Why I Don’t Use A Static Site Generator

I often receive inquisitive looks when I tell people I’m running WordPress on my website. Especially when I’m talking to other people in the InfoSec community where getting responses like, “WordPress, really? Why not a static site generator like Hugo?” is par for the course.

I saw this post on Fosstodon a few days ago, which I think is a perfect example of why I don’t use a static site generator:

I use WordPress because it’s easy and I can use it anywhere.

Want to blog on my iPad? I can. Want to do it on my phone? No problem. On a machine I don’t normally use? Not an issue, as long as it has a browser.

Having to SSH into a Linux box, then editing a post on Vim just seems like a ridiculously high barrier for entry when it comes to writing on the go. The world is mobile first these days, like it or not, so writing on the go should be easy.


Yeah, I hear you, WordPress is less secure than a static site. There’s no getting away from that fact – there’s no admin interface for a threat actor to compromise.

For me, the potential risk of running WordPress vs a static site is what’s important here. By using strong passwords, multi-factor authentication and good InfoSec hygiene, the potential attack surface of WordPress is significantly reduced.

But a static site is WAY quicker!

Is it though? You may have noticed this website is pretty darn quick. I’ve done some simple optimisations to make it run very quickly, even under heavy load. As a test, I wrote a static version of my site in HTML/CSS and compared the performance with WordPress.

Spoiler: there wasn’t much in it.

A well optimised static site is probably going to out perform this site, and most of other sites for that matter. But it won’t be by much, and a fraction of a second is hardly noticeable when it comes to a person’s experience visiting a site.


If you use a static site generator, more power to you. For me though, I like that barrier to entry to be as low as possible. I like that I can log into a website, edit a post, then publish it.

GUIs are easy. Yes a terminal gives more control, but when the only thing you need to do is write a post, is a terminal not just making things overly complicated? I think so.

WordPress is far from perfect, but it works for me. If using a static site works for you, that’s great. It would be a very boring world if we all liked the same thing. 🙂

Note: I’ve got nothing against Brandon, I think he’s a great guy and I enjoy his content on Fosstodon – this was just a good example of an issue I perceive with static site generators.

Subscribe for more!

You will receive monthly emails with updates and previews of upcoming posts. To find out more, click here.

Please enter a valid email address.
That email address is already subscribed.
The security code entered was incorrect
Thanks for signing up!




Please read my commenting guidelines before posting a comment.

  1. Pingback: by Iris Won
  2. There are plenty of headless CMSs if you don’t want to just use a plain text editor from your desktop. Many of these authenticate through GitHub/GitLab, so they’re plenty secure.

    And if you don’t want the hassle if setting that up, you can just edit your files directly in GitHub/GitLab.

    You may have other reasons for not wanting to use a SSG. Maybe you just prefer WordPress. Maybe you don’t want to build your own commenting system or use Disqus. That’s cool.

    But if this is your only reason for not using them, it’s not much of a reason.

    1. I agree with what Dan said. This article holds up a strawman of all Static Sites generators being Markdown + Jekyll. The area has come so far in the past few years, you’re beating up on the early days.

    2. I think it’s multiple reasons to be honest, Dan. The flexibility of *easily* being able to add and edit content on the go is a big one, but also the back that I write something, hit publish and I’m done.

      There’s no build to go through etc. It’s not that I prefer WordPress per se, but I would say I prefer the simplicity and flexibility that WP offers over an SSG.

Leave a Reply

Your email address will not be published. Required fields are marked *