WordPress vs. Ghost: Why Automated Bot Attacks Are Making us think much

Frank Milvus — Sat, 23 May 2026 12:09:41 +0000

If you run a self-hosted website, your server logs probably look like a digital battleground. Every single day, thousands of automated bots crawl the internet looking for one specific target: WordPress.

If you check your server logs, you will often see lines exactly like these:

162.158.87.119:0 - "GET /wp-admin/install.php?step=1 HTTP/1.0" 404
2026-05-23 11:46:22,634 INFO [elliotsec.http] request_id=f76d4be342ef method=GET path=/wp-admin/install.php status=404 client=162.158.87.119 duration_ms=1.47

Even if you don't use WordPress, bots will relentlessly probe your server for folders like /wp-admin/ or /wp-login.php.

For a personal website or blog, this constant barrage raises a massive question: Is WordPress still worth the security headache, or is it time to switch to a modern, secure alternative like Ghost?

1. The Reality of WordPress Vulnerabilities

WordPress powers over 40% of all websites on the internet. Because it is so ubiquitous, it is the number one target for hackers. It isn't necessarily that the core WordPress code is inherently broken, but rather its ecosystem:

The Plugin Trap: Most WordPress sites rely on dozens of third-party plugins and themes. If just one developer forgets to patch a loophole, your entire site is compromised.

Legacy Code: WordPress has been around for over two decades. It carries a massive amount of old code to ensure backward compatibility, which inherently leaves a larger surface area for bugs and exploits.

2. How Automated Bot Scans Can Hack You Instantly

The logs you see above aren't human hackers sitting at a desk typing commands into your site. They are automated attack scripts (or "scanning bots") running 24/7.

[Attacker Botnet]
│
├─► Scans IP range for common paths (e.g., /wp-admin/install.php)
│
├─► Checks if page exists (Status 200) or is missing (Status 404)
│
└─► If found: Automatically injects known exploit code to take over the site

Targeting: The bot crawls millions of IP addresses looking for standard WordPress paths (like /wp-admin/install.php or vulnerable plugin folders).
Fingerprinting: If the server returns a 200 OK instead of a 404 Not Found, the bot knows it has found a WordPress site. It will then instantly check the site's source code to see what version it is running.

3.Automatic Execution: If your site is running an outdated version of WordPress or a plugin with a known vulnerability, the bot executes a pre-written script. Within seconds, it can inject malicious code, install a backdoor, steal data, or turn your server into a spam bot.

3. Why Ghost is Better for Personal Websites

If you just want a fast, clean, and highly secure personal website or blog, Ghost is fundamentally better designed for the modern web.

Here is why switching to Ghost eliminates most of the anxiety shown in your server logs:

A Near-Impenetrable Attack Surface

Unlike WordPress, Ghost does not use a massive network of unvetted, third-party PHP plugins to get basic functionality. Features like SEO optimization, newsletter distribution, membership management, and social sharing are built directly into the Ghost core by professional engineers. Fewer moving parts means fewer doors left open for hackers.

Modern, Secure Technology Stack

WordPress runs on PHP, a language notoriously difficult to secure perfectly at scale. Ghost is built on Node.js and handles routing much more cleanly. Because automated scripts are overwhelmingly programmed to look for PHP vulnerabilities, Ghost sites completely bypass the vast majority of blind bot storms.

Lightweight and Fast

In your logs, you might notice your memory hovering around critical limits:

mem avail: 300 of 961 MiB (31.22%)

WordPress is incredibly resource-heavy. Database queries, heavy plugins, and bulky themes eat up RAM quickly, leaving your server sluggish or prone to crashing when bots hit it hard. Ghost is incredibly lightweight. It handles traffic spikes efficiently and uses a fraction of the system memory that a standard WordPress setup requires.
10$ VPS all what you need. I use kamatera.com

Summary: Making the Right Choice

WordPress is great if you are building a complex e-commerce store or a massive corporate directory that requires highly specific integrations.

But if your goal is to share your thoughts, build a portfolio, or publish articles securely without checking your server logs in fear every morning, Ghost wins by a landslide. It removes the background noise of internet bot attacks and lets you focus on what actually matters: writing.

For more insights on web development, security, and hosting tech, check out Gwing Articles.

NeuroCalT+ Mental Math

Frank Milvus — Thu, 21 May 2026 21:53:54 +0000

A long time ago, I read a perfect book. I really like that kind of stuff. The main problem I had back then was trying to train my skills. It is so much fun to use this method to solve math problems, but it is absolutely not as fun to create those tasks for yourself. I thought a lot about how to do it and tried several apps, but they didn't offer what I wanted. I wanted pure math—no gamification, no ads, just examples to solve.

Moreover, I really like multiplication by 5 (even numbers). It is so simple and so impressive when you show someone how you can multiply any number like

84848284868682 * 5

in seconds. I am glad I met people who are interested in it as well. The story of Trachtenberg is unique, and that's a fact.

I decided to make a small app for training, and I found that the most interesting part is multiplication. Maybe I will add some other operations in the future. If you want, you can try it out. It is free, requires no registration, has no annoying ads, and so on—just pure math. I hope you like it!

https://play.google.com/store/apps/details?id=com.milvus.grema

DEV Community: Frank Milvus