Hi everyone. Is there going to be any chances that the Linux kernel will be exploited in the wild when ti comes to exploting any vulnerabilities in my ClassicPress website or Apache web server? I have followed security best practices such as securing my ClassicPress website. I have Content Security Policy (CSP) and mod_security2 in place.
I only have a handful of plugins such as “Toggle wpautop” (disable automatic generation of paragraph tags), Google Sitemap Generator, Edit Author Slug, Disable REST API, and WP-Optimize for cleaning up my database. Plus, I built my own theme from scratch and did not have any security problems so far. So yeah, I’m up to date with ClassicPress and plugins. Plus, I don’t use wp_head() function that exposes ClassicPress version number along with the plugins.
Besides, I chose ClassicPress over WordPress for security over new features per update. Every update that adds a new feature increases the attack surface and I want to keep that to the minimum. Also, my website does not get a lot of traffic. I have much greater presence in Twitter than in my blog when it comes to writing articles. This is my website I’m referring to:
Sure, if there are any security vulnerabilies within the Linux kernel that relate to Apache web server or my website, then I will update the kernel and restart the VPS server, but honestly, I don’t see stability being one of the reasons for keeping the Linux kernel up-to-date. So whenever a new kernel release comes out about 5 times a month, should I update the Linux kernel and restart my VPS server from time to time (after midnight in the east coast)?