paint-brush
jToday’s Web is Tediousby@denis_76136
140 reads

jToday’s Web is Tedious

by Denis KostrzewaMay 9th, 2018
Read on Terminal Reader
Read this story w/o Javascript
tldt arrow

Too Long; Didn't Read

It’s really easy to make your own site these days. Just watch a tutorial on youtube³ for 90 minutes, spend another 30 on setting things up and voila, you’re done. Easy Peasy. Alright dude, but where’s the catch?

Company Mentioned

Mention Thumbnail
featured image - jToday’s Web is Tedious
Denis Kostrzewa HackerNoon profile picture

Sleepy Panda. (Image by https://unsplash.com/@zuoanyixi)

Over 35%¹ out of about 1,860 billion websites² available on the internet is using either Wordpress, Joomla or Drupal what gives the number of 651 million websites.

It’s really easy to make your own site these days. Just watch a tutorial on youtube³ for 90 minutes, spend another 30 on setting things up and voila, you’re done. Easy Peasy. Alright dude, but where’s the catch?

The Catch

For almost two years 2.8 million websites built on Joomla were susceptible to dangerous SQL injection. The bug has been patched by Joomla with 3.4.5 version⁴ 2 days after the release there was a step-by-step tutorial on youtube how to exploit Joomla >3.4.5.⁵ What if you didn’t update your website immediately after the release?

Based on research made by WP White Security⁶ around 73% of the most popular WordPress installations can be hacked. To find out which can be, you can use free automated tools.

Drupal also found its place in the ungrateful history of CMS exploits. According to Drupal announcement from 29th October 2014: “You should proceed under the assumption that every Drupal 7 website was compromised unless updated or patched before Oct 15th, 11 pm UTC, that is 7 hours after the announcement.”⁷ What if you didn’t act that fast?

Taking into account all of the above factors you should always update your CMS to sleep peacefully. Sounds pretty exhaustive, especially if you’re using a plethora of add-ons. Well, chances are you’re using a plethora of add-ons.⁸

Fortunately for people who don’t want to mess with all this updates stuff (like me and the rest of Bejamas team), there’re plenty of great Static Site Generator projects, which are, by the way. open-source.⁹

The Rise of Static Site Generators

Static Site Generators aka. Static Site Engines are definitely not an ephemeral novelty. They’ve been around quite a while, but nobody really paid attention to them as it takes place right now. The first known SSG is called tclog and has been written in Tcl/Tk. The first release took place in 2003. You can check this project out at https://web.archive.org/web/20060819194024/http://tclog.sourceforge.jp/

Source: http://wiki.tcl.tk/40380

The idea behind Static Site Engines is pretty simple, yet powerful: take dynamic content and build it into raw HTML/CSS/Javascript files, then deploy them as static files to the server. No server horsepower needed, what takes us to the first of many advantages of this approach.

Hosting Cost & Scaling

Hence the website is always completely built on your production machine when you use a Static Site Generator the only thing you have to pay for is basically the storage space. If you’re not tech savvy, please let me explain it to you shortly: When you build your website on a production machine and serve the raw files on your hosting they’re ready to view — basically nothing happens on the server-side. If someone’s visiting your website he’s seeing the files as they were built on your machine, nothing’s being built on the server.

How static site works?

Source: Bejamas resources

On the other side, things are getting a bit more sophisticated when you consider how a dynamic site, build on WordPress, Joomla etc. works. When a visitor hits your website the server-side script is being run. A server-side script’s querying one or many databases to get data (content), which have to be displayed to the visitor. Data is being passed to templating engine and templating engine sets up the HTML file which is then seen by the visitor. Now multiply that process by hundreds or thousands of visitors who have the interest to get your website’s content. Sounds laborious. Sounds pricey.

How dynamic site works?

Source: Bejamas resources

I think the conclusion here is plain and simple: going static means to be better prepared for handling large amounts of web traffic, as, comparing to dynamic websites, it consumes a small fraction of server horsepower.

Performance

In the age of impatience and information overload, each millisecond of your website loading time is literally equal to a certain amount of dollars. I’m dead serious. Based on research made by www.hobo-web.co.uk¹⁰ if your website is loading for 4 seconds or more it’ll cause more than 25% of visitors to abandon viewing it.

Source: https://www.hobo-web.co.uk/wp-content/uploads/Screenshot-2015-05-14-01.02.07.png

If you read my quick explanation above where I described the differences between hosting static site and dynamic one you probably can get to this conclusion yourself: static eats dynamic when it comes down to performance. Period. But wait! You won’t show us any research to make your thesis more credible!? Hey, of course, I do! Follow me.

At the end of 2016, https://gettingthingstech.com moved from their WordPress platform to Hugo. Part of their motivation was to improve the page load performance. They measured, of course, the page loading speed on WordPress and after moving to Hugo and made a great comparison.11 In this case, they’ve shortened the time server needs to send the HTML to the user from about 2.5 seconds to 0.3 seconds (it’s pretty tough to say precisely watching this chart, what you can say with no doubt though is that the difference is tremendous).

Source: https://gettingthingstech.com/hugo-vs.-wordpress-page-load-speed-comparison-hugo-leaves-wordpress-in-its-dust/

At the time they also changed their hosting provider, so it has an impact on the time as well.

Here another example of simple comparison between a static site generated with Jekyll and a WordPress one: https://bradonomics.com/jekyll-wordpress-speed/Loading time improved by about 164%.

Security

As I’ve already described in The Catch section of this post — you’re exposed to several threats if you’ll go with ‘the standard CMS way’. On the other side, what can possibly go wrong if you just serve flat HTML files with CSS and JavaScript? You don’t have any database which can be a victim of SQL injection. Everything’s static & safe so you don’t have to care much about the security of your website.

Auto-Backup & Version Control

Guess what you have to do to backup your WordPress site? Bingo! Install another add-on¹²

“Remember, keep at least three backups on file, just in case one is corrupted or lost, and store them in different places and on different mediums, like CD, DVD, different hard drives, etc.”

You have to remember to make the backup manually once in a while. If your database is full of statistics from WordPress plugins (because, as I wrote above, chances are your theme is packed with a hell lot of plugins) you’ve to choose only those tables which you want to backup. Well, that sounds like a lot of work. You can do all that, but you still don’t have control over each version of your site. To gain it you’ll have to backup your site each time you’re making changes. Have fun.

With the emergence of Git-based distributed revision control systems as f.e. Bitbucket or Github this is not an issue anymore. Each time you commit & push new changes to your site the previous version is backed up automatically! It takes literally one line of code in your terminal to get back to the previous version. How cool is that! And, just so you know, with Netlify¹³ and BitBucket¹⁴ it’s totally free.

Pros and cons

I’m not trying to say in this post that there are no pros of using WP/Joomla/Drupal or similar solutions. It’s obviously easier to set everything up, at least in the beginning, but you’ll probably struggle with this setup as you go further.

On the other side, if you want to go static and your website isn’t a one-page you’ll probably have to hire a professional who has the technical knowledge. You would have to do it anyway even with a WordPress site if you’re thinking seriously about it, wouldn’t you?

I just wanted to underline in this post that there are a lot better options available and, honestly, everyone suggests you WordPress because it’s the most popular, not the best, option.

Hey, hold on a second!

You didn’t mention anything about managing content or adding posts on a static site! Is it even possible?

Yup static site doesn’t mean static content. Read more about CMS + Static Site Generators setup in my next posts. Stay tuned!


Original post from https://bejamas.io/blog/web-is-tediousSubscribe for more!

Footnotes

  1. https://w3techs.com/technologies/overview/content_management/all
  2. http://www.internetlivestats.com/total-number-of-websites/
  3. https://www.youtube.com/watch?v=2cbvZf1jIJM
  4. https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
  5. https://www.youtube.com/watch?v=Ai3MmwQ7yIE
  6. https://www.wpwhitesecurity.com/wordpress-security-news-updates/statistics-70-percent-wordpress-installations-vulnerable/
  7. https://www.drupal.org/forum/newsletters/security-public-service-announcements/2014-10-29/drupal-core-highly-critical
  8. https://torquemag.io/2015/09/32-must-free-wordpress-plugins/
  9. https://www.staticgen.com/
  10. https://www.hobo-web.co.uk/your-website-design-should-load-in-4-seconds/
  11. https://gettingthingstech.com/hugo-vs.-wordpress-page-load-speed-comparison-hugo-leaves-wordpress-in-its-dust/
  12. https://codex.wordpress.org/WordPress_Backups
  13. https://www.netlify.com/features/
  14. http://bitbucket.com/