In case you may not have heard of Static Site Generators (SSGs), they offer a very cost effective (often free) way to create a website.
However, using SSGs introduces certain feature and security considerations.
Website hosting options
Hosting and creating a website is a complex job. Depending on how much you want your hosting (or other) vendor to take responsibility for, and the features you want, leads to some of the options below:
| Platform | Example | Benefits | Limitations |
|---|---|---|---|
| Fully managed | SquareSpace | Minimal friction, click to launch, managed security | Inflexible, relatively expensive |
| Standard Hosting | hosted Wordpress | inexpensive, well supported, customisable | large attack surface, (relatively) high resource usage |
| Static hosting | Github Pages | Free, fast performance | No active content, writing uses developer workflow |
In effect, a managed offering gives a turn key solution that is expected to just work. Using a standard shared or dedicated hosting offers complete customisation, while static hosting offers none of the custom content creation or shopping cart features but is widely available for free.
Feature considerations
Fully managed offerings are attractive if you want to spend minimal effort on setting up your site and don't mind their added costs.
A standard platform like Wordpress is a good choice if you're happy to hire a developer to customise it to your needs and maintain it. As a full web server with active code and a database, such sites present a large attack surface as befits their fully customisable feature set.
Static site generation is deceptively simple, as it nothing more than writing pages in Markdown (or similar) and pushing the changes to your Git repository (whether on Github, Gitlab or elsewhere). Repo actions or hooks then build the site automatically. Usually the most time consuming action is choosing which SSG to use (Gatsby, MkDocs, Docusaurus, etc).
Static Sites summary
While not a good fit for every use case, static sites have several distinct advantages:
The absence of any database or active content makes these sites not susceptible to several web application vulnerabilities:
- There can be no SQL injection if there is no database of any sort in the first place.
- The entire site is a Git repository, making backup trivially easy.
- For the same reason, restore to any point in time is straightforward.