Wordpress - now too insecure for the non-professional
For many years Wordpress has been my go-to solution for a small website or blog. It’s well supported, masses of templates, and highly flexible for either a large site or just a simple 2-page personal website.
It’s flexibility is it’s downfall though. Wordpress is a ‘dynamic’ platform - i.e. if generates webpages on-the-fly. Data is held in a database and the relevant content is pulled, shaped by the templates (in PHP) and then served to the visitor on demand. This means there is ‘logic’ on the webserver - and wherever that happens there is scope for the malicious to find ways to hack in. This is what happened to my original site in January 2016. I was hacked, and the site was loaded with advertising links and malicious code. Google found it before I did, because on visiting my site the Chrome browser wouldn’t let me in! Furthermore my emails to clients were blocked by Gmail because each had a ‘suspicious’ link in (to roywalker-ifa.com!).
So as an emergency measure I took the site down completely, and decided it was a good opportunity to re-build.
Hugo - the best solution
Choosing my website platform is almost more important that choosing my home - because most likely I’ll be living there longer! I decided to look at ‘static’ website generators. These basically pre-build the entire website locally, every page and every possible selected option. Then you simply upload the entire site to the server. There is no logic on the server, each page already exists and is served instantly to the visitor. This is actually quicker than a dynamic site (where pages are built on request), but more importantly it’s an order of magnitude more secure.
I looked at a number of static website generators. There’s a lot out there and they are increasing exponentially for the speed and security reasons I have mentioned. I chose Hugo as it seemed to offer the right balance between flexibility, and not being over-complicated for someone who doesn’t have a lot of time to dedicate to the site (though, I can find my way around a piece of code alright).
What I use:
- Hugo - the static website generator
- Hyde-y - I use the Hyde-y template for the site, as it’s simple and clean and gets the job done.. also it’s ‘responsive’ which means it adapts how content is displayed depending on the screen-size of your device (go on, try visiting www.roywalker-ifa.com from your phone!)
- Git - a pre-requisite to run Hugo, within a Git CMD window on Windows 10
- GoodSync - an easy choice for uploading the entire built site by ftp to the server, allows automatic sync
- Filezilla - a workhorse FTP client when I just want to poke around on the server
- Notepad2-mod - my favourite text editor - recognises and highlights syntax for Markdown which is the format that webpages and posts are written in
- PicMonkey - a free and easy online image editor - great for making rounded corners, drop-shadows, and circle images
- Fotor - free online photo collage maker
- RealFaviconGenerator - very cool online tool to make the ‘favicon.ico’ for this website (the you see on your browser tab)