordpress.
Ya the issue with server side rendering is that your live environment is made of up dozens to hundreds of difference software stacked on top of each other and they all pretty much need to work perfectly to actually work and or not be vulnerable. And if you use something standard like cpanel to manage your environment, add another 1000 layers of complexity to the stack.
And lets not even go into all the work it takes to have that environment have decent performance and run on reasonably priced hardware.
Where as my concerns for my SSG live environments basically amounts to, is the host publicly accessible? To be vulnerable you would need to do something very stupid like set file permissions to 777 or something.
Again, we're talking about blogging, not business sites or SSR or CMS tooling. Very different needs with very different solutions.
I personally don't think it's that much work, and definitely not complicated, to keep my software up to date. And as a blog all I need to do is cache / throw behind a CDN and I'm golden. Nothing complex going on here. No headaches, no late nights, not even a wink of worry.