Website management tools like WordPress leave your nonprofit’s website vulnerable to attack, hacking or being held hostage. A new type of website management tool known as Static Site Generators makes websites less vulnerable. In part one of this two-part series, we explain the pros and cons of both tools to help nonprofits make an informed choice. In part two we go into the technical how-to’s for the technically inclined.
Authored by John Kenyon & Max Pearl
A majority of nonprofits use Content Management System (CMS) software tools like WordPress to manage their website. WordPress is by far the most popular of these CMS software tools, but there are many others including Dreamweaver, Joomla, and Drupal, to name a few. The popularity of WordPress makes it a top target for hacking and attacks.
Before we had CMS software tools like Dreamweaver, Drupal and WordPress, creating a website page meant learning to use the coding language HTML (HyperText Markup Language). CMS software helps manage a website’s content, look, and feel through a graphic interface, rather than having to use a programming language like HTML. It’s the same way that MacOS and Windows provide a graphic interface so that computers, tablets and phones are easier to use and don’t require users to know the code that makes the software work.
Let’s look at an example of using HTML for website programming. In order to make a paragraph with bold, italics and links, you needed to insert codes to tell the computer how and what to display. HTML code looks like this:
<p><h5><strong>Facts</strong></h5><li>18,000 extensions and over 14,000 free design templates</li>
<h5><strong>System requirements for<em>WordPress</em></strong></h5></p>
The code you see tells the software to create the font style, bold, italics, indents, hyperlinks, etc., The code above results in what you see below:
18,000 extensions and over 14,000 free design templates
System requirements for WordPress
CMS software presents HTML code in a graphic, visual way that is much easier to use for non-programmers. The ease-of-use advantages of a CMS system are clear, yet they come at a high price. WordPress and other CMS systems share a problem with all widely used software tools. The more popular and widely used, the more attractive they become as a target for hackers. Every day nonprofit WordPress websites get hacked, requiring organizations to spend thousands of dollars (usually around $10,000) to get their website back.
With so much successful hacking of WordPress websites, nonprofits have to constantly update it with security updates or run the risk of being hacked. Many nonprofits don’t even know how to do those updates and/or may mistakenly think their website host or developer is handling that task. The updates aren’t always compatible with all of the added extensions that provide extra functionality to WordPress, so even updates can cause serious problems. As a result, regular updating of WordPress requires considerable ongoing administrative effort, especially in the case of large websites.
Most nonprofit websites hacks are a result of the WordPress and the extensions or plugins that add functionality to it not being updated correctly. Many nonprofit organizations don’t have the staff, expertise or capacity to keep up with these updates – sometimes with disastrous and expen$ive results. It’s common for an organization to spend $10,000 on having their website rebuilt once it’s been compromised, along with many hours of staff time to fix broken parts and manage the rebuild.
So what is the alternative? How can nonprofits find a tool that makes website updating relatively uncomplicated and that does not expose them to such costly problems? We are intrigued by the new technology of static site generators and how they might help us address this issue.
What are Static Site Generators?
You can think of a static site generator as an “offline CMS.” A standard CMS like WordPress uses code to pull information from a database, delivering the content as a completed web page at the moment when it is requested by someone visiting that website page. That is called “delivering content dynamically” – you click to a website page, the request triggers the immediate pulling of information from the database to display the web page on your screen.
A few of the static site generators look a lot like a CMS, but most are driven primarily by a command line, and look nothing like a CMS. And not all are created equal. But they can generate a website that looks just as good as a website built with a CMS such as WordPress or Drupal.
The technical expertise needed to use a static site generator is not that different from the skill set you need to operate a CMS like WordPress, so you still need some technical skills – adminstrator skills vs. builder/developer/programmer skills. They usually require someone to set it up for you, then you can get trained on using it.
Best Uses for Static Site Generators
The best use case for static sites are small nonprofits that don’t update their sites very frequently, and have little or no ongoing technical support available to manage the organization’s website. Other good use cases are one-off project websites – fundraising or advocacy campaign specific, domain specific, program or project specific, where you’re able to create sites quickly and easily.
Static site generators are not a good fit for websites that require a lot of functionality – for example, dashboards – something that was dynamically updated to show a current set of data, sites that require user logins, or sites that have extensive database lookup requirements. To have comments on a static site, you would need an external tool like Discus, you would need the code to add comments function.
It is more difficult to have dynamic search function, that is why it’s best for a limited number of pages, not a deep well of content that could require searching through.Because of the advent of more advanced technologies, you can do almost anything with static sites as you can with a CMS. That said, the barrier to entry for some dynamic functions (such as database lookups, logins, dashboards, etc.) is much higher with a static site – so you if you need that sort of functionality, you are better off with a CMS.
Examples of Static Websites
You might be surprised to learn that well known websites like DropBox and Mint use static site generators.
Why Max Moved to a Static Site Generator
Max had an online presence that included four WordPress sites. He didn’t have a lot of time to manage the updates to these sites, and when they were hosted on inexpensive shared hosting sites, they were hacked several times and required a lot of time to fix. In response, he moved them to WPEngine, a very good, but very expensive managed hosting environment for WordPress (individual domains cost $35/month). The hacking stopped completely, but he was paying a lot of money for that privilege. After learning about and trying several static site generators, he chose one, called Pelican, and migrated all of his sites to Pelican, hosted on Amazon S3 (an online place to store anything digital including websites). We go into detail on the technical aspects of the website migration in part to of this series (coming in one week on Friday May 3rd).
If your needs for a nonprofit website fit with the best uses we described, moving to a static site generator could make lots of sense. You can do small experiments by using them to make single pages or a small site with a few pages for an upcoming event, fundraising or advocacy campaign. To reduce your vulnerability to hacking of your website, it’s worth considering static site generators as an alternative to the usual suspect(s).