Security - I'd rather use a static site generator

Today, from the Drupal Security Team…

There will be a security release of Drupal 7.x, 8.3.x, 8.4.x, and 8.5.x on March 28th 2018 between 18:00 - 19:30 UTC, one week from the publication of this document, that will fix a highly critical security vulnerability. The Drupal Security Team urges you to reserve time for core updates at that time because exploits might be developed within hours or days.


Drupal, WP, and others certainly have their place, but I’m sure glad I’ve limited my clients’ exposure by migrating most sites from traditional CMSs to static sites.



I still have one Drupal site running. My inbox this morning…


sounds familiar almost everyday headache with these cms’s

I am slowing moving all blogs and marketing sites to Hugo or a middle ground for e-shop’s with headless to nextjs.

I have 1 site with Drupal using this works great

In the near future should 1 expect static/ dynamic page generation with Hugo similar to next.js but based on golang instead of js. :slight_smile:

1 Like

The ability to “deploy and forget” and “no security updates” are always my main points when I talk a customer in to using Hugo.

The need to constantly keep Wordpress, Drupal and any other CMS plus plugins/modules/extensions updated add a lot of cost and hassel over the years.

I worked with Drupal sites for over ten years but now I have none left that I maintain. I work on one big Django project and the rest is Hugo.

Hugo made the web fun again for me!