Static sites give you speed and security but aren’t for everybody
A static site is the information/data is contained within the HTML, as opposed to a database.
Most websites used to be static, and if a client wanted revisions to something like wording, they would send the changes over to the developer. The developer would then change the wording in an HTML file and upload it to the server, replacing the existing file. Understandably, this would usually involve a small fee.
Then came the dawn of the content management system (CMS) and the juggernaut that is WordPress. Of course, developing a WordPress site is more complicated and labour intensive than developing a static site, but it enables clients to update content on their website independently.
Additionally, WordPress opened up an almost limitless trove of extendibility in the form of plugins. Plugins enable new functionality which would previously have required extensive bespoke development.
But this revolution brought with it some considerable drawbacks.
WordPress powers around 40% of all websites. That makes it a massive target for so-called bad actors, hackers looking to steal, break, and disrupt. At a minimum, WordPress and any installed plugins need to be updated frequently as new vulnerabilities are discovered. In addition, larger sites and those containing sensitive data are wise to adopt further measures such as two-factor authentication, forced password strength, and brute force protection.
Static Site Security
Static sites don’t have a database. There’s no admin area to log in to, and there’s no PHP that can execute commands on the server. Unlike WordPress sites, little or no maintenance is required as there is no CMS or plugins to keep up to date.
These advantages make static sites significantly more secure.
WordPress sites can be sluggish. Even a well-optimised WordPress site will always be slower than a static site because when you load up a WordPress site, the server must ask the database questions to construct the page. There could be dozens or potentially hundreds of questions.
Slow sites are bad for user experience, and SEO as search engines like Google prefer to serve fast pages.
Static site speed
Generally speaking, though, static sites are blazingly fast compared to their WordPress counterparts.
We recently made our Creative Chair project into a static site. The homepage of Creative Chair required hundreds of database queries and took 5+ seconds to load. That was getting a tiny bit worse with each new post we added. Now that the site is static, the site loads in an instant.
Static site generation
It is possible to have the best of both worlds. There are multiple ways that WordPress can be used as a content management system which then generates a static version of the website.
Additional speed and security are always good, so why isn’t everybody using static site generation with a WordPress site?
Static site limitations
Many WordPress sites have functionality where the existence of a database is essential. For example, an eCommerce site needs to read the database to check if a product is in stock and write to the database when a customer places an order.
Common site features like contact forms and post comments also require a database. However, several static generators can accommodate this functionality by enabling the static site version of the site to communicate with the original WordPress database. There are also third-party solutions like Disqus and JotForm, which can be embedded to handle comments and forms respectively.
Search functionality is also possible via an alternative (non-database) method.
That might sound like a hefty disadvantage, and it certainly rules out static for more complex sites, but most for most WordPress websites, contact forms, comments, and search covers everything that the site needs to do.
So, we’ve still got a large proportion of WordPress sites that would benefit from and are suitable for static. However, there is another consideration.
Static generation can be complicated.
There are multiple ways to use WordPress as a CMS but serve users a static version of your site. I put these into three categories:
- Headless: Solutions like Gatsby use a React-based framework to display static content generated via the WordPress API. This solution offers the most flexibility but requires skilled developers.
- Plugins: Plugins like Simply Static generate a static version of the site from the WordPress admin area. You don’t necessarily need a developer to set it up. Still, technical competency is certainly required, especially if you want to host your static site on a different server to your WordPress site.
- All in one: Services like Strattic host both the WordPress and static version of the site. It works well and is exceptionally user-friendly. However, as it’s an all-in-one solution, there are limitations, and the pricing is eye-watering compared to hosting alone.
We all want speed. We all want security. But in many cases, the limitations, the complexities, and the costs will outweigh the benefits for the typical site owner.