When the U.S. government launched aliens.gov as its official portal for UAP (Unidentified Anomalous Phenomena — the current official designation for what was previously called UFOs) disclosure, WordPress developers were among the first to take a close look under the hood. A Hacker News thread this week drew 43 comments and 31 points, with much of the discussion focused not on extraterrestrials but on the site’s CMS choice.
The site went live as part of the Trump administration’s push for greater UAP transparency. Commenters in the thread identified the platform through standard CMS fingerprinting — examining HTTP headers and page source, a routine step in both security auditing and general technical curiosity — and confirmed the site is running on WordPress Multisite.

WordPress Multisite is a built-in WordPress feature that allows a single installation to power multiple separate websites under one shared network, sharing a single database and file system while keeping each sub-site separately manageable. It is a common architecture for government agencies that need to manage several public-facing properties from a single codebase and administration panel, reducing overhead while keeping each site independently configurable.
The security implications were a recurring thread topic. Commenters noted that running a high-profile government site on a widely deployed open-source platform means any unpatched vulnerability in WordPress core, an installed plugin, or the server configuration becomes a publicly documented attack surface — one that bad actors can probe systematically across every known WordPress installation at once. Some users in the thread also raised questions about update cadence and whether government IT procurement processes move quickly enough to keep a live public site patched against newly disclosed vulnerabilities.
The real question isn’t whether WordPress is secure enough — it’s whether the team maintaining it will keep it updated and hardened properly.
Some commenters in the thread pointed to whitehouse.gov and other federal sites as prior examples of government WordPress deployments, though those claims were not independently verified within the thread itself. At the time of the Hacker News discussion, no specific vulnerabilities had been identified or reported, and aliens.gov remains live and publicly accessible on its WordPress Multisite network.