02 // What runs in the background

A site with a running server has to be maintained forever

Server, database, plugins, admin login: all of it wants to be maintained and defended against attacks. Static at the edge runs nothing in the background.

Comparison of five risks (outdated plugin, admin login, updates, database, overload): with WordPress on a running server all open, static at the edge all neutralised.

Why it never stops

For a long time, a running system was the only way to make a site comfortably editable: a database, a server, an admin login, plus a plugin for every feature. That was not a mistake, it was the normal path.

The price runs along to this day. Every component wants to be kept up to date, every outdated plugin is an entry point, every admin login gets brute-forced eventually. As soon as a site handles customer data, that is a responsibility that never ends. WordPress runs on more than 40 percent of all websites and is attacked systematically for exactly that reason.

How we solve it

Static HTML at the edge turns it around: nothing runs in the background. No server to patch, no database to leak, no admin login to brute-force, no plugin to go stale. The site is built once and delivered as finished files worldwide.

In front of it sits CloudFront, answering every request at the edge of the network and protected against overload and DDoS by default. Your site stays online without you or me deploying an update at night.

Safe because nothing runs

  • Static means nothing in the background that has to be maintained or defended against attacks. Half the attack surface simply disappears.
  • CloudFront in front, protected against overload and DDoS by default. No plugin and no WAF subscription for you to maintain.
  • FADP- and GDPR-compliant data storage in AWS Zurich, implemented exactly this way for SCMC, a Swiss cybersecurity platform.
  • AI components, when needed, run via Bedrock in your own AWS environment. Your data never leaves the AWS network and is not used for training.

Why me

  • You work directly with me, not an account manager who hands the work to a junior.
  • 30 years of software engineering and SCMC.ch as proof: in production since November 2025, zero auth session bugs in over five months.
  • In the first call I’ll tell you honestly whether the rebuild is worth it for you. If it isn’t, I’ll say so.
  • I’m based in Bern, your data sits in AWS Zurich. Fluent German and English, with an understanding of the Swiss business context.

What it costs

A static visibility website starts from CHF 2’500 setup, and operation stays lean because almost nothing runs in the background. We pin down the exact scope once it’s clear what your site runs in the background today.

Tired of maintenance and security updates?

In a 30-minute call I'll show you what runs in the background of your site, and how a static architecture at the edge makes the maintenance and half the attack surface disappear.

Book a 30-min call → Email me Save contact

Go deeper: What the Swiss authorities warn about WordPress →