Here's a fun fact: the site you're reading right now has no web server. No PHP, no database, nothing for me to log into and patch. Let me show you how that works — because it's faster, cheaper, and a lot harder to hack than the way we used to do things.
The old way
For years, hosting a site like this meant renting a server (a VPS), then installing and babysitting a whole stack: a web server, PHP, a database, a CMS, and all the security updates that come with them. That server runs 24/7, and every piece of it is something an attacker can poke at — and something you have to keep patched. (Our old site ran exactly like that. Eventually it broke and went down.)
The new way: static + the edge
The modern approach flips it around. Instead of a server building each page on demand, you build all the pages ahead of time into plain HTML, then upload those files to a CDN — a network of servers spread across the globe.
For this site, I write articles in plain text (Markdown), run one command to turn them into HTML, and deploy to Cloudflare Pages. The files get copied to Cloudflare's edge in hundreds of cities, and every visitor is served from the location nearest them.
This style has a name you'll hear a lot: the Jamstack — pre-built pages served from the edge, with any dynamic bits added through small serverless functions only where you actually need them.
Why it's better
- It's fast. Pages are pre-built and cached close to the reader — no waiting on a database.
- It scales for free. A sudden traffic spike that would crush a small VPS is a non-event; the CDN just hands out cached files.
- It's secure. This is my favorite part. No server, no database, and no admin panel means no SQL injection, no remote code execution, no login to brute-force, and no server to patch. The attack surface shrinks dramatically.
- It's cheap. Here it's free — Cloudflare Pages includes unlimited bandwidth, free SSL, and a free custom domain on its free tier.
- It's reversible. Every deploy is a snapshot you can roll back to instantly.
The trade-off
There's no server-side logic out of the box — no live database queries or user logins baked in. When you need those, you add them with edge functions (small serverless code) or external APIs, only where required. For a blog, a journal, or an app showcase like this one, you rarely need much — so you get all the upside with very little downside.
Should you use it?
If you're hosting a content site, a portfolio, a docs site, or a product page — yes, seriously consider it. You trade a server you have to defend for a folder of files you just upload. As someone who breaks into systems for a living, I'll take "nothing to attack" every time.
Hope this gives you something to try on your next project. We'll be sharing more on how we build and ship — stay tuned!