How web programmers can make secure websites

Posted by Zach Dyer on September, 17, 2016

Monitor with gears being magnified with a magnifyer

In my last post I talked about why web programmers should ditch WordPress. I went through some of my personal experiences with the system and the problems I’ve had with it. Most of the issues were related to security. If you don’t know what the security issues are, read my last post and come back to this one.

I’m going to go over some of the solutions I have come up with to create more secure websites for my small business clients. Most of my security issues were because of the plugins in WordPress. Anyone could make a plugin and there is no quality control or oversite to insure the quality of the plugins. If a client wanted to do something special on their site for example create a calendar of events. A plugin would have to be downloaded and installed on the site. And when choosing a plugin the plugin has to work with the version of WordPress that is being installed. On top of that there are thousands of plugins and they all work differently. So I would have to download one and hope for the best.

So the first step is to stop using WordPress plugins. Better yet just stop using WordPress. Instead build a hand crafted custom website. It will be secure and load faster. When I started building websites all of my sites were static and those sites are still working like the day they were published to the internet. So I went back to my roots and my clients have been happy with there sites.

So get that text editor back out and start writing HTML, CSS, and JavaScript. If you need a blogging engine there are static site generators that are blog aware. I use one for my website and it makes writing blogs simple and straight forward. All my blog posts are written in Markdown so your clients can blog too and not have to learn any coding or programming. But that is for another post. Maybe next time.