- What is a Static Site?
- What is a Content Management System?
- What is a Static Site Generator?
- 1. Flexibility
- 2. Better Performance
- 3. Fewer Server-side Dependencies
- 4. Improved Reliability
- 5. Superior Security
- 6. Client Control Considerations
- 7. Version Control and Testing
- Frequently Asked Questions (FAQs) about Static Site Generators
What is a Static Site?
Think back to the first website you built. Most developers start by creating a series of pages contained within individual HTML files. Each will call in assets such as images, CSS, and perhaps a sprinkling of JavaScript. You possibly launched these files directly from the file system without a web server. Life was simple. Difficulties arise as your site becomes larger and more complex. Consider navigation: it may be similar in every file, but adding a new page requires updates to every other. Even references to CSS and images can become awkward as folder structures evolve. You may have considered options such as server-side includes or PHP, but an easier option can be a content management system (CMS) …What is a Content Management System?
A CMS typically provides administrative control panels. These allow authors to write content that’s stored in a back-end database. When a visitor requests a URL, the CMS:- determines which page is required
- requests appropriate content from the database
- loads an HTML template (normally from the file system)
- renders the content within the template, and
- returns a formatted HTML page to the visitor’s browser.
- You need to adhere to the CMS’s way of working. It can be awkward to add custom text or components.
- The server is doing more work, and performance can be affected.
- There are additional points of failure. A software upgrade or database failure can bring your site down.
What is a Static Site Generator?
An SSG is a compromise between using a hand-coded static site and a full CMS, while retaining the benefits of both. In essence, you generate a static HTML page-based website using CMS-like concepts such as templates. The content can be extracted from a database, Markdown files, an API, or any practical storage location. The site generation can occur on your development machine, staging server, or using a service to build when changes are pushed to the code repository. The resulting HTML files and other assets are then deployed to a live web server. The term “static” doesn’t mean “unchanging”. An SSG builds a page once, while a CMS builds it on each request. The end result is identical and users will never know the difference. A related concept is a “Headless” or “Decoupled” CMS. These use an interface such as WordPress to handle content administration but allow other systems to access the data via a REST API, or a GraphQL API. Therefore, an SSG such as Eleventy can build a static website using WordPress page content extracted from an internal server. The resulting HTML files can be uploaded to a web server, but the WordPress installation need never be publicly accessible from outside the organization. The term Jamstack (JavaScript, APIs, and Markup) is also used in relation to static sites. It refers to the rise in frameworks, serverless functions, and associated tools which generate static files but allow more complex interactivity to be created. Popular static site generators include Jekyll, Eleventy, Gatsby, Hugo, and Metalsmith. SSGs are available for most languages (see StaticGen for many more). Frameworks such as Next.js statically render pages where possible, but also allow the developer to run server-side code when necessary. Let’s examine the benefits of using an SSG …1. Flexibility
CMSs normally constrain your options, because they’re tied to a database with specific fields. If you want to add a Twitter widget to some pages, you’ll normally require a plugin, a shortcode, or some custom functionality. In a static site, the widget can simply be inserted into a file directly or using a partial/snippet. There are few limits, because you’re unshackled by the those imposed by a CMS.2. Better Performance
Most CMS applications offer built-in or plugin-powered caching systems to ensure pages are generated and reused when possible. This is effective, although the overhead of managing, validating, and re-generating cached pages remains. Static sites can create pre-cached pages which need never expire. Files can also be minified prior to deployment to guarantee the smallest load and easily deployed via global content delivery networks (CDNs). A static site will always perform better than a CMS-powered version using a similar template.3. Fewer Server-side Dependencies
A typical WordPress installation requires:- a suitable operating system such as Ubuntu or CentOS
- a web server such as Apache or NGINX
- PHP with associated extensions and web server configurations
- MySQL
- the WordPress application
- any necessary plugins
- the theme/template code.
4. Improved Reliability
A CMS is complex, with many moving parts and points of failure. Run a WordPress site for any length of time and you’ll almost certainly encounter the dreaded “Failed to establish a database connection” error. Unforeseen CMS problems can arise from sudden traffic surges, which overload the server, crash the database, or restrict active connections. Serving a static site is less intensive. In many cases, the server just has to return flat files so scaling according to traffic demand becomes simple. It’s still possible to crash a web server or overload APIs, but it’ll take considerably more concurrent requests.5. Superior Security
There are several reasons why someone may want to attack your website. Traffic hijacking, rogue advertising, linking, authenticity spoofing, and malware hosting all permit an unauthorized user to make monetary and/or kudos gains. A CMS opens a number of attack vectors. The most obvious is the login screen: it’s only as secure as the weakest user password. Be aware that any page running server-side code also offers potential exploits — such as firing spam emails via your contact form. It may not be obvious that someone has gained access; the worst culprits want to stay hidden. A static site may require little or no server-side functionality. Some risks remain, but they’re rarely as problematic:- Someone could gain access to a server via SSH or FTP and deface pages or upload files. However, it’s usually simple to check for changes (perhaps using
git status
), wipe the whole site, and regenerate it again. - APIs called by a static site are exposed in the browser and could be exploited in an identical way to any server-side code — such as a form emailer. Good security practices, CORS, and CSP will help.
6. Client Control Considerations
You can spend weeks building an attractive CMS theme for the client to trash their site within minutes of handover! Using a CMS is not necessarily easy, and it offers considerable power to content editors. You can lock down rights such as plugin installation, but it won’t prevent someone changing fonts, introducing clashing colors, adding poor photography, or corrupting the layout. A static site can be as limited or as flexible as you choose. If you’re using Markdown or similar flat files, editors are less able to make mistakes or adversely affect page styling. Some will miss the CMS content administration panels, but you can either:- use their existing CMS and cleanse data before generation, or
- provide simpler workflows such as editing Git-based files in StackEdit or Hackmd.io.
7. Version Control and Testing
Database data is volatile. A CMS permits users to add, delete, or change content on a whim. Wiping the whole site is a few clicks away. You can back up databases but, even if that’s done regularly, you’re still likely to lose some data. A static site is generally safer. Content can be stored in:- flat files: they can then be version controlled using Git or similar systems. Old content is retained, and changes can be undone quickly.
- private databases: data is only required when the site is generated so it need not be exposed on a public server.
- How to Create a Static Site with Metalsmith
- Getting Started with Eleventy
- How to Use WordPress as a Headless CMS for Eleventy
Frequently Asked Questions (FAQs) about Static Site Generators
What are the main advantages of using a static site generator?
Static site generators offer several advantages. Firstly, they provide enhanced security as they eliminate the need for a database, reducing the risk of attacks. Secondly, they offer improved performance. Since the sites are pre-built, they load faster, providing a better user experience. Thirdly, they are cost-effective. Hosting static sites is generally cheaper than dynamic sites. Lastly, they offer version control for content, allowing you to track changes and revert to previous versions if needed.
How does a static site generator improve website performance?
A static site generator improves website performance by pre-building all the pages of a website. This means that when a user requests a page, it can be served immediately without any need for server-side processing. This significantly reduces the load time of the website, providing a faster and smoother user experience.
Can I use a static site generator for a large website?
Yes, you can use a static site generator for a large website. However, the build time may increase as the size of the site grows. This is because the generator has to pre-build every page. Despite this, the performance benefits often outweigh the longer build times, especially for sites where content doesn’t change frequently.
How secure are static sites?
Static sites are generally more secure than dynamic sites. This is because they don’t rely on databases or server-side processing, which are common targets for attacks. However, like any website, static sites are not immune to all types of attacks, so it’s important to follow best practices for web security.
What skills do I need to use a static site generator?
To use a static site generator, you generally need to have some knowledge of HTML, CSS, and JavaScript. Some generators also require knowledge of a specific programming language like Ruby or Python. Additionally, you may need to be comfortable using the command line and version control systems like Git.
Can I use a static site generator with a headless CMS?
Yes, you can use a static site generator with a headless CMS. This allows you to manage your content in the CMS and then use the generator to build your site. This can be a powerful combination, providing the benefits of a CMS with the performance and security advantages of a static site.
How do I choose the right static site generator?
Choosing the right static site generator depends on your specific needs and skills. Consider factors like the language it’s built in, the templating system it uses, its build speed, community support, and its compatibility with other tools you’re using.
Can I use a static site generator for e-commerce?
Yes, you can use a static site generator for e-commerce. However, since static sites don’t have a built-in backend, you’ll need to use third-party services for things like shopping cart functionality and payment processing.
What are some popular static site generators?
Some popular static site generators include Jekyll, Hugo, Next.js, Gatsby, and Hexo. Each has its own strengths and weaknesses, so it’s important to choose the one that best fits your needs.
How do static site generators handle dynamic content?
While static site generators are best suited for static content, they can handle dynamic content with the help of third-party services. For example, you can use APIs to pull in dynamic data, or use services like Disqus for comments or Formspree for forms.
Craig is a freelance UK web consultant who built his first page for IE2.0 in 1995. Since that time he's been advocating standards, accessibility, and best-practice HTML5 techniques. He's created enterprise specifications, websites and online applications for companies and organisations including the UK Parliament, the European Parliament, the Department of Energy & Climate Change, Microsoft, and more. He's written more than 1,000 articles for SitePoint and you can find him @craigbuckler.