Here is a short explanation about the Webflow platform:
Webflow is a platform for building websites, that generates clean and standards-compliant HTML, CSS and JavaScript. This has several important advantages over building the same website on top of WordPress, most important of all is security against hacking of the website, but also the agility for the designer to do things that the WordPress template does not support.
In addition, Webflow provides a very good CMS (Content Management System) to let the site owners update the website after it is built. A single website can have several CMS “collections” for different types of items such as blog posts, people in the “about us” page, products that the company sells, job openings, and more. A blog post item, for example, can have a cover picture, title, author, rich text and more fields customized for the specific website and your needs.
Hosting
Regarding the site’s hosting, Webflow offer several hosting plans with the following features:
- The Business hosting plan costs $36 per month. There are cheaper options, but we recommend this plan that comes with priority support.
- Free SSL certificate.
- Hosted on AWS servers, worldwide CDN with Fastly and AWS CloudFront.
- Daily backups that are kept forever (for the Business hosting plan)
- Versioning support
- Staging URLs - when updating the website, a “staging” version can be created in order to share the changes with all interested parties. When the site is ready, the staging version can be moved to be the production one.
- Continuous and backwards compatible updates of the CMS and web servers
- 24/7 monitoring of all websites
Security
Security In order to keep your site secure you have to continuously upgrade Wordpress to its latest version, but that is a very resource intensive task. If you don’t do that, in our experience, your site has a very high chance of being hacked. Even security conscious companies tend to postpone these upgrades - try to explain to your marketing manager why you need to spend money on a website that is working perfectly today.
Why is Wordpress considered so insecure?
- The first layer of each website is the web server, such as Apache or Nginx. In order to keep the site secure the web server has to be kept up to date, but this is usually the hosting service’s responsibility, and mostly transparent to the websites served by it. As long as you choose a good hosting company, this should not be a problem.
- The second layer of a Wordpress site is the Wordpress code, that is actually a bunch of PHP scripts. These scripts run on the web server, and handle sensitive aspects of the site such as administrator login, site edits, etc.
- Many sites use Wordpress, so there is a lot of incentive to hack it. Unless you continually update Wordpress with the latest security patches, you are exposed to vulnerabilities that hackers find in the version you are running.
- This is where the problem lies - updating Wordpress continuously is expensive. Updating Wordpress usually breaks plugins that rely on the specific version of the Wordpress engine, so they also have to be updated. This could have still been ok, but some plugins become deprecated and their developers stop releasing updates. In that case, alternative plugins have to be found and deployed, and that entails rebuilding the relevant parts of the website.
