October 28, 2018
WordPress is one of the most popular Content Management Systems out there, thanks to its dynamic functionality, extensive community and ecosystem, Open Source nature, and user-friendliness. However, some of what makes WordPress so powerful is also the cause of some of its weaknesses, especially in relation to performance, site speed, and security.
Content management systems depend on databases for storing, retrieving and querying content. This is extremely useful. However, querying the database can lead to slow load time, and can put too much of a strain on servers. In addition, the database is where over 90% of website hacks happen.
Because the database is a targeted attack surface, many website owners and developers are increasingly considering giving their site the static treatment. A static website does not have a database, and therefore is faster and more secure than a traditional dynamic website.
Let’s explore why having a static site for WordPress can help your business and let you sleep better at night.
Static sites by their very nature do not have databases. This means there’s no database to hack. The vast majority of hacks happen through the database, so by removing it from the equation this also removes vulnerabilities such as SQL injections (SQLi), and Cross-site Scripting (XSS). Most attackers target websites that are built with the most popular Open Source software – since once they find a vulnerability, they can scale their attack across all the sites running on that software. By having a static site, you are removing 99.999% of your attack surface, thereby majorly limiting the chances of getting hacked.
As mentioned above, pre-rendered static web pages load much faster than pages on a dynamic site. These static pages are performing the same function as a caching plugin, essentially becoming the ultimate cache (buhbye caching plugins). Fast websites are really important for a good user experience, and also for boosting your site in search engine rankings.
If you have a static version of your site you don’t need to update any software or plugins to keep your site secure and performant. Having outdated software is one of the leading causes of sites getting hacked.
To compensate for WordPress’ speed and security disadvantages, site owners are likely to spend hundreds to thousands of dollars to make sure their site has optimal performance. The problem is that implementing these techniques can end up being quite time-consuming and expensive, and are generally ongoing. With a static site, many of those optimizations are already taken care of for you.
Because dynamic websites have to process content and query the database in order to render pages, they use a lot of server resources. As a result, a spike in traffic can overload the server and cause the site to slow to a painful crawl, or crash. Since there are no dynamic scripts running on a static site, and every page is pre-rendered, your site is less likely to go down when there’s a traffic spike.
You can rest easy at night knowing that your static website won’t go down or get hacked.
Dynamic sites use a lot of resources to process information, especially when you have a good amount of traffic. Static sites cut down on the energy required needed to power your site, which in turn cuts down on the number of servers needed to power those sites. The Guardian says “it is worth considering that data centres are set to soon have a bigger carbon footprint than the entire aviation industry.” Gasp!
Static sites have many benefits, but there are some tradeoffs. For example, some common dynamic WordPress or plugin functionality such as search, contact forms, and comments generally require communicating with a database.
To help with this we automatically incorporate Algolia search into all static sites as a replacement for native WordPress search. We also have a forms API that allow you to continue to use popular plugins like Gravity Forms or Contact Form 7. If you roll your own static WordPress solution you will need to address these issues.
A number of options for comments on static sites exist. Some of the most common ones we see are Disqus, Facebook Comments, GraphComment and Commento. You can read our documentation on how to setup comments on a static site to learn more about how some of these work.
There are a few ways to make your site static.
WordPress sites have database-related security and speed disadvantages that can be rectified by having a static site, but It often feels like the path of less resistance is to say “when something goes wrong I’ll figure it out then”.
However, depending on how important your website is to you or your business, you may not have the luxury to risk your site going down or not being optimized properly.
Product Manager at Strattic
Rebecca has been in a dedicated relationship with WordPress for over 15 years - one full of love, laughs, tears, growth and strong drinks. L'chaim!