// 01
Security
The most common WordPress attack vectors — SQL injection, plugin remote code execution, brute-forced wp-login, supply-chain compromise via auto-update — physically cannot exist on a static site, because the moving parts they target aren't there. The site is a set of pre-rendered HTML, CSS and JavaScript files. There's no admin panel for an attacker to break into and no plugin vulnerability list to monitor.