How to secure a “blog” website that is just HTML files?

Question

I am planning to host my own blog which is just a collection of simple HTML files and was wondering how to protect it from hackers. I did google about it and quora tells me its just about securing server password and 2FA. Really that simple? I want to know from proper hackers how to go about it. Note that I don't want alternate solutions like static HTML generators etc.

JPLeRouzic · Accepted Answer

I have a blog (padiracinnovation.org) since a few years. To my knowledge, it was never hacked.
The stack is:
* HTMLy (modified to fit my needs) and FTP
* PHP
* Apache
* Debian
I use Cloudflare at least to get an easy HTTPS and a few other reasons (seeing traffic and possibly attacks).
I use passwords, but they are very complex and I minimize their number (one for HTMLy, one for Debian, one for the FTP).
I try to minimize the surface they control (beware of blind CHOWN/CHMOD command lines found on Internet), same for OS, there is no alternative source for applications, even for PHP8. I guess I am not very happy with Debian but I know it.
For some time it was hosted on a personal server at home, and I had even an email server (too complicated to setup and maintain). Now it is hosted on OVH.

sacrosanct · Answer

GitHub Pages allow for static hosting of plain HTML and a free custom domain. If you need security, lock down the GitHub account with 2FA.