All too often I see sites being created and deployed with a WordPress or Drupal backend, only to be attacked later due to no upkeep by the server admin or person managing the website. Although, it is much easier nowadays to build and deploy a websites, most of these sites will get little to zero attention for maintenance of the course of their lifetime.
These platforms require more attention than static sites because they have more attack vectors. Under a typical install the following usually will occur: Install WordPress, install a few plugins, and install a WordPress theme. Of course, don’t forget about the database and the credentials that go along with that.
It is important to note that this is not because these platforms are not well built, quite the opposite. In fact these platforms such as WordPress are powerful, have a high degree of extensiblility and are easy to quickly get a website up and running. It is during this “ease” that we forget we must update the software too.
Many times the plugin has a vulnerability in it that is no longer being updated and the site will get hacked or the WordPress software itself is out of date. Another problem besides attack vectors is if you do update your WordPress site you have a strong possibility of breaking features based on the compatibility of the latest version of WordPress and the different plugins. This could be a big problem for websites that have many plugins.
Here are some reasons why you should go with a CMS vs Static website.
Valid Reasons to use: Dynamic CMS (WordPress or Drupal)
- The website content is changing a lot
- Website content is being added by someone who does not know how to code
- There is an approval draft, review, publish workflow
Issues to think about:
- Needs tender, love and care
- More attack vectors such as CMS, Database, plugins and web server
Valid Reasons to use: Static (no CMS)
- The website is not updated often a few times a year
- The user is able to modify the website using the html editor no fancy drag n drop requirements are needed.
- Serves files like html, css, pdfs and images
Issues to think about:
- Need HTML editor or can be as simple as notepad
- May require ability to ftp files up to the server
- Less attack vectors just webserver all other content is html and images no database