Question posted in 
I’ve created a couple of little few page long websites for one time projects or conferences in mostly WordPress, and I’m thinking about what will happen to those websites in the future. And I think I’m not alone, as there are a big number of sites out there, which is now only kept as an archive, but unlike in the 90s where everything was static HTML, these websites are now using some software to provide CMS functionality, even if its only for a few pages + search.
My problem is that with all these modular software (WordPress, Joomla, etc.) you need to use various plugins and themes to make them usable and nice, but all these functionality brakes sooner or later. Which means that if you want to keep the website as is, you need to leave the old versions of the software. I mean forever.
On the other hand they are so popular (WordPress has more than 100 million downloads now), that I would be surprised if they would not became a target for the most popular exploits in the near future. I don’t know how safe these software are, but I have experienced what it means to continuously keep cleaning/fixing an osCommerce website with about 7 successful hacker attacks every month, till the sites owner agreed that its better close the site entirely and start building a new one.
As an alternative solution (but I really don’t know if its possible), is there any way to make a whole site into a read-only mode? I mean something like making the database read-only, the file system read-only, disabling the admin interface and all the comment fields and just leaving the site as an archive, the only dynamic part being the search function.
Is it possible on file-system/database level? Will it help at all to keep hackers out? Is there any other solution? Please understand that my point is that it is not possible to keep CMS sites always updated forever, and even if some of as are fanatic enough to spend a night looking for fixing a broken theme/plugin which just broke after a core upgrade, 99% of the sites will end up in a “fixed” state; using a working but old CMS/plugins/theme combination forever.
3
Answers
Yes, you can take a snapshot of a website using
wgetor similar, basically replacing the CMS driven site with static HTML pages.That way you wouldn’t need to update it forever.
I think 99% is a very generous estimate, but that’s beside the point. The majority of the sites that end up in the state you are referring to only last as long as their domain registrations (especially since most WordPress or OSCommerce deployments are usually set up as the root domain and service the entirety of the web presence.) So generally speaking, if the domain itself is in a state of neglect and abandonment, the natural expiration process will decommission it and it will no longer be accessible in general.
As for locking down an entire, sitewide state on one of these CMS systems, it could in theory be possible if one removed all write privileges for all the server files and revoked every database user privilege except SELECT. In most cases this would defeat the purpose of leaving the software for CMS there at all, since none of the records would updatable any longer (items in the case of OSCommerce, posts in the case of WordPress.) But this would be highly dependent on the environment required by the particular CMS, and WordPress for one is pretty particular about read/write permissions to work at all. It would make for an interesting experiment, but probably isn’t a practical solution for what you’re describing.
Taking the rendered content and building a static mirror is another option, and can be pretty easily automated by writing a script that could get the HTML content of the rendered pages and building static, linked alternatives. But this too is a bit impractical, especially in the case of a search (since this by its very definition requires database access.)
In short, it’s an interesting idea, but ultimately sites that are neglected and whose owners are not committed to sustaining proper updates are doomed to expiration, and the natural course of Internet business and domain registration pretty often Darwinizes them.
WP Super Cache has a “Lockdown” function — serving static HTML files for almost every visitor.
It’s not exactly what you’re looking for, but a simple workaround, as I dont know a of a “read only” function for WordPress.
http://wordpress.org/extend/plugins/wp-super-cache/