Can't have wordpress on my servers, any way to make it look like it is?

Thanks to both of you. I'll ask him again, but he's super security conscious and feels wordpress is too vulnerable to attacks.

but he's super security conscious and feels wordpress is too vulnerable to attacks.

He is right but I am not sure why that is relevant given the recommendation is to host WP elsewhere and simply point a sub-domain at the WP site - won't affect the security of the main site.

We already have that, I think... I've got mymysite.com, that's where the blog is. And blog.mysite.com is parked and pointed to that.

What my SEO team wants is mysite.com/blog. Not sure I can do that? Maybe I am missing something in the recommendation. Thanks.

I think education is the key (for the person that manages the server).  Yes, at one time WP sites had some issue, today they are fairly secure and probably more so than a home grown blog.  Where you will have potential security issues will be some plug ins.  Keep in mind that WP will use a different database and if there was a hack with an sql injection, it is only affecting the blog db.  If you are only using it for content, then you probably don't need plug-in's anyway.

There are also CMS systems that do not use a database and that will solve some security issues. Another option is to manage the WP blog in your sub domain but do not allow public access. Instead, use a plug in like simply static https://wordpress.org/plugins/simply-static/ to export your blog to static html and then upload it to your site.  You will be fine with updating this once a week.

If you really want something that can go live instantly, you may ask about using Drupal instead. It is supposed to be a little more secure.

You really don't hear about WP attacks like you used to though and that is due to improvements.

Scott, thanks very much!! I wish I could reorder the points for this question and award them all to you! Thanks for the extra information and advice!!

What my SEO team wants is mysite.com/blog

That you can't do.

With respect to Scott's posts - I agree in part - however I have to point out that WP does not stand on its own - it uses plugins and custom user code. You can make WP as tight as a drum and it still will never be secure because of those two items.

The databases may be split, however an SQL injection attack could give a hacker access to WP and allow them to install something that will give them greater access.

Bottom line - WP will always be vulnerable from a security perspective unless you have someone who knows what they are about administering it.

There is another reason for not allowing WP to run on the server - an issue I have run into frequently - performance. WP allows people to add all sorts of awesome functionality to their sites - which they do - without any idea or consideration for the load it is going to put on the server. WP is not the most efficient of frameworks out there - put enough plugins into it and hit it with enough requests and you can tax a server to the extent that anything else hosted on it is performance compromised. This is becoming less of a problem as partitioning and provision of resources is optimised in the virtual space but I can understand some of the old school thinking hanging around on this - and I do agree to a point.

I'm running into that very issue on a couple of websites I run. The owner wants lots of widgets and plugins, and the site's just painful. I suggested we move to wpengine, but he doesn't want to do that. I understand, as it's a LOT more money.

Test out the plug in that converts the site to static html and upload the static html to your live site. You can run the actual WP blog on your local computer if you like. If you do, I suggest placing it on a dropbox folder (or OneDrive or GoogleDrive) that way you get near instant back up.

Don't worry about points.  Thanks though!

running it now. :)