The problem with software like Drupal is that you are running a computer program on a webserver out on the internet. Where the baddies stalk. Any software is at risk of being compromised or tricked into running something it shouldn’t. Typically this creates an arms race to discover and remove potential avenues for hacking before the baddies can also find a way to make use of that avenue.

The concept of the JAMstack is to provide the website without running software on the public webserver. You run the software locally and from that create a ‘flat’ website of HTML and graphics that doesn’t need a special program (like Drupal) to display it [*] - a so called static website. One less bit of software running on the webserver makes for one less door for hackers to enter through.

First step in implementing this was to upgrade my existing local copy of the Drupal 7 website to Drupal 8, not an entirely hassle free task which basically ended up going through all the articles to re-edit them. Then once I’d got a working Druapl8 going through the various changes and fixing glitches due to the upgrade before doing an ‘export’ of the site using a Drupal plugin called tome. This outputs a static website or ‘flat’ version of the website for upload to the webserver.

So now I can run Drupal 8 on my local virtual machine, run tome and upload to the webserver as wanted. I don’t have to upgrade Drupal until I want to and can experiment locally with confidence before the upload.

There are some bits of layout that I want to sort out, and things I want to change, and there seems some bits of the static export such as search that isn’t working so for now those are disabled. But the end result is a working site that can get the task of writing articles started again. So a win.

[*] Yes, I know you still need a webserver like Apache to provide the HTML out to the internet.