One-Click Install candidate: Grav


I’ve been spooling through CMSs like crazy, trying out each one and seeing what’s to be done. I’ve been especially interested in “flat-file” CMSes because – being on a shared server – the spin-up of the SQL db is the thing that almost always kicks my hiney in memory and page-load.

So I found this neat flat-file CMS: Grav

It requires no database at all – it’s just a series of flat files. I’ve been running my own blog from it for a year or more now at and I am pretty happy about it.

Anyway, in case any of what I’ve learned can be helpful to anyone else, I wanted to suggest that as a possible candidate. I am kinda lovin’ it, and from a security standpoint, the fact that there’s no db makes it a lot less susceptible to hacking and other risks.

Thank you kindly in advance for considering!



I dunno about being less susceptible to hacking. To get to your database someone would need to know the ID and password, which they get from a config file. If someone has access to your config file, by definition they have access to your files, and with local files that implies your data as well. So there’s no need to reach from there into a database. I’m not shooting down the idea, just commenting on the specific justification.

“spin-up of the SQL db”? Sure, there is a bit of latency between the web server and the db server, but this is all in the same data center, the databases are always “spun up”, and we’re talking about just a couple ms overhead on those queries. If you want faster access you could run a DB plus your web server in the same DreamCompute server, but then you’re pushing the software overhead onto your web server and could possibly be consuming more resources or taking more hits than with a distributed topology.

After going through a lot of CMS’s like you’re doing now (Concrete5, Drupal, ModX, etc), I firmly established WordPress as my platform of choice. I know you’ve used it as well. It’s quite deep, and yes, there’s a lot of overhead. But given the obscurity of all of the others, and/or various release-specific issues, industry issues, etc, I think WordPress is the best long-term solution for a lot of applications, whether blog, forum, SPA, eCommerce, gallery, LMS, etc.


1 Like

If my use of “spin up” is causing a problem, then feel free to replace it with “wibba wabba zaboomba.” :slight_smile: The point with that is that even on the slimmest installs of DB-based CMSs, my time-to-first-byte is way longer than the time to first byte of a flat-file website or flat-file CMS. As an example, I was at one point seeing page load times under C5 or Wordpress on the order of 20-40 seconds. And under Grav, less than a second. Maybe for some folks, it doesn’t matter. Maybe for some folks, it does.

As far as security, maybe I’m not hip on the lingo of the wabamble-zamble, but from an attack-surface perspective, a DB adds surface. Maybe SQL-related hacks and SQL injections are a thing no one has to worry about any more (hooray), in which case there’s no difference in the attack surface of a SQL-based site versus a flat file site. But to be fair, I don’t have a CISSP.

As far as WordPress, sure, I use it on a couple of sites, though on one site I eventually switched to just flat files because in all honesty dealing with the security issues and constant hack issues on WordPress drove me nuts. (But the FBI enjoyed learning about that hack, as apparently it was of a type they hadn’t encountered before. Long story.) As far as CMSs, it is certainly ubiquitous. And I am not here to bash on it, or try to undermine it.

My purpose is to make suggestions for things to add to the One-Click install stuff, for those who are or might be interested in more things added to the One-Click install stuff. Considering it’s a thing that Dreamhost brags on, then why not consider adding things that might be more modern or more relevant or more useful to some folks? It’s not as if we’re only allowed to have one CMS. :smiley:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.