WordPress is one of the most popular Content Management Systems out there, thanks to its dynamic functionality, extensive community and ecosystem, Open Source nature, and user-friendliness. However, some of what makes WordPress so powerful is also the cause of some of its weaknesses, especially in relation to performance, site speed, and security.
Content management systems depend on databases for storing, retrieving and querying content. This is extremely useful. However, querying the database can lead to slow load time, and can put too much of a strain on servers. In addition, the database is where over 90% of website hacks happen.
Static – it does not mean what you think it means
Because the database is a targeted attack surface, many website owners and developers are increasingly considering giving their site the static treatment. A static website does not have a database, and therefore is faster and more secure than a traditional dynamic website.
Let’s explore why having a static site for WordPress can help your business and let you sleep better at night.
1. Instant security
Static sites by their very nature do not have databases. This means there’s no database to hack. The vast majority of hacks happen through the database, so by removing it from the equation this also removes vulnerabilities such as SQL injections (SQLi), and Cross-site Scripting (XSS). Most attackers target websites that are built with the most popular Open Source software – since once they find a vulnerability, they can scale their attack across all the sites running on that software. By having a static site, you are removing 99.999% of your attack surface, thereby majorly limiting the chances of getting hacked.
2. Faster page speed
As mentioned above, pre-rendered static web pages load much faster than pages on a dynamic site. These static pages are performing the same function as a caching plugin, essentially becoming the ultimate cache (buhbye caching plugins). Fast websites are really important for a good user experience, and also for boosting your site in search engine rankings.
3. No maintenance required
If you have a static version of your site you don’t need to update any software or plugins to keep your site secure and performant. Having outdated software is one of the leading causes of sites getting hacked.
4. Save money on optimization
To compensate for WordPress’ speed and security disadvantages, site owners are likely to spend hundreds to thousands of dollars to make sure their site has optimal performance. The problem is that implementing these techniques can end up being quite time-consuming and expensive, and are generally ongoing. With a static site, many of those optimizations are already taken care of for you.
Because dynamic websites have to process content and query the database in order to render pages, they use a lot of server resources. As a result, a spike in traffic can overload the server and cause the site to slow to a painful crawl, or crash. Since there are no dynamic scripts running on a static site, and every page is pre-rendered, your site is less likely to go down when there’s a traffic spike.
6. Peace of Mind
You can rest easy at night knowing that your static website won’t go down or get hacked.
7. Carbon footprint
Dynamic sites use a lot of resources to process information, especially when you have a good amount of traffic. Static sites cut down on the energy required needed to power your site, which in turn cuts down on the number of servers needed to power those sites. The Guardian says “it is worth considering that data centres are set to soon have a bigger carbon footprint than the entire aviation industry.” Gasp!
So, what’s the catch?
Static sites have many benefits, but there are some tradeoffs. For example, some common dynamic website functionality such as search forms, contact forms, and comment forms require communicating with a database.
However, you can find third-party solutions, i.e. Disqus for comments, Swiftype or Algolia for search, Google Forms, Hubspot, Wufoo, etc. for contact forms, but this can be kind of complicated to implement. Or you can use all-in-one platforms like Strattic that convert WordPress to a static site and provides built-in solutions for search and contact forms.
How to make your WordPress site static
There are a few ways to make your site static.
- You can ditch WordPress and go with a static generator tool like Jekyll or Hugo, but then you’d miss out on all the great features that WordPress offers. We did a full review of the pros and cons.
- You can use a WordPress plugin like Simply Static, but there are some inconveniences and limitations you should consider first.
- You can use an all-in-one platform with built-in solutions, like Strattic (shameless plug), that generates a static version of your WordPress site and lets you continue to use WordPress as usual.
Is it really necessary?
WordPress sites have database-related security and speed disadvantages that can be rectified by having a static site, but It often feels like the path of less resistance is to say “when something goes wrong I’ll figure it out then”.
However, depending on how important your website is to you or your business, you may not have the luxury to risk your site going down or not being optimized properly.
Tags: security, speed, static websites, WordPress