Serverless Hosting is Changing the Face of WordPress, Strattic CEO Explains
Strattic is an all-in-one serverless hosting platform that instantly optimizes WordPress websites by making them static and serving them on serverless architecture. We had the pleasure of speaking to CEO Miriam Schwab about the differences between static and dynamic publishing, and why serverless is so good for website speed, performance and above all, security. Share
What Led you to Develop a Serverless WordPress Hosting Solution?
I was born in Canada, and moved to Israel 23 years ago. I finished university and founded a WordPress development agency 14 years ago. We were one of the first to offer WordPress as a business solution back when it was just a blogging platform. Because we started early, we were in a good position when businesses and organizations started to look for other solutions to manage their website instead of using their proprietary software.
Over the last five years, it became a headache to manage and maintain a WordPress website. We started to offer our clients a maintenance package in order to help them with that headache where we kept their sites updated, backed up and provided them with technical support, but it became even more of a headache, even for us.
So my idea was to bring the two concepts together. WordPress is huge; it’s 30% of the internet and growing, and it has a lot of benefits. So, what if we turned WordPress into its own static site generator? And that’s the concept behind Strattic.
So, what we do with Strattic is convert WordPress websites to a static, serverless technology, in just one click. The user doesn’t have to learn anything new, so they can manage their website as they’re used to. All they have to do when they make changes (in development, design, content), is click one more button, and their site gets deployed as a perfect replica, and that replica is static; there’s no underlying database. So, the hackers that are constantly trying to breach websites based on known vulnerabilities, will hit a wall because there’s nothing to breach there. Sites can get up to 16 times faster, and scalability is not a problem.
Now, let’s say one of these sites gets a huge influx of traffic, positive traffic from an article or a campaign, or negative traffic like in the form of a DDoS attack, and the server can slow down or crash. But with a static website, that won’t happen. So, we’re bringing all these benefits to our clients without them having to change anything on their network.
How is Serverless Hosting Different from Traditional Hosting Methods?
Basically, whenever you visit a website running on a CMS, you request a page, and it queries the database to get the content to your browser. We do everything after that. We take the front end and slice it away from the backend. We present the page post query to the internet. That’s the static part, the non-database part. But it doesn’t mean that the site doesn’t have dynamic content; the serverless comes into play when we need to support a functionality that communicates with the database. For example, a contact form or native WordPress search, which would query the database and then display the result. We emulate that functionality using serverless technology called Lambda, which was developed by Amazon AWS. Lambda can present functionality that is like dynamic, without needing a database. It’s also called Functions as a Service. So, you trigger it by submitting a form or clicking a button which triggers a Lambda function, and that runs a type of dynamic function. For example, it grabs the submission when a form is submitted. We take that content and send it wherever it needs to go, like sending it to the site owner in an email, for example, and then the Lambda function shuts down. It only runs for the duration of what is needed, which is a much more secure and scalable way of doing things. In that way, we can preserve the independence and security of the database.
What are Some of WordPress’ Vulnerabilities, and how does Strattic Help to Overcome Them?
In general, for someone running a standard WordPress website, there are additional things that can help. If the site owner takes care of the low-hanging fruit, then they’re in a good situation. That would include basically making sure that the site owner is regularly updating plugins, themes and core software. That’s a key.
It’s important to audit plugins once in a while and see if they have stopped being supported by checking the plugin repository. You can also see if they are answering support requests, and if not, the plugin is becoming a security risk as nobody is checking for vulnerabilities or releasing patches. It’s generally recommended not to have too many plugins on a site, as it may well lead to performance issues.
Keep a backup, not necessarily to prevent issues, but it can save you if something goes wrong. It’s not enough to rely on the hosting company backup. I’ve seen hosting companies get hacked or go out of business, and site owners couldn’t do anything.
We love a backup service called Blogvault, and it’s seamless. You install their plugin, you can test, restore, and backup your website every day. That’s critical.
Another functionality that users can easily add is Brute Force Attack protection. There are plugins that you can add to whitelist only your IP to login to the website, and block all other users or specific IPs from the login page. Of course, as admin, you should never use the username “admin” or “administrator”. Choose something less obvious.
Moving the URL of the login page can prevent automated bots from getting there, but it’s a controversial method and many people say it’s not worth it.
Here’s a talk I gave at WordCamp Europe in 2017 in Paris, with a whole list of security steps that people can take.
Miriam Schwab: WordPress Security for All – You Won’t Believe How Simple It Can Be
How do you See the Future of WordPress?
WordPress is in a situation right now where it has more serious competition than ever before. There are platforms that are easier to use for building and managing websites. WordPress will have to up its game, and I’m happy to see that it’s actually happening. There’s a huge push led by Mat Mullenweg, the co-founder of WordPress, to implement a new editor called Gutenberg, which is meant to be more user friendly for creating page layouts and styles. Until now, WordPress had a basic page editor with limited layout capabilities, or you could use a page builder which is problematic in terms of their impact on performance and lack of forward thinking. Some of them create page layouts that will break your site if you turn them off. Elementor is forward thinking. You can turn it off, and your page layout will stay, and it doesn’t impact performance. However, Gutenberg is bringing that whole concept internally as part of the core software. Matt has recognized the problems that page builders pose to WordPress, and in order to maintain their position as the market leader in CMS, this is the focus right now. WordPress will continue to grow because it has serious advantages over other platforms.
For example, you don’t really own your content, and you’re depending on third-party platforms. For many organizations, it’s important for them to own their content. In the long-term vision, that’s how people should be approaching their website.
WordPress has certain threats, but those threats are pushing it forward to become even better for the next 10 years at least.
People think that WordPress is not secure. It has developed this reputation, but this is because it’s so easy to set up that people who get sites up and running aren’t always knowledgeable about web security and therefore don’t know how to manage it and be responsible for their website. Platforms like Strattic will make sure you don’t need to know anything except how to update your content on your site. You can have an outdated, vulnerable website, but it doesn’t matter because it is not accessible to the web. You don’t have to be a security expert or worry about it, just enjoy the benefits without the downside.