As I fell into the SSG pit I found I mostly wrote about and fooled around with the SSG itself, instead of all the things I originally planned on writing about and doing. So I threw away the SSG and installed Wordpress and stopped caring. It's been liberating.
If the goal is to tinker and write about the tinkering, that is fine. If you're not like me and the tinkering never gets in the way of the writing, that's also fine. But that wasn't me. I had to learn yet again that the best tool was the one that got out of my way and let me do what I came to do.
The last thing I need when I'm aiming to write is a chance to procrastinate.
Wordpress in 2025 has a very dangerous pair of traits:
* It and all its plugins must be kept up to date or else you will be compromised.
* The BDFL is a maniac who is happy to block access to deliver or receive security updates for petty personal reasons.
With a static site there are no security vulnerabilities to patch, so it doesn't matter if the SSG project totally implodes because the maintainer goes crazy. With WordPress it matters a lot.
Even if the dude tries to paint the internet with Wordpress's brains, I'm confident I will have time (and the impetus, finally) to find an acceptable alternative for my workflow. I'm open to suggestions.
Also, as I mentioned to a sibling response, the upkeep really is not that much work. It's a personal blog and takes a grand total of three (maybe four) clicks to update every once in a while.
Only as long as Matt deigns to allow your server to access his servers and deigns to allow the plugin authors who you depend on to log in to his servers.
WordPress has no governance, it just has Matt, and wo betide anyone who ticks him off (or who relies on any developers who tick him off).
WordPress.com doesn't support many of the plugins out there (or at least not on the price tiers I can see) -- but I happily used it for https://librefm.wordpress.com for a number of years.
Of course, WordPress.com is updated differently to a blog running the wordpress.org code.
Same here. Started ages ago with DokuWiki and then decided to try GitHub Pages. Transferred everything over, but then wanted some kind of search. So, I’ve implemented a custom Google search. Wanted some way for visitors to leave comments, so added Disqus. And in the end it was a potpourri of different services and a whole lot of JavaScript.
A few years ago I wanted to own my data again and not depend on external services, so exported the Disqus comments and after playing around with Serendipity ended up with Wordpress.
Was able to import the comments and the Markdown pages and there are even plugins to make it publish everything in the Fediverse. Made it all work using SQLite and enabled auto-updates. It’s basically maintenance-free.
I agree, but I think wordpress is overkill in 95% of cases.
Why? Because it takes too much maintenance (keep it up to date ornbecome part of a botnet) for features you probably don't need. A static site generator is totally fine for most blogs and if it needs maintenance it is at a time of your own choice.
I disagree, it's not overkill unless you make it overkill.
My update process is:
- Click a button to back up
- Click a button to update everything
- Open my blog to make sure it still looks normal
Definitely not onerous. To be fair I don't use many plugins, and my theme is very simple. I don't think a plain old blog doesn't need many plugins.
Sometimes I take a break from blogging. I don't want to have to read documentation on how my SSG works (either my own docs or docs on some website) to remember the script to generate the updates, or worry about deploying changes, or fiddling with updates that break my scripts, or anything like that. I do stuff like this for my day job.
I like my blogging experience to be focused on a single thing: writing.
You are running one of the most popoular PHP programs exposed to the internet. So on top of just writing you should probably schedule your regular check for CVEs and patches. And you should do this even if you're not blogging or on vacation.
Not a thing you'de need to do with a static website. If you're like: "Hey, I am not doing it right now and I am fine", consider that your warning. I have been hosting wordpress instances since wordpress existed and I know how things can go wrong with them.
I ran into the maintenance load of an SSG for my blog, and only just now switched themes over this rather than fixing the old theme (which had several customizations). In that theme swap, I think I lost all the productivity I gained from using the SSG over raw HTML.
One other productivity gain though is that if you end up switching SSG engines entirely, you still have your source files. Those could easily work with the next one, or at least leverage trying others out. If everything is baked into rendered HTML, it will be much more work.
The only thing I really wanted was 1 command to publish (which is does great) and an easy way to drag and drop images into posts (which I can do via the publish jupyter notebook function).
What I absolutely did not want was anything where "send HTML to clients" created any sort of overhead like a database.
I don't think I could ever go back to SSR like WordPress. My only real concern with SSG is if the build will work, and even when it doesn't it's never an emergency.
Whereas the concerns for something like WordPress is
1. Has our website been hacked and publicly defaced?
2. Has our website been silently hacked and is being used to secretly distributing malware or worse, aka the FBI randomly shows up at your business.
3. Will updating one random plugin nuke your entire live site, resulting in multiple sleepless nights? Will not updating it cause your site to get hacked also resulting in sleepless nights?
4. Or better yet something in your underlying environment changes and nukes your site, usually in the middle of a weekend out with your family, and your hosting provider pinky swears they didn't change anything. So you spend your whole weekend investigating just to find out your provider did change something, usually something stupid too.
5. Considering all the above your off-site backup solution is vital so better keep that maintained and thoroughly tested as well.
6. Plus a thousand other reasons to waste time, worry, and lose sleep.
We're talking about blogging here, not business-critical website infrastructure. If my blog went down I wouldn't lose a sleepless night over it. I'd figure it out later.
If I were choosing a CMS or tech stack for a critical piece of infrastructure my requirements would be different and I might find some other tool.
Also, if all these were so much concern, I doubt so much of the web would run on Wordpress. Yes, you need to keep your install and plugins up to date. But you need to keep your toolchain up to date no matter what you use. Risk of breakage on update is a thing everywhere, not just Wordpress. I'm by no means a Wordpress fan, but it really is not as bad as it's painted.
> Also, if all these were so much concern, I doubt so much of the web would run on Wordpress.
I used to run a company that all we did was wordpress, joomla, and drupal maintenance, performance optimization, and hack recovery. It very much was and mostly continues to be that bad.
> Risk of breakage on update is a thing everywhere, not just Wordpress.
Ya the issue with server side rendering is that your live environment is made of up dozens to hundreds of difference software stacked on top of each other and they all pretty much need to work perfectly to actually work and or not be vulnerable. And if you use something standard like cpanel to manage your environment, add another 1000 layers of complexity to the stack.
And lets not even go into all the work it takes to have that environment have decent performance and run on reasonably priced hardware.
Where as my concerns for my SSG live environments basically amounts to, is the host publicly accessible? To be vulnerable you would need to do something very stupid like set file permissions to 777 or something.
Again, we're talking about blogging, not business sites or SSR or CMS tooling. Very different needs with very different solutions.
I personally don't think it's that much work, and definitely not complicated, to keep my software up to date. And as a blog all I need to do is cache / throw behind a CDN and I'm golden. Nothing complex going on here. No headaches, no late nights, not even a wink of worry.
I think you two are talking past each other. Yes, people use WordPress for serious websites, and WooComerce stores, and all that stuff. But Tallain is not talking about those people. Tallain is talking about blogging.
Blogging is also often business critical. Entire businesses are built around blogs. I presonally know someone who sold their "wordpress blog" for $30m.
I think you're right. I stuck with manually writing raw HTML and it's fine, good even. I do have a python script that makes an RSS feed though, which was one more script than I wanted to write. WordPress would've saved me; unfortunately I already had a website so it was easier to add a blog there.
For the rest of my website I also just write raw HTML / CSS, and JS when needed. It's all static content and little toys, so no RSS need. It's nice to keep things simple when you can.
As I fell into the SSG pit I found I mostly wrote about and fooled around with the SSG itself, instead of all the things I originally planned on writing about and doing. So I threw away the SSG and installed Wordpress and stopped caring. It's been liberating.
If the goal is to tinker and write about the tinkering, that is fine. If you're not like me and the tinkering never gets in the way of the writing, that's also fine. But that wasn't me. I had to learn yet again that the best tool was the one that got out of my way and let me do what I came to do.
The last thing I need when I'm aiming to write is a chance to procrastinate.