With all of the recent talk about CMS security, it shouldn’t surprise anyone that there’s a lot of discussion—and debate—about the resurgence of static websites.
While it may sound like 1999 again, today, technology allows static websites to exist while still enabling marketers the control and flexibility they need to impact changes to their website instantly. And for marketers and IT professionals together, the benefits of publishing static websites may outweigh any potential drawbacks of this solution.
But is a static website right for your organization?
First, let’s review what static versus dynamic really means when it comes to web pages. To give a quick and simple explanation: Web pages are driven by HTML (along with other libraries like CSS, JavaScript, etc.), which is code that tells browsers how they should render pages. HTML code, along with other front-end code, is almost always interpreted by the web browser, or client.
Kicking It Old School: HTML Pages
Back in the day, web pages were edited by individuals using tools designed to make HTML editing easier, such as Dreamweaver or GoLive (now I’m really dating myself!). When a designer or developer took HTML files, downloaded and amended them, and uploaded them back to a server, they were uploading flat files, which in turn were distributed by the server to end users in a static fashion.
This was, in a lot of ways, inconvenient. However, it was also simple and safe, and website performance was never really much of an issue. After all, the server wasn’t particularly taxed sending out a simple HTML file and some accompanying images.
The New Wave: Dynamic Pages
Sometime in the early to mid-1990s, along came the content management system, or CMS. This is where things got a bit more complicated.
You see, in order to make a piece of software that would serve a variety of purposes, it had to be general enough to handle many different scenarios. This meant the software had to be “dynamic” and able to generate many pages on the fly based on user request.
To do this, CMS systems store many pieces of content in a database, and the pages are generated on the fly when a user requests them. The system has a variety of “templates” in use and, based on how it is configured, populates the content in its database to page templates for display to the end user.
This sounds all well and good, and for the majority of the Internet, it works very well. However, this has ushered in a new set of problems.
The Times, They’re Still A-Changin’
Because these CMS systems are so complex and require so much software to run, they are vulnerable to attack or infiltration by those looking to maliciously compromise websites.
The most popular CMS on the Web today is WordPress, but most users don’t know that there are over 5,200 known vulnerabilities to the WordPress platform. Other systems are available such as Drupal, Joomla, and SiteCore (to name a few), but each has its limitations because of the core philosophy on which they are built.
To be more specific, for these systems to function properly, they have to tightly integrate the administrative functions—where the site is controlled—with the end-user, front-end experience. This means that the codebase for the front-end and back-end are unified, which also means if a bad actor accesses either end maliciously, the other end is accessible.
Because of this layout, many organizations have a difficult task to balance: the needs of their marketing or sales teams versus the security their organization requires.
The perfect solution is a CMS that deploys to a static environment. Unfortunately, today’s CMS platforms are not built natively to handle this. There are various plugins and outside services that are attempting to extend them to handle this functionality, but thus far are not succeeding in any impactful way.
The future of the CMS platform is the separation of the administrative portal from the front-end experience. This is known as headless or decoupled architecture. Static website delivery is one possible way to create this separation.
But what benefits do static websites offer? It turns out, quite a few.
The Pros of Publishing a Static Website
1. Improved Security
Static websites can be deployed far from the administrative portal. This means you can take steps to protect access to your admin portal behind your own network using firewalling or other restricted access methods.
For hosting your website, you can opt for services that don’t allow insecure access to your server, such as SFTP. In fact, you can utilize modern-day solutions such as Amazon S3 or other content delivery networks (CDNs), which make your task of hosting the website even cheaper and easier. These systems are secured to enterprise levels and beyond, meaning your front-end site can be protected from the most common hacks—and most of the sophisticated ones.
2. Improved Site Performance
Static sites are, as previous mentioned, comprised of HTML code, so there is no need for server processing or compilation of data. The server simply needs to relay the already assembled code to the client. Because of this, the majority of processing effort is already completed before the user sees the page.
Speedy content delivery on sites that are driven by a coupled CMS is notoriously difficult. You can try to cache the content, which is doable via plugins for many CMS platforms, but it can prove tricky to configure just right.
Because HTML files don’t require sophisticated server-side software, you can host them, as mentioned before, on third-party content delivery networks. This means that you can make use of their backbone, which is built specifically for speed and performance. Web pages and associated graphics will load faster than on a traditional, coupled CMS platform.
You can also load balance, or cluster resources. With decoupled platforms and CDN technology combined, your site can literally be served from tens of thousands of servers in a matter of minutes with no further work required from you.
3. Smaller Technology Footprint
Because of the limited amount of software needed, you have a much smaller technology footprint when you publish a static website. This means less downtime and a smaller margin of error.
If a coupled CMS is running, you’ll need many pieces of software running at once, including databases such as MySQL, MongoDB, or Microsoft SQL Server. You’ll need scripting software such as PHP or ASP. And you’ll need web servers such as Apache or IIS.
Alternatively, by running your site from a service such as Amazon’s S3, you’ll have virtually no software to manage yourself. This means less monitoring and less hassle in terms of worrying about software updates, security issues, or downtime due to a variety of factors.
4. Lower Costs for Hosting and Support
Typically, a standalone server running an integrated CMS will cost you in the neighborhood of $500 and up. Figure about $100 for the server and maybe $400 or more for server uptime maintenance and support.
By using S3 or a CDN, on the other hand, you can cut many of those ongoing hosting costs by a factor of more than 90%, depending on your bandwidth needs. This is a major ongoing benefit.
So back to the original question of this article: Should your CMS publish static websites?
With all of these aforementioned benefits, there will always be a place for dynamic websites. The static solution is not a perfect fit for everyone, admittedly. Sites that have a heavy dynamic component such as communities, search- or browsing-heavy sites, client portals, or other interactive properties will always do better with dynamic environments.
However, marketing-driven websites for security-conscious organizations will benefit greatly from the static approach. Giving marketing teams the freedom to change content as needed but providing the necessary security and peace of mind to system administrators is an important balance that gives the static, hosted CMS a leg up compared to their dynamic counterparts.
If you feel your company has a need for this particular balance—and if you want to prepare for the security dangers that the future holds—you should consider the static CMS option.