An important point in the Handy Pushixels Manifiesto is security and it is the reason why we often recommend certain architectural models over others. This time we will look at why a static website set up is one of the top suggestions we provide to clients with CMS powered brochure and blog type of sites.
Let’s start by clarifying the difference between a ‘regular’ CMS site like a WordPress blog for example and a static version of the same site.
When the browser loads…
| A regular WP site does all this: | A static version of the WP site does this: |
| Goes to the database to get the content Goes to the asset folder to get images Runs PHP code to render page |
Displays pre-rendered page |
Given that static sites do not really have code and databases running in production, the likelihood of an attack reaching the site is minimal. We have managed servers with thousands of sites and have seen all kinds of things attacking, the risk is real. WordPress in particular is the most vulnerable being open source and popular enough for people to deploy large scale bots that don’t even know what they are destroying, they just try all the things when they find a site that looks like WP.
Another benefit is that the static version is a “snapshot” that has been previously created, so it loads super fast. Loading speed is an important SEO indicator because of the evidence behind speed leading to better user experiences. Did you know that in large ecommerce websites like Walmart and Amazon a 1 second delay = thousands and even billions in losses? CDNs and other caching solutions have been implemented in regular sites for a while in order to optimize the speed and follow a similar concept. The only difference is that the entire page is pre-made on a static site as opposed to a piece of the site that was resource intensive being remembered for next time.
It is so much easier to host a static site in terms of resources that a lot of sites may even get away with the free hosting plans in Amazon, Azure, Netlify and similar services. If you have larger traffic volumes we recommend ….which is still a lot cheaper thanks to going static.
In conclusion, statics sites are safer, faster ->convert better, and save you $ on hosting. But there is something that will need to be adapted…Remember there is no PHP code so all your server side dynamic actions need to be migrated to front end services. It is worth mentioning that the internet as a whole is trending towards Javascript-API-Markup stacks and this is not a defect with a hack. The web keeps changing and as it gets bigger and heavier the perspectives of what used to be a no-no are now aligned with front end coding like React and Node JS. In the future even WP may go ‘serverles’ ¯\_(ツ)_/¯
Options to go static
- Build from the ground up with the JAM stack – since this requires more development it would make sense for apps requiring a lot of customization and large sites. Using Gatsby for example you could have users edit markup files to manage content or configure a headless WP site to grab the content.
- Build in the CMS and export to static – This option would be relatively easy to apply for many sites. The usual migrations necessary may be contact forms and comments which have plenty of front-end and 3rd party service options. The trickier ones are membership sites and ecommerce sites, we have other security suggestions for that….
