[ikk157]

Advantage of static
-hacker proof
-faster load

Disadvantage
-harder editing . One line of edit need whole recompile

For me i still prefer dynamic one . I still use php formy website and app backend

I don’t see how a static website would be, as you describe it, “hacker proof”. Can you please elaborate on that?

And as far as I’m aware, websites aren’t like programs... you don’t compile them! Correct me if I’m wrong.

[humanpuff69]

I don’t see how a static website would be, as you describe it, “hacker proof”. Can you please elaborate on that?

And as far as I’m aware, websites aren’t like programs... you don’t compile them! Correct me if I’m wrong.

it isnt totally hacker proof but it is much secure than dynamic one . no SQL injection and any kind of that thing in static website . the fact that there is no PHP or equivalent server side scripting in static website does make it much secure like those old static website that consist all html

for example when you open .php?id=' on dynamic it will cause mysql error but on static opening similar thing like /article/69 that doesnt exist simply says 404 not found and there is no server side programming logic on it . it just opening files instead of processing with mysql or any that can cause sql injection or that sort of thing

[Sn1F3rt]

To a certain extent I do agree with @humanpuff69, regarding dynamic websites bring a little more prone to hackers than static ones. However, I'd like to mention one thing in this regard - that it depends to a huge extent on how you've made the website. In some cases, dynamic ones can be made more secure, and this is totally up to the creator of the website.

Yeah, SQL Injection and such sort of things tend to affect dynamic websites, especially when unencrypted databases are there. For even encrypted ones, that's brute force which plays the important role. Take for example, CMSes. At most you could mess around with the admin pages, hide them, change the access URL, use thousands of plugins, but you can't completely secure it. Some loopholes do exist whatever measure you take, and that's why hackers exist even today, with so high-tech security being developed nowadays.

In short, nothing is 100% secure, however, safety measures and precautions can be taken but that's solely up to the discretion of the maker.

Regards,

[humanpuff69]

To a certain extent I do agree with @humanpuff69, regarding dynamic websites bring a little more prone to hackers than static ones. However, I'd like to mention one thing in this regard - that it depends to a huge extent on how you've made the website. In some cases, dynamic ones can be made more secure, and this is totally up to the creator of the website.

Yeah, SQL Injection and such sort of things tend to affect dynamic websites, especially when unencrypted databases are there. For even encrypted ones, that's brute force which plays the important role. Take for example, CMSes. At most you could mess around with the admin pages, hide them, change the access URL, use thousands of plugins, but you can't completely secure it. Some loopholes do exist whatever measure you take, and that's why hackers exist even today, with so high-tech security being developed nowadays.

In short, nothing is 100% secure, however, safety measures and precautions can be taken but that's solely up to the discretion of the maker.

Regards,

yes its depend on the developer of the code that the website runs . if the developer is new with using mysql it can easily get sql injected . my first CMS is sql injectable because i dont know how to prevent it but with experience i know the way and my newer CMS and updated CMS is sql injection proof . another one is XSS or cross site scripting . using HTML entities on input and output with MySQL escape string will remove 99.9% sql and xss attack . that is the most easiest hack that hacker will target

and im agree with you . no system is 100% safe and that is why you need to use all security measure to protect it

[ikk157]

yes its depend on the developer of the code that the website runs . if the developer is new with using mysql it can easily get sql injected . my first CMS is sql injectable because i dont know how to prevent it but with experience i know the way and my newer CMS and updated CMS is sql injection proof . another one is XSS or cross site scripting . using HTML entities on input and output with MySQL escape string will remove 99.9% sql and xss attack . that is the most easiest hack that hacker will target

and im agree with you . no system is 100% safe and that is why you need to use all security measure to protect it

To be honest, static websites tend to be more secure.

Think of it in this way, with dynamic sites, there could be several ways which the contents of those sites are made to be editable. (e.g. some sort of panel, or a login system, etc...). This gives hackers the perfect place to look for exploits which they can use to takeover.

While static websites tend to lack such things, simply because they don’t need a way to edit them as they’re, well, static!

[youssefbasha]

I agree with @humanpuff69
Static is more secure as there is no sql injection or something to be hacked.

[xdude]

If your site stay static for long period of time and don't have too much information then yeah these stafic site scripts are okey. I have been usiong mySQL for like 15 years and Only once I had SQL injection problem. Even that was not my fault by Godaddy has some Admin login compromize and had a massive server wide SQL injection spread. That was like 10 years ago and I havent had a single problem since them. Chances are very very rare if you have propper server hardening done.

For me Wordpress has everything I need. If I need just a basic site like landing page then its easy to create that.

[ikk157]

If your site stay static for long period of time and don't have too much information then yeah these stafic site scripts are okey. I have been usiong mySQL for like 15 years and Only once I had SQL injection problem. Even that was not my fault by Godaddy has some Admin login compromize and had a massive server wide SQL injection spread. That was like 10 years ago and I havent had a single problem since them. Chances are very very rare if you have propper server hardening done.

For me Wordpress has everything I need. If I need just a basic site like landing page then its easy to create that.

Many people are complaining that Wordpress is a security nightmare. Specially if you use plugins with it. It also tends to cause high load, not exactly something you’d want.

I wouldn’t personally recommend it. If you want a CMS, use something such as Joomla. But avoid Wordpress if you can.

[deanhills]

Many people are complaining that Wordpress is a security nightmare. Specially if you use plugins with it. It also tends to cause high load, not exactly something you’d want.

I wouldn’t personally recommend it. If you want a CMS, use something such as Joomla. But avoid Wordpress if you can.

I find your criticism of WordPress a bit simplistic. Obviously the way you use the WordPress script will determine how secure it will be. I've been using WordPress since 2012 and have done several courses in it too. You can use it both as a static and a dynamic Website. Static in the sense that it has no users, cannot get any feedback - you have the option to untick or tick boxes to make it completely static except for the fact it's still database driven. I've run most of my WordPress sites in this way. Also, there are plugins and plugins. WordPress has a beautiful system where you can check out the plugins before you use them. One should make sure one only uses a plugin that is listed and "vetted" by WordPress - and the list also shows when last the plugin has been updated. One can also easily check feedback of the plugin and support questions. As well as feedback of the styles and possible conflicts with plugins or overuse of resources. All the info is out there - all one has to do is Google it.

Joomla can be a security issue if the script is not up to date, which is easier to happen as it is comparably more difficult to update Joomla from one version to another (particularly when one jumps versions) than WordPress. With WordPress you can put all of your script and plugins on automatic updates. You also have a huge security plugin like WordFence for WordPress, which has an excellent free version as well, that is really good.

The security literature for WordPress is huge. Literature for WordPress is huge. But yes, if you haven't gone the full rounds of learning how to use WordPress properly, then that could be a security issue in its own right. Ditto Joomla. If you're an experienced user of Joomla then you'll probably be more experienced to know how to use Joomla securely vs when you don't know how to use WordPress. WordPress Dashboard for a first time user doesn't work instinctively. You have to figure it out, or maybe do a few courses to fasttrack learning first. Knowledge as we know is always the best security tool. So yes, beginners of WordPress should tread carefully and cautiously. Ditto Joomla first-time users.

[ikk157]

I find your criticism of WordPress a bit simplistic. Obviously the way you use the WordPress script will determine how secure it will be. I've been using WordPress since 2012 and have done several courses in it too. You can use it both as a static and a dynamic Website. Static in the sense that it has no users, cannot get any feedback - you have the option to untick or tick boxes to make it completely static except for the fact it's still database driven. I've run most of my WordPress sites in this way. Also, there are plugins and plugins. WordPress has a beautiful system where you can check out the plugins before you use them. One should make sure one only uses a plugin that is listed and "vetted" by WordPress - and the list also shows when last the plugin has been updated. One can also easily check feedback of the plugin and support questions. As well as feedback of the styles and possible conflicts with plugins or overuse of resources. All the info is out there - all one has to do is Google it.

Joomla can be a security issue if the script is not up to date, which is easier to happen as it is comparably more difficult to update Joomla from one version to another (particularly when one jumps versions) than WordPress. With WordPress you can put all of your script and plugins on automatic updates. You also have a huge security plugin like WordFence for WordPress, which has an excellent free version as well, that is really good.

The security literature for WordPress is huge. Literature for WordPress is huge. But yes, if you haven't gone the full rounds of learning how to use WordPress properly, then that could be a security issue in its own right. Ditto Joomla. If you're an experienced user of Joomla then you'll probably be more experienced to know how to use Joomla securely vs when you don't know how to use WordPress. WordPress Dashboard for a first time user doesn't work instinctively. You have to figure it out, or maybe do a few courses to fasttrack learning first. Knowledge as we know is always the best security tool. So yes, beginners of WordPress should tread carefully and cautiously. Ditto Joomla first-time users.

I appreciate you taking the time and effort to explain all of that!

I should’ve elaborated a bit more on why I jumped into the conclusion that Wordpress isn’t something you’d want to use. So here it is:

This opinion of mine isn’t brought by my own experience. For a matter of fact, I’ve never used Wordpress nor Joomla. It is brought by what I’ve seen people in the heliohost community (a lot of them!) experiencing when using it.

Almost all of them complain on how much load it causes compared to something like Joomla. And the majority of them say that it’s not secure at all (I can’t say why, as I haven’t paid much attention towards their reasoning). The majority switch to a different CMS (e.g. Joomla) and instantly start talking about how much better it is compared to Wordpress.

This lead me to develop an opinion of my own regarding that Wordpress isn’t something people should use.

However, you have changed that perception of mine and I admit that I am indeed wrong.