Should I really run WordPress on a sensitive onion?

For high-threat-model deployments: no. Use static (Hugo/Jekyll). For lower-threat content with operator-convenience requirements: WordPress works if hardened properly.

Which plugins are safe?

None are categorically safe. Minimize plugin count. Audit each plugin's source. Keep them updated automatically.

Can I use WooCommerce on an onion?

Technically yes. Payment integrations need a Tor-routed path which complicates checkout flow. Most operators do not.

MariaDB or MySQL. Bind to unix socket. Standard configuration applies.

Tor Hosting

WordPress on a Tor Onion Address

WordPress on a Tor-only onion is the highest-risk configuration in this catalog because WordPress carries a substantial vulnerability surface. We still support it because the editor UX is irreplaceable for many publishers. Our setup minimizes the attack surface: PHP-FPM on unix socket, wp-admin IP-restricted to localhost (accessed via SSH-over-Tor port forward), file-system writes locked down, automatic core updates enabled.

Need this done for your project?

We implement, you ship. Async, documented, done in days.

Start a Brief

Attack Surface Reality

WordPress + plugins + PHP + MySQL is a deep stack. Most plugin vulnerabilities have public exploits within days of disclosure. For a .onion site this still matters because exploitation can lead to deanonymization (the attacker plants code that makes outbound clearnet connections from the server).

Mitigation: minimal plugin footprint, no plugin without active maintenance, outbound network blocked except to Tor.

Network Lockdown

iptables OUTPUT chain by default DROP except connections to the Tor SOCKS port. If WordPress code attempts to phone home it fails. This is the single most important hardening step for onion WordPress.

wp-admin via SSH-over-Tor Port Forward

Restrict wp-admin to 127.0.0.1 in nginx. Access wp-admin by SSH-over-Tor port forward: ssh -L 8080:127.0.0.1:80 root@onion-ssh. Then browse http://localhost:8080/wp-admin/. This denies the entire internet (Tor or clearnet) any path to wp-admin.

Crypto Billing

BTC and XMR.

Related Services

Offshore VPS from $17.90/mo Dedicated Servers DevOps Services

Why Anubiz Host

100% async — no calls, no meetings

Delivered in days, not weeks

Full documentation included

Production-grade from day one

Security-first approach

Post-delivery support included

Bulletproof Hosting Providers

DMCA-Ignored Servers

Offshore VPS Hosting

Anonymous Hosting Solutions

Ready to get started?

Skip the research. Tell us what you need, and we'll scope it, implement it, and hand it back — fully documented and production-ready.

Start a Brief Browse WordPress Onion VPS