Developing Web Content
Conventional wisdom reveres complexity

It started out with elegant simplicity. The World Wide Web was a simple way of publishing content to the world efficiently. You just needed to learn a small amount of coding that was not at all difficult. That coding was called the Hypertext Markup Language, abbreviated HTML.

Then the inevitable happened. Features were added that increased the size of the coding language, so we could have sound, video, and various things that allowed the web to be used for commerce. Tools were created to allow people to create websites without having to learn that expanded language. That in itself is not bad.

The dark side

What's bad is the terrible job many of these tools do. Called by a variety of names—such as Content Management Systems (CMS)—they can create web pages that are large and inefficient when compared to web pages created by even a moderately-skilled craftsman.

These websites often consume more bandwidth than they should, which can be a problem for users with mobile devices. Web pages may load more slowly. Plus, the larger code makes it more difficult to find and fix problems, and the greater the chance of security issues.

Security architecture

Many of these content management systems are ill-designed from the standpoint of security. The same web server that serves up content to remote users is also the web server that content creators use to create and update content. This is not secure architecture.

Additionally, a company or organization using a CMS may not assign people who know much about security and best practices to administer their site. Break-ins may occur because the administrator (if there is an administrator) may not understand the task required to run a secure site.

One of the most popular of these content management systems is WordPress. Many experts claim that WordPress is secure, but may become less secure with badly-coded or outdated plug-ins, and errors on the part of administrators who have little experience.

The solution

The solution is to abandon this architecture. Your web server should only serve content. It should not also allow you to create and edit that content. Move the content management to a computer that's not a web server on the Internet. I'll refer to this as the development system.

The development system could be a computer in your office or at home that others on the Internet don't have access to. The development system occassionally connects to the web server using a secure protocol to upload content changes.

There is much software that you can use to develop content for the web using a single computer running Windows, Macintosh, or Linux. Some is free and some have a price. Most of my experience is with Linux, and open source software, so this is where I'll focus when I continue this page in a few days.