Hexo is a static site generator. Main risks are compromised build dependencies and leaked deployment credentials, not PHP or database runtime attack surface.
¶ 1) Protect secrets and administrative access
- pin Node dependencies and run npm audit in CI for each release
- protect deploy keys and tokens used for Git or object storage publishing
¶ 2) Control extensions and update cadence
- sanitize markdown rendering and custom plugins to prevent injected scripts
- limit who can trigger production builds
¶ 3) Harden runtime and deployment perimeter
- serve generated output with CSP and no-inline-script policy where possible
- rotate CI secrets and revoke old deploy keys
- Hexo docs: https://hexo.io/docs/
- Hexo source: https://github.com/hexojs/hexo
Any questions?
Feel free to contact us. Find all contact information on our contact page.