WP vs. Static Websites: Security Issues?

16 replies
Hi folks.

I understand the basics of web development and I'm still learning the ropes of internet marketing.

I was looking through some threads the other day and noticed a post by a guy who recommended the OP in that thread to consider using static websites because of security issues like XSS and SQL injection.

I can see why static sites would be easy to maintain since they are only CSS, JS, and HTML. I've come across some open source static site generators online that look fairly easy to use. Nanoc and Middleman just to name two.

So the question is:
Have any of you switched back to static sites after using WP?
Do static sites still rank when competing with WP sites?
#issues #security #static #websites
  • Profile picture of the author electrobooks
    Hi,

    Static sites can still be hacked, it just depends on how determined the hacker is.
    WP is hacked so often because its open source. Hackers know every inch of its code just as much as its developers do. All too often its the plugins that open a huge hole in a persons site and not the base code of WP itself.

    Facebook is rarely in the limelight for being hacked and this is because nobody outside of their development team know the code. Knowledge is power and all that.
    {{ DiscussionBoard.errors[6196239].message }}
  • Profile picture of the author Nochek
    Wordpress, being used by millions of people and being breached by thousands daily, is a large, complex system that will only continue developing more back doors the more you use it.

    However, as long as you don't use unknown mods and widgets in it (ie, make them yourself or read through all the source to know what it does) and you keep it up to date, its fairly secure.

    If you plan on having input forms, running databases, using random frameworks and throwing out emails at random then you can always third party all your work (off your webserver) as other companies often spend large amounts of money and charge you very little to make sure your systems aren't abused. Otherwise, learn security well and just do it all yourself.


    Obviously, straight HTML5 websites would seem to be the most secure, but as long as someone has access, where there is a will there is a way.
    Signature
    Nochek Solutions Presents:
    The Hydrurga WSO - Rank Your Site #1 And Score Over The Penguin Updates!
    {{ DiscussionBoard.errors[6196937].message }}
  • Profile picture of the author try_hard_samurai
    Thanks for the info guys!
    {{ DiscussionBoard.errors[6201727].message }}
  • Profile picture of the author lordspace
    if you use just static content then it would be really hard to be hard using some script hacks however it almost impossible nowadays to live without any dynamic content... this could be contact forms, search functionality etc. so a site could be static but other portion of the site could be vulnerable. Additionally, if your hosting provider doesn't use any secure mechanisms ... nothing is 100% secure.
    Signature

    Are you using WordPress? Have you tried qSandbox yet?

    {{ DiscussionBoard.errors[6204368].message }}
  • Profile picture of the author andersvinther
    I don't think there is any difference whatsoever in terms of ranking between using a html only site or WordPress or any other web site building software...

    Google doesn't care how you've built what you've built... only what you're presenting...
    Signature

    Visit WordPress Security Checklist for a FREE comprehensive guide on improving your security.

    Visit Easy-Email for the solution to all your email problems.

    {{ DiscussionBoard.errors[6233099].message }}
  • Profile picture of the author ivankristianto
    It depends on how dynamic your site is.
    If you are planning to have a website that have a lot of content, then static website would make pain in the ass.
    But if you only host 2-3 pages at most, then you should go to static website.
    i agree andersvinther, google doesn't care what is your platform, it only see the html code behind it.
    So if you are planning to make it static website, make sure that you follow all the seo guidelines as wordpress already done by the core.
    {{ DiscussionBoard.errors[6234205].message }}
  • Profile picture of the author so11
    Hello,

    Static sites and WP sites are very different in terms of covering completely different needs.

    Both of these solutions can be very secure if done properly.
    The fact that WP is open source does not make it weaker, completely opposite, it makes it much more secure, because every line of code is reviewed by security experts.

    The reason Websites get hacked is improper coding, misconfiguration, bad scripts and plugins, tests in production environments, installation without proper tests, etc.

    So, which ever you go with static or WP, use good security practices and audit your sites frequently.

    regards,

    So11
    Signature
    www.groupesoloviev.com
    We help businesses manage cyber risk and compliance requirements.
    {{ DiscussionBoard.errors[6334902].message }}
  • Profile picture of the author EndTheTrendNow
    As long as you keep up with wordpress updates and don't add any weird widgets, the wordpress website are going to be just fine. Hackers will be able to hack just about anything given the right motivation and time.
    Signature

    Carpe Diem EndTheTrendNow.com
    Check out SEOBloggerBook for SEO tips.
    Check out AntiqueOutings.com for Antique Tips
    Check out MiniatureReview.blogspot.com for Gaming with miniatures.

    {{ DiscussionBoard.errors[6382344].message }}
  • Profile picture of the author dreamtech
    Static sites can still be hacked, it depends on how good your server is but possibility of wp site getting hacked is more as its open source
    {{ DiscussionBoard.errors[6383087].message }}
    • Profile picture of the author so11
      Originally Posted by dreamtech View Post

      Static sites can still be hacked, it depends on how good your server is but possibility of wp site getting hacked is more as its open source
      Hello,

      This is not true at all...The fact that the code is open has nothing to do with hacks.

      Open source software is proven to be more robust in terms of security compared to proprietary software. Why? because the actual community of specialist review the code to make sure that its bug free.

      Please check my earlier post on this thread for actual reasons why WP sites get hacked.

      Regards,
      Signature
      www.groupesoloviev.com
      We help businesses manage cyber risk and compliance requirements.
      {{ DiscussionBoard.errors[6384737].message }}
  • Short answer: YES I've switched back to static sites after using WP.

    Longer answer:

    I've stayed away from WP sites for many years as I think they are ugly, and for the most part, a headache to maintain. (for security reasons you need to update this, update that, and God forbid you have a few plugins running, for which you then have to update those too). Even with the best looking templates... err themes, they are still ugly, and most look like every other site. Did I mention that they are ugly? This year I thought I'd finally try a site on a WP platform, and installed it just because a friend sells come really cool (and not so ugly looking) functional WP themes. But I can see that was a waste of time as my WP dislike was confirmed with all the stupid spamming comments, the spammy sign ups, the glitches, and the updates, and so from here on all our mini sites will be once again in html css.
    Signature
    Arnold Stolting - Stolting Media Group
    "I LOVE The Song! The Vibe Is Positive And Firm!" - Kymani Marley. (Son of Bob Marley)
    "Keep Up The Good Work!" Tony Lindsay - Lead Vocalist, Carlos Santana.

    "Very High Quality!" Jeremy Harding - Manager / Producer. Sean Paul.
    "They Are FANTASTIC!" - Willie Crawford.

    {{ DiscussionBoard.errors[6384931].message }}
    • Profile picture of the author dconjar
      Originally Posted by stoltingmediagroup View Post

      Even with the best looking templates... err themes, they are still ugly, and most look like every other site. Did I mention that they are ugly?
      You do realize that a WordPress theme is just a collection of template files, and you can make it look exactly the same as any static website, ever, right?

      And it's really not hard to do, if you spend some time looking over the codex and becoming familiar with the template hierarchy and functions and whatnot.

      I love WordPress. I have installations still running v1. Never been hacked.

      Joomla is another issue entirely. Several of my old installations have been hacked. And occasionally the database just stops functioning. Never had these problems with WordPress.

      Of course static HTML is safer. There's no database, so you can't SQL inject it. It's safe on a server somewhere.

      But static HTML is incredibly limiting. Try running a large website or blog without a CMS. What an enormous waste of time it would be.

      Even for a small blog, you save a lot of time going with WordPress or another decent CMS / blogging platform.
      {{ DiscussionBoard.errors[6386506].message }}
  • Static web sites have a greater risk for attacks. As few people are developing it, the probability of code issues and vulnerabilities are high. But WP is open source and visible and developed by several people. So many bugs are fixed and being fixing.
    Signature
    {{ DiscussionBoard.errors[6395178].message }}
    • Profile picture of the author dconjar
      Originally Posted by System Wide Solutions View Post

      Static web sites have a greater risk for attacks. As few people are developing it, the probability of code issues and vulnerabilities are high. But WP is open source and visible and developed by several people. So many bugs are fixed and being fixing.
      Um, no. Open source applications are arguably more secure than closed source applications for that reason. Static websites are not closed source, and they're not applications.

      They don't have a database, so there's nothing to *hack* but the box itself. And that server is no more likely to get hacked if it hosts a static website than if it hosts a dynamic website like WordPress.
      {{ DiscussionBoard.errors[6395329].message }}
  • Profile picture of the author clou
    Static websites can be cloned and copied easily.
    {{ DiscussionBoard.errors[6395186].message }}
  • Profile picture of the author JezWebb
    WordPress and other dynamic solutions get attacked by hackers as they are popular and easy to identify. It's a sad fact that hacking is a fact of life now, and much hacking is subtle - rather than defacing a site, hackers place hidden links or malware.

    Static HTML is a safer bet because the exploits are harder to execute and rely on an insecure server. Most hosts tighten their servers sufficiently to make it far easier to exploit dynamic sites which are abundant and have many more attack options.
    Signature

    Web strategist and adventurer. Director of Search Engine Friendly Hosting. ---Fast, affordable, feature packed hosting from £1.97. --- Search Engine Friendly Web Hosting

    [VIDEO] How to set up a WordPress blog in under 10 minutes.

    {{ DiscussionBoard.errors[6412093].message }}

Trending Topics