[jchung]

> I hope a static site generator comes along with an intuitive UI for non-technical people to easily update their own content.

Does this not exist? Would love to offer that to some of my non-technical team members.

[0xf005ba11]

https://headlesscms.org/

My current pick of the crop: https://www.netlifycms.org/

I have no affiliation with Netlify, just my perceived benefits of Netlify CMS:

* Open source

* Static site generator agnostic

* Host the editor UI yourself

* No vendor lock-in

* Git based

P.S. These are all part of the https://jamstack.org/ movement.

[wodenokoto]

Dreamweaver ... We are slowly coming full circle here :)

[nas]

There are a number of them. Jekyll and Hyde are two of them. Wordpress is a security disaster, IMHO.

[konschubert]

I can't speak for Hyde, but Jekyll requires you to edit text files which makes it unaccessible for non-technical people.

[rozenmd]

There's Netlify + GatsbyJS - takes git know-how to setup, but once you're there it's a Rich Text Editor on a webpage controlling your content

[tdhz77]

Add contentful and you have a admin dashboard and hundreds of integrations.

I set this up last week and it’s amazing. It costs $0 for my small project.

I’ve aleo rolled out it out to event websites. And they love it too.

No database is a big win for bloggers, who should focus on content and not security.

[chimen]

$249 lowest pricing package after you stretch out pass the free limitations.

[tdhz77]

I won’t be hitting a million hits on the api for 99.9% of my projects.

[JamesBarney]

Having used both Jekyll and WordPress the learning curve wasn't even close to WordPress for getting started with your first blog entry. WordPress is an hour project, Jekyll is a weekend project.

[kinkrtyavimoodh]

Jekyll is a weekend project if you want to set it up from scratch. If you have 100 or so wordpress posts you want to migrate, it's a pretty long and tedious and joyless project.

[IncRnd]

> Wordpress is a security disaster, IMHO.

What specifically about Wordpress makes it a security disaster? Do you mean the plugins or actual Wordpress?

[hluska]

I'm not OP, but I've worked with Wordpress quite a bit in my day. To answer your question, it's a bit of column A and a bit of column B.

Over the last few years, Wordpress core had gotten quite a bit better (to the point that I have gone back to Wordpress for my personal site). But previously, the core was victim to some embarrassing security issues. In Wordpress' defence, I can't think of a single PHP application as old or as large as Wordpress that did not suffer from similar problems.

Plugins are often an unmitigated security clusterfuck. I've seen things in popular Wordpress extensions that have made me want to trade in my laptop for an abacus and go full luddite. (I've also seen some really wonderful code.) The big problem I see is that a plugin has to be extremely popular before anyone with much of a background in writing relatively secure code will ever read the code. And by that time, it's so popular that it keeps getting hundreds of installs no matter what kind of flaw you find. Some plugin developers/maintainers are incredibly diligent and helpful, but I've also been threatened with legal action (more than once) when I've disclosed some really amateur security issues.

[IncRnd]

Yes, thank you. I do get all that.

But, due to how the GP seemed to conflate Wordpress, and "everything else" I wondered what was the basis for his comment. I'm pretty clear on the security of WP itself.

> Some plugin developers/maintainers are incredibly diligent and helpful, but I've also been threatened with legal action (more than once) when I've disclosed some really amateur security issues.

Most WP plugins are terrible from a security perspective, and I've found the quickest method to resolution is to send a patch to the devs, solving the problem for them and me.