I have little by little built a website over the course of the past year and am now at a stage where the whole thing can go commercial, which means that I will face some tough questions regarding security, privacy, etc.
Since this is a situation where a hobby turned into a possible professional product, I am now rethinking how far I have to take this in order to really provide a product that is considered "safe" and stable.
The website was put together based on a Bootstrap 3 theme design, runs mostly on HTML, JavaScript, jQuery, PHP with Mysqli interactions and naturally has a SSL certificate. About a dozen plugins from various websites such as datatables, PHPmailer, jQuery-bootstrap-upload, blueimp gallery, etc. do the things I need them to do and I have always paid attention to properly mysqli_real_escape input values and write error handlers for all interactions. In short, there is no real framework here, things are more thrown together.
I am now being challenged that this is not considered a safe/stable solution and instead should recreate the whole website based on the CakePHP framework, which is something I am not familiar with and will take a fair amount of time to get used to and will definitely screw up my timeline.
So in short what I am asking is this: How important is it for a small and relatively simple website (i really dont do any complex code here...) to be built on a framework such as CakePHP in order to be perceived as safe and secure?
I understand there is no real answer to this, but I was just wondering whether building on an established framework like CakePHP is considered the only way to go or if a custom made framework is acceptable.
Thanks for the advice.
I was in your situation a couple years ago. I had started a site that, in the first year had about ~50 unique visitors. The second year I had about ~1500 unique visitors. What does this mean to a developer.
Optimize the response time - caching. You need to optimize how you fetch data. Can you cache some queries? - CakePHP comes with caching Redis, Memcached etc.
Multiple Datasources - ElasticSearch, Mysql, Redis Now that my website is huge, visitors might start to demand more functionality from the website. How do i deal with multiple datasources? CakePHP offers ways to interact with multiple datasources like ElasticSearch, Mysql, Redis
Code maintenance - Raw code vs a Framework Do I need to google, and stackoverflow to reinvent the wheel? CakePHP comes with the best templating system and helpers.
Cutting down on development time. If I am coding everything myself - I will spend more time developing. Using CakePHP I spend more time improving my website's data.
Decoupling Does my data need to be managed by Cakephp, can I use Django, REST APIs etc. In the end I decoupled my website. I use Django to manage data entry, and CakePHP to present the data to visitors using Django REST framework.
No one can tell you definitely use CakePHP. However CakePHP3 , in my professional opinion, has a short learning curve. Using namespaces you can still use your current code in CakePHP and transition slowly into using CakePHP fully. CakePHP documentation is very good. You should be able to get a basic site wrkoing within an hour.