I found out about it from Bagels, bikes, and blogging – asheesh-announce-l
Great idea. Only wish they were able to handle WordPress-native comments the same way.
We should ask Asheesh to explain why a static version of WordPress is a goal; it is an interesting story that I’ve discussed many times with em.
Okay, so sure, that is cool and all. But I have no idea who it is for. I can guess who I would suggest it to, but no one I think of would come to that conclusion on their own.
I am obviously trying to split apart the dynamic from the static in my recent development.
Here is the part that concerns me:
They aren’t actually protecting WordPress sites. They are just a hosting layer. And this is already a common practice.
The difference of course is the “virtualized environment” where they keep the site. Such a setup certainly protects the site from certain attack vectors. But they can’t say it won’t get hacked, because WordPress gets compromised in lots of other ways, particularly around plugins in the public repo (this is why we all try to get the word out about public repo hacks, it comes from a default trusted authority…). It also doesn’t prevent misconfigurations, while not a compromise, is an easy problem for many site operators.
Quick aside
I was reading recent posts on my site once. I wasn’t very active, so had moved it to shared hosting, not a lot of resources. I went back many pages, couldn’t find what I was looking for. So I searched for it, got a crashed database error.
Why? Well it turns out that database had crashed weeks before, and from the logs and my experience, no one ever noticed. The entire site was cached as static HTML documents. As I hadn’t updated the site, the documents hadn’t changed.
In other words, this is a very common deployment model. It is just that serving the docs over a CDN removes the useful dynamic parts of WordPress, specifically comments, search and user interactions (I use a lot more forms than most, so “user interactions” is a catch-all).
So, Hugo?
Nah. I personally chose Hugo after trying to set up basic sites with the first 50 options at the Netlify-branding directory known as StaticGen (it is very useful, in a sense). Hugo hit all my personal needs, both as a developer wanting to use git and text, but also as a developer looking for a solution to deploy infrequently updated sites for small businesses.
I am of the opinion right now that writing text files and committing them to version control is an absurd level of entry for web publishing. WordPress is still the best option for new web producers (anyone with a website), and especially if it involves more than one person.
So in the end, this kind of virtualized WordPress instance (we refer to this as “headless WordPress”, because you are seeing the output but not the server running the code) is interesting, but that particular use has very little practical need. I think it would be better to host in a limiting, hardened environment, where the provider helps users choose the options to customize their site (a niche I try to fill, but somewhere between a WordPress.com instance, and a free-for-all hosting package) to combat malicious activity.
That said, for €48 a year, that isn’t bad. I hope HardyPress has a help doc explaining how to find help for their site that only exists when they use it. WordPress help bars are gonna have fun with that!
You called it “reality mitigation,” before! I like the phrase and have also
used it since. Providers helping, I mean.
Yeah, Asheesh was going back and forth between static and dynamic, himself.
I’ll send him a link to this thread?
Hi guys, creator here
We just launched the service and I think your feedback are extremely important.
As you can guess the main target for HardyPress is the myriad of blogs and “brochure” websites that, most of the time, contain only the pages “Home”, “About Us”, “Services”, “Products”, “News” and “Contacts”. The “dynamic” part of the architecture for all of these sites is only really exploited by admins while navigating in the backend of their CMS, in conjunction with updating their site. For the rest of the time, millions of servers around the world continue to produce each visit the same page produced a second before, and visitors “undergo” a dynamic architecture that only produces negative effects on their experience: slowness, instability, potential vulnerabilities.
So the HardyPress way to simplify things is to use WordPress as a static site generator, as simple as that.
In addition we take care of make contact forms running seamlessly (for now only contact-form7), and augment the search box to provide instant suggestions to visitors.
I’m sure this can be a great benefits for most of the sites
About security, as maiki said WordPress can be hacked in many ways , but having the server turned off mitigate a lot of problems.
I will be happy to receive your feedback and answer any questions
Claudio
What follows is a hot take from your front page. These are not equal points, just a string of observations:
- “No need to upgrade WordPress or plugins.” - don’t say that. You want folks to keep updated, for a variety of reasons. The number one reason being their ability to get support from the general community; asking for version is an early step in troubleshooting.
- Instant search out of the box - how do you scrap this, and how do you override the search box? I would use the various JSON endpoints to populate the index, wondering if you folks did the same.
- Support for Contact Forms 7 - next should be Gravity Forms, and then Ninja and/or Caldera.
- “If your site needs comments, just install the Disqus plugin, it’s the best way to manage comments in your website anyway :)” - Don’t say that. Disqus is a horrible way to manage comments. I know you don’t have a lot of options, but don’t endorse Disqus, they make web conversations worse, and insert ads and track folks and etc. etc.
- Comments? Disqus to the rescue! - Look into the various static site commenting systems. In particular, consider contributing documentation for setting up WordPress with Discourse!
- “Never update WordPress again” - ooh, we just might have a major disagreement, if that is a selling point. What pain point are you addressing here? Also, how do you keep updates from running automatically? Do folks have the option to auto-update their own sites?
I’d be a lot more supportive of your product if it didn’t encourage not upgrading.
I get the rhetoric, but consider there are two caching plugins in the top 20 public repo plugins by popularity, and nearly every WordPress hosting company has one or more caching layers in front of every site they host, and those “millions” of servers are not just targets for malicious folks; they essentially serve up static sites, while keeping the “dynamic” parts.
About those dynamic parts! Let’s put aside the big ones: comments, native search and ecommerce. Here are a handful of dynamic parts my partners use:
- Responses - these include comments, but also social media reactions, pingbacks, and webmentions.
- Sorting/filters - this can be considered a type of search, but aside from dynamic facets, you also have little WordPress hacks folks enjoy, like
example.com/tags/reference+plugin
. - Integration/API - no webhooks being received or sent, so no chat notifications, no discounts given, no signing off on a contact form action. Polling feeds is possible, of course, but no CRUD.
- CTA - A call to action normally triggers something aside from a page load.
- Fundraising - While possible to embed PayPal or even Stripe, my clients are both handsome and prefer hosting their own donation/funding forms and processes.
- Teams - I host the blogs for a handful of friends, but everyone else is a team.
Now of course that list also shows where I am coming from. I just can’t imagine anyone I would work with that would benefit from the level of CMS separation HardyPress provides.
Also, in passing, when I click on “support” from the footer on your homepage, I get the following page:
That’s just kinda weird.
Looking forward to your repsonses, and thanks for coming by to discuss.
Hi maiki, and thank you for your sincere thoughts and for your advice, we really need it
We certainly have to work hard on communication, documentation, guide, and support for more plugins.
What we are trying to make clear on the front page is that with HardyPress you can create or edit a website, or import an existing legacy site, publish it online as static, and totally forget about its existence, until next change.
In my personal experience, I used to have a web agency with dozens of WordPress installation to keep alive, mostly of them where simple “brochure” sites. I used auto-update mechanisms and caching layers provided by the hosting service, but it happened more than once to have security/performance/technical problems and headaches.
Only after I put the static copy of these sites online I started sleeping well at night. There was no way that things could go wrong.
Regarding the dynamic part, of course, not all sites are suitable to be hosted on HardyPress, but since there are so many “legacy” or very simple/single-page website where there is no dynamic features on frontend-side except contact forms and native search (that we try to support seamlessly), I am convinced that there is some room for a product like HardyPress in the market, and that there are a myriad of webmaster out there that could benefit from the architecture HardyPress is offering, as I did.
IMHO if all sites that could be served as static, they were really, probably there would not be thousands of hacked sites every day.
Thanks again for your precious thoughts