Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You could consider reviewing how others do it. There's a reason why less and less want to host their comments and outsource that instead. Comment = write access to your site. You don't want that. There are multi-million dollar spam farms dedicating hundreds of developers to finding ways to spam and abuse comments.

Every single WP, Drupal and Joomla website that I know that was not properly maintained or hosted with a major provider (such as WP@WP themselves) got hacked at some point.



Thanks for your comment.

Right - but I really do want comments. This site and many many others have write access and manage. If a self-hosted solution ever caused me issues on account of spam etc, I'd review the situation.


With outsourcing comments someone else handles (some of) the back-end, facilitating appearance of comments on your site but limiting your own back-end exposure.

One solution under active discussion is here: https://news.ycombinator.com/item?id=25570268




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: