What are the dos and don'ts when it comes to creating a public-facing personal website in terms of privacy, bandwidth and security (and what else there may be)? How do I make sure I won't get pwned? Can a static personal website get fucked over badly?
To be more specific: I've got a cheap droplet and $1 domain-name from Google and would like to put a personal blog on there. I am worried that by doing so I'm making myself a target in ways I would never expect.
There's unfortunately no proper landing ground on this topic from what I've seen (which doesn't try to convince me to buy into a hosting plan or using a specific static site generator).
Thank you.
A pure static website (i.e., only a webserver and files on a filesystem) avoids all exploits that involve "hack into the CMS".
It is vulnerable to "hack into the server itself" -- but you must secure the sever no matter whether you host static files or install something like wordpress.
Re. bandwidth -- unless you become popular you will not need to worry about bandwidth. And even if you do, a webserver and static files can withstand a rather significant size traffic burst without breaking a sweat at all. So you can put off worrying about traffic until after you may have become popular enough to justify worrying about bandwidth.
> To be more specific: I've got a cheap droplet and $1 domain-name from Google and would like to put a personal blog on there.
Can it run a webserver? If yes, then it is very likely more than capable of handling a static website for a surprising amount of traffic.
> I am worried that by doing so I'm making myself a target in ways I would never expect.
Part of that depends upon what you reveal. If you give all your personal info out on the site, you are making yourself a bigger target than if no one knows your name (or any of your other details).
> or using a specific static site generator
A static website needs nothing more than a working webserver and a text editor (vi/emacs/etc.). The value add for "static site generators" is they remove a lot of the manual work involved in using a text editor to write html.
- a name, address, and email address have to be registered to the domain name. Just like in porn, there are cheap services which will act as an intermediary and hide these things from the general public while ensuring that the authorities can find that name, address, and email if need be.
- any way of logging in to the web host needs to be protected like any other service accessible from the Internet (so use secret usernames and long passwords with high entropy) NB. a static website (where pages are generated once and served many times) has far fewer points of attack than one powered by a content management system with all kinds of ways for people to post to it.
- if you sign up to pay a flat rate for bandwidth to your site, its theoretically possible that you have to pay more if someone directs a lot of traffic there. AWS currently offers 1 TB / month of bandwidth and storage for USD 0.01 (1 cent!) and I know of small hosts which charge about 10 dollars for the same service. So bandwidth and web storage are cheap if you shop around.
- anything you post to a URL may be read by anyone with a browser who knows the URL (and anything you store on a computer is accessible to whoever controls the computer). This applies to social media, content management systems, and a hand-coded myBookmarks.html
I have no experience with Digital Ocean Droplets.
Websites on hosting static sites include https://thoughts.melonking.net/guides/introduction-to-the-we... and https://blog.itsnero.com/webguide
Just get a blog on Ghost[0] or Posthaven[1] and all the worry of getting hacked / traffic issues goes away.