Much of the web these days (>26%) is built on WordPress. Its popularity is likely based around a few reasons:
- Its usage of common server software: PHP and MySQL. Any server (even Windows!) can run a PHP/MySQL site. Most popular blogging and forums software have this in common.
- Many shared hosting providers have 1-click setups.
- There are masses of plugins/themes.
WordPress (and most other CMS like Drupal/Joomla) have security vulnerability being discovered every few weeks!). WordPress took things seriously a little while ago where they enabled automated patching. Now your Wordpress install can patch itself. A really good idea that I’m sure has prevented many hacks. Even before WordPress made patching automated, the update process was pretty good. You logged in to the web interface, and clicked a single button. Drupal on the other hand, is a mess when it comes to updates. Updating requires SSH’ing to the server and either copying files over, or running a CLI (Drush) to do it. You then have to log in to the web interface to trigger the upgrade. Another thing WordPress gets right is backwards compatibility. You can update an old instance forever. Drupal on the other hand makes updating between major versions a very difficult process, which will likely cause plugins or themes to stop working, and you can’t easily test this. It’s the old school ‘put up a maintenance page and hope for the best.’ Because of this, the vast majority of Drupal installations are on old versions.
Many sites don’t really need a full CMS. It’s understandable if you have a complicated blog, but many people use wordpress to host a simple static page, just because it’s so easy. The low upfront cost comes at a price: Performance is much, much worse, and the CMS requires maintenance. In come the static site generators! Over the weekend I decided to play around with Hugo. It’s surprisingly easy to get something going. Rather than rely on a CMS like WordPress or Drupal, with Hugo, you build your website in code, and convert it into static HTML files. Then you just need to copy the HTML files over to your server. No PHP, no apache configuration, and no database. If your website is just a bunch of HTML files, you can’t really have a security vulnerability. (You obviously still have to patch the server, but your app is safe).
But running Hugo, and then copying over HTML files to your server doesn’t sound like fun, especially if you’re iterating quickly. In come the static website hosts. They’re designed to only host static websites. They don’t need PHP/MySQL, and can easily cache the whole site. My favourite is netlify. I have the code for my homepage sitting in a private GitLab repository, and I have my Netlify account configured to automatically grab the code in my repository, build, and deploy it. So once I’ve made the changes I want on my desktop (and commited to the local git repo), I just type
git push to deploy it to www.awill.me.
It’s pretty incredible that both gitlab.com and netlify.com are free.