On 28 April 2018 at 12:31, Jason S. Evans <jsevans@gardeng.nom.es> wrote:
1. If you are a non-profit or some other org/person who doesn't care if
visitors know who they are, but they want their visitors privacy to be
protected.

Literally Facebook.

https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237/

2. You both want your privacy and your visitors privacy to be
protected.

Any SecureDrop site; also remember that classic Onion HTTP/S sites offer a smaller attack surface to the web, than do TCP/IP HTTP/S sites.

e.g.: DDoS is mostly negated, etc.

I'm looking for suggestions for both of these two categories. The
easiest, I think would be to just host flat html files on a hardened
web server, but that is both tedious and ugly (unless you are really
good at html). I's prefer something a but more automated.

This might help?


If you're looking for fast, utterly bombproof serving, then yeah, predefined flat files and static content are the way to go.

That said: Wordpress with near-zero plugins, but optimised WP-SuperCache enabled, is pretty good. 

    -a

--