Fast and Secure Marketing Website Tech Stack Options

Before I list some common options for marketing website options, it’s worth going over a few topics first.

Speed

No matter what type of website you are building, you want it to be a fast as possible. Speed is critically important for SEO and a good UX. To achieve the fastest speed, you need the following:

  • a static website (dynamic sites like WordPress that render PHP files with each request are slower)
  • hosting the website files on a content delivery network (CDN)
  • optimized and compressed images, preferably using a dedicated CDN like ImageKit or Cloudinary)
  • optimized and minified CSS, e.g. using Tailwind CSS to build only the CSS that is needed)
  • optimized and minified JavaScript
  • other techniques such as lazy-loading of images and infinite caching with unique (e.g. with a timestamp) asset filenames whenever a file changes

Security

Having a secure website is critical, especially for businesses. Some best practices for website security are

  • delivering a static website since dynamic ones, e.g. WordPress powered by PHP and numerous plugins by different authors are much easier to hack
  • multi-factor Authentication (MFA) (If you are using a CMS like WordPress, you can add 2FA to each user’s login. You can also restrict access to the admin panel to just a block of IP addresses for your company and requiring VPN access)
  • implementing a Zero Trust policy, where you assume everyone who has access is a potential threat and proceeding accordingly
  • applying a principle of least privilege (POLP) by limited user access to the minimum needed
  • requiring complex passwords
  • rotating passwords by forcing users to change their password regularly
  • keeping all dependencies up to date, including WordPress plugins
  • deleting using WordPress plugins rather than just deactivating them (yes, it’s possible to hack a WordPress site even via a deactivated plugin)
  • having regular backups
  • implement a Content Security Policy (CSP), which limits which resources can be loaded and from what domain
  • add SSL/TLS to transfer data encrypted (check SSL Labs and Hardenize for configuration recommendations)
  • use a code-scanning service to regularly check version control for sensitive data
  • rename default file / folder names, e.g. wp-admin for WordPress
  • disable unused features, e.g. WordPress’ REST API URLs

Content Management System

WordPress with or without a builder

WordPress is the #1 most popular CMS. If you use the default WYSIWYG editor (Gutenberg), you can create simple web pages, but if you want to more design and layout customization options without coding, you’ll need to use a website builder plugin like Elementor, Oxygen Builder, and WPBakery. With so many plugins, you can easily add website features like a hero carousel without coding by just installing a plugin and using it. However, it’s important to know WordPress’ limitations:

  • slower than a static site because the live site has to be dynamically rendered from PHP files first
  • less secure than a static site
  • development and customizations are somewhat limited or come with a learning curve as you have to work within the WordPress’ ecosystem
  • content is stored in a database, which is less user-friendly to work with for developers
  • version control uses WordPress’ custom versioning system rather than industry-standard git

Webflow

Webflow is a popular website builder that provides a WYSIWYG interface for creating very custom-looking websites. Its UI is powerful, but the many options may make it overwhelming for non-technical users. Websites are either hosting on Webflow’s servers or you can manually export a static version of the site each time you want it.

Headless CMS like Contentful

Contentful is a headless CMS. It allows you to create custom content models. Content is stored in Contentful and then fetched using the Contentful API. Note that you can also use WordPress in a headless manner via the REST API and WPGraphQL.

Content Contributors

Some marketing leaders will insist that many or all members of marketing, most of whom are non-technical, should be able to update the website. From my experience, most marketers don’t want to update the website themselves, even if they knew how to. They prefer to just open a ticket, like in Asana, or worse yet, send an email or a chat message asking for an update to be made. If non-technical

Having said that, from my experience, the one section of a website that is updated very frequently is the blog by many different authors. Unlike product pages, which are created once in a while, and tend to have fancy designs with animation, blog posts are very simple and they follow the same simple template. As such, it would make sense for non-technical people to be able to stage blog posts using a CMS.

Development Time

React

Even though React is the most popular JavaScript library for building user interfaces (UIs) with reusable components, that doesn’t mean it’s the best (I prefer Svelte) nor is it needed for all types of websites. I think most developers would agree with me that React is better suited for interactive web applications rather than primarily static marketing websites. Though you can create a static marketing website with React and a framework like Next.js, it makes no sense to because there will be a lot of unnecessary overhead that will slow down development and updates.

Dynamic functionality

You might argue that you need React for some dynamic functionality in your marketing website, like a page to filter resources. First of all, unlike SaaS web apps, where each company’s app have different requirements, most marketing websites have more or less the same functionality. For example, if you need a page to filter resources, you can use the Hushly Content Hub. Not only does it provide fully customizable filtering functionality and design, it allows non–technical marketers to log in and upload resources themselves, so web developers don’t have to waste time doing non-development work. Another common type of dynamic functionality is an ROI calculator. There are many services that provide this and which are easily customizable, e.g. grid.is.

Of course, there may be a time when you need a custom solution, but it doesn’t make sense to have your entire website depend on React or Svelte or some other JavaScript library just for a few edge cases. In this case, developers can use React and Svelte to create a frontend-only app.

Image Optimization

You really don’t need to waste time manually optimizing images anymore. Not only is that time-consuming, you can mostly get better results by using a dedicated image optimizer and CDN like ImageKit and Cloudinary.

Now that that’s out of the way, here are some options I’d recommend for a marketing website.

Marketing Website Tech Stack Options

Option 1

If non-technical people will only update certain parts of the website, e.g. press releases and blog posts, and if there are sufficient and skilled developer resources, then I recommend the following stack:

  • Eleventy or similar (for static site generation)
  • GitHub or similar (for version control – text files only)
  • Netlify or similar (for CI/CD and hosting)
  • Contentful or similar (a headless CMS for custom content models)
  • WordPress (used in a headless manner via the REST API or GraphQL for blog posts)
  • WPengine or similar (for WordPress hosting)
  • Tailwind CSS (for optimized CSS)

Option 2

If non-technical people will update most of the site and the site and/or there are limited developer resources, then I recommend the following stack:

  • WordPress (used in a headless manner)
  • WPengine or similar (for WordPress hosting)
  • Simply Static (a WordPress static site generator plugin)
  • Github or similar (for storing static files and for version control)
  • Netlify or similar (for CI/CD and hosting)
  • Advanced Custom Fields / ACF (for if you need custom fields)

In both cases, I recommend the following as well.

  • AWS S3 or similar (for hosting binaries – images, PDFs, etc)
  • AWS Cloudfront or similar (for delivering non-image binaries, e.g. PDFs)
  • ImageKit or similar (for automatic image optimization)