What is the best way for a non-techie to get a business website?

[=MGN=RedEagle]

I have a friend who has been burned by cheap hosting providers and needs a solution for his simple business website.

Whats the best way for a person to make and host a static website these days?

I used to say:

Hire someone to make a wordpress website and host it with liquid web but LW got rid of basic shared hosting and wordpress gets hacked (non-techies install many plugins).

Now I am thinking something like Wix and/or square space is the way to go.

What say you?

 

[drastic]

Wix sux. HawkHost and SiteGround are cheap hosts and can do WordPress on there. Then grab a theme at themeforest or another provider. Then you can just help him with the rest.

The cheapest hosting plan is all he needs from either of those hosts.

Also, Liquid Web stinks since they bought out WiredTree.

 

[=MGN=RedEagle]

Wordpress is a real problem for newbies as they have become so virus-prone. Themes often require a plugin which has not been patched and results in infection.

 

[m1ne]

1) Buy hosting from anywhere not owned by EIG
2) Install Joomla or Drupal

 

[=MGN=RedEagle]

So Joomla or Drupal don't have the same systemic virus problems?

 

[sheel]

Going by statistics, yes.
Sure, problems are everywhere, but WP is by far the worst on this list.

 

[Digital Doctor]

Joomla or Drupal

Both are MUCH more complicated than Wordpress.

Anyone that might have trouble using Wordpress will not do well with Drupal.

FWIW, both my Wordpress and Joomla sites were hacked.
My Joomla site did last longer than the Wordpress site.

 

[sheel]

Anyone that might have trouble using Wordpress will not do well with Drupal.

It's not about not knowing how to use it on the frontend, but about vulnerabilities in the code....

 

[Digital Doctor]

It's not about not knowing how to use it on the frontend, but about vulnerabilities in the code....

Suggesting Drupal for a non-techie is not going to go well.

This question at hand is for sites that are good for non-techies.

I'd suggest Wordpress and someone to maintain it.

https://www.todo10.com/en/wordpress-monthly-maintenance/

Although $1200 a year seems like a lot.
I thought todo10 had a better prices. Weird.

 

[sheel]

This question at hand is for sites that are good for non-techies.

Well then, yes WP is easier...

 

[ManagerJosh]

Going by statistics, yes.
Sure, problems are everywhere, but WP is by far the worst on this list.

The culprit isn't always WordPress directly itself. From my own experience, it has a lot more to do with the WordPress plugins and themes.

 

[sheel]

True too ... nonetheless, I remember the very first time looking into WP code, and finding an SQL injection possibilty. (some years ago, long gone)

 

[mcadx]

WordPress and install WordFence plugin. It's a fantastic firewall/AV for WP sites.

 

[Lucas]

The culprit isn't always WordPress directly itself. From my own experience, it has a lot more to do with the WordPress plugins and themes.

This. WordPress itself is not bad. The big marketshare it has and the huge amount of outdated or rushed plugins to make a few bucks is what makes it dangerous. I host several big WP websites from Costa Rica and most problems are usually related to a plugin or a theme.

 

[Chromaniac]

WordPress can be configured to self update itself and all components (plugins and themes). User literally has to do nothing on his own to maintain it. It is astonishing how simple it is as long as you do not experiment with third party code which is not being maintained properly. So as long as you stick with popular plugins and themes... WordPress really should work fine for anyone with basic initial configuration set to auto-update-everything. Of course, your web host needs to be secure too.

 

[Robru]

Also make sure your WP and Xenforo site is behind a good reliable hardware firewall.

 

[Kintaro]

WordPress can be configured to self update itself and all components (plugins and themes).

it will check for compatibility against themes/addons version and WP version?

 

[Chromaniac]

Probably not. Default behavior only applies to minor updates which means you would still get all the security updates.

 

[Robru]

Yes. But if you use Redis cache, it's not working well. Because you will have to clear the cache first.

And it is important that add-ons creators correctly indicate the compatibility of an update.

 

[sheel]

Not to be mean, but this here sounds like a chorus of people that need to assure themselves tham using the easy, fancy WP isn't that bad.
...well at least for jobs more people like me.

@Robru If the problems are vulnerabilities in the PHP software Wordpress, or one of it's (PHP-only) plugins, a hardware firewall has absolutely no benefit. 99.9% of firewall solutions are completely useless for that purpose. For the 0.1% that are not, it's not necessary to do it in a separate device, because the stuff about PHP software vulns can be filtered in the server itself (before reaching PHP)

@All about WPs auto update: Not only it has grave security bugs too (eg. one of 2016 has a long article here: https://www.wordfence.com/blog/2016/11/hacking-27-web-via-wordpress-auto-update/), but it apparently won't require any authentication to create new valid updates. Meaning, anyone can do it, including us here, the NSA, any any criminal malware writer.

Some 4 years ago, someone at WP finally realized that https://core.trac.wordpress.org/ticket/25052, and the reactions included

To be blunt, I don't think this is something that we'll be implementing at present (user initiated signing), it's a lot of extra work for "minimal benefit".

Ok. Minimal benefit to protect all their users and their servers from such a huge problem.