Prepared by Markus Hegland — May 2026
Purpose of This Demo
This page you are viewing is a working first draft of a possible new Canberra Swiss Club website. It was built to give the committee a concrete sense of what a modernised site could look like, and to support a discussion about whether to proceed with replacing the current WordPress site.
The demo is not complete — it demonstrates structure, navigation, and some content pages. A final site would be refined with the committee’s input.
1. Discussion of the Current Situation
How the club communicates
The club’s primary information channel is the newsletter, published several times a year and available for download from the website. Members rely on the newsletter for event announcements, news, and club updates. The website itself plays a supporting role: it hosts the newsletter PDFs, provides a public face for new members to discover the club, lists contact information, and maintains a small number of standing pages (events, activities, membership).
This is worth noting because it shapes what the website actually needs to do. It does not need to be a complex, frequently-updated content platform. It needs to be:
- Reliable — always accessible when a member or prospective member visits
- Simple to update — newsletter PDFs added a few times a year; event dates updated occasionally
- Secure — not a liability or a source of embarrassment if hacked
- Cheap — the club’s funds are better spent on events and members
The current platform does not serve all of these goals well.
Issues with WordPress
The current site runs on WordPress — a content management system originally designed for blogs. WordPress powers a large share of the world’s websites, but for a club whose primary communication channel is a newsletter, it is significantly over-engineered:
- Security burden: WordPress is the most-targeted platform for hackers worldwide. It requires constant plugin updates, theme updates, and core updates. Even a well-maintained WordPress site carries an inherent attack surface — a login page, a database, and a PHP interpreter — that a static site eliminates entirely. In 2024, over 70% of hacked websites were running WordPress.
- Complexity out of proportion to need: WordPress has an admin panel, a MySQL database, PHP, and typically numerous plugins — all of which need to be kept running and in sync. For a site that mainly hosts newsletter PDFs and a handful of standing pages, this is far more infrastructure than is necessary.
- Volunteer dependency risk: Maintaining WordPress requires ongoing technical attention. This places a continuing obligation on whoever holds that knowledge, and creates institutional risk if that person is unavailable or moves on.
- Difficult to hand over: WordPress configuration — themes, plugins, settings, database — is not self-documenting. A new volunteer taking over the site faces a steep learning curve with no guarantee the setup is documented.
Issues with the current hosting arrangement
The club currently hosts with IONOS. The exact service level (shared hosting, managed WordPress, or VPS) and the monthly cost are to be confirmed by the Treasurer. However, regardless of the specific plan, several concerns apply:
- Unclear what is being paid for: The committee does not have a clear picture of what the current IONOS arrangement includes, what it costs, or whether it represents good value for the club’s actual needs.
- Shared hosting limitations: If the current arrangement is shared hosting (the most common for WordPress sites), the club shares server resources with many other websites, has limited control, and is dependent on the hosting provider’s security and update practices.
- VPS as an alternative: A VPS (Virtual Private Server) gives the club its own isolated server environment for a fraction of the cost of managed WordPress hosting. Because a static Hugo site requires no PHP or database, the cheapest available VPS is more than adequate — and the club retains full control.
- Australian hosting not yet used: The current IONOS arrangement uses European servers. For a Canberra-based club, hosting in Sydney would give meaningfully faster page loads for Australian visitors.
The self-hosting option: costs and risks
Some organisations run WordPress on a cheap VPS to reduce hosting costs — monthly server costs can be as low as A$3–9, comparable to what this demo costs. On the surface this appears to be the best of both worlds: full control at low cost.
In practice, the savings come with a significant and ongoing obligation. The person running the site becomes personally responsible for everything a managed host would otherwise handle:
- WordPress updates are constant and non-optional. WordPress core, themes, and plugins each release updates regularly — sometimes weekly. Each update needs to be applied promptly. Falling behind by even a few months creates meaningful security exposure.
- Unpatched installations are actively targeted. Bots continuously scan the internet for outdated WordPress versions and known vulnerable plugins. A site that has not been updated in six months is almost certain to have been probed — and may already be compromised without the site owner being aware.
- The consequences of a breach are serious. A compromised server can be used to send spam, host phishing pages, or attack other websites. Hosting providers typically suspend the account when this happens — taking the site offline — and significant time is needed to recover and clean up.
- Backups and monitoring fall to the volunteer. Without a managed host’s automated backups and security scanning, these tasks must be set up and maintained manually. They are often the first thing to slip when a volunteer is busy with other commitments.
- Volunteer time has real value. Even if the monthly cost is low, maintaining a self-hosted WordPress installation properly requires ongoing attention — estimated at one to three hours per month for updates, monitoring, and troubleshooting. For a small community club, that is a recurring obligation placed on one person, and it does not disappear when that person steps back from the committee.
The proposed Hugo approach eliminates this obligation entirely. There is no WordPress to update, no plugins to patch, and no database to secure. Once set up, a Hugo site requires attention only when content changes — not because the platform itself demands it.
The case for change
The proposed approach — Hugo static site on a VPS — addresses each of these issues directly:
| Issue | Current (WordPress) | Proposed (Hugo + VPS) |
|---|---|---|
| Attack surface | Large (login, database, PHP) | Minimal (static files only) |
| Update burden | Constant (plugins, themes, core) | Rare (OS updates only) |
| Hosting cost | Higher (needs PHP/MySQL) | Lower (any basic server) |
| Volunteer handover | Complex | Simple (plain text files) |
| Newsletter PDF hosting | Supported | Supported |
| Australian hosting | Not currently | Available (BinaryLane, Vultr Sydney) |
The newsletter-centred communication model means the website can be simple. Hugo delivers exactly that simplicity, at lower cost and with stronger security.
2. VPS Hosting Options
The proposed approach uses a Virtual Private Server (VPS) — a small virtual computer rented from a hosting provider, running 24 hours a day. The club’s web files sit on this server and are served directly to visitors. There is no WordPress, no database, and no PHP.
Options evaluated
| Provider | Location | Entry price (approx.) | Notes |
|---|---|---|---|
| IONOS (current demo) | Europe | ~€2/month (~A$3) | Very cheap; no Australian server |
| BinaryLane | Sydney, Perth | ~A$5–8/month | Australian company; local support; good for Australian visitors |
| Vultr | Sydney | ~US$6/month (~A$9) | Fast deployment; reliable; Sydney region |
| Linode (Akamai) | Sydney | ~US$5/month (~A$8) | Good documentation; beginner-friendly |
| DigitalOcean | Sydney | ~US$6/month (~A$9) | Excellent tutorials; Sydney region |
| Oracle Cloud | Sydney | Free tier available | Free for low-traffic sites; some complexity |
| Contabo | Sydney | Very competitive | High specs for low price; less polished interface |
Recommendation
For an Australian club whose visitors are primarily in Canberra, BinaryLane or Vultr Sydney are the strongest choices: Australian data centres mean faster page loads for local visitors, and BinaryLane offers local support. The IONOS server used for this demo is in Europe and is primarily for demonstration purposes.
A Sydney-based VPS at A$5–9/month would be appropriate for the final site.
3. Cost Comparison
What does website hosting cost?
Hosting a WordPress site requires a server capable of running PHP and a MySQL database. There are two common approaches:
Shared/managed WordPress hosting — the provider manages the WordPress environment for you. This is the most common option for small organisations. Costs in 2026:
- Budget providers (Hostinger, Bluehost): A$5–15/month, but with significant limitations on performance, support, and security oversight
- Mid-range managed WordPress (SiteGround, Kinsta): A$25–60/month
- Quality managed WordPress (WP Engine): A$45–100+/month
Industry guidance for a small organisation needing reliability is A$25–50/month for managed WordPress hosting.
Self-hosted WordPress on a VPS — running WordPress yourself on a cheap VPS. Monthly hosting cost is low (A$3–9), but the volunteer maintaining it takes on full responsibility for updates, security, backups, and recovery. The table below shows the true cost when volunteer time is included:
| Cost item | Self-hosted WordPress | Hugo on VPS |
|---|---|---|
| Monthly hosting | A$3–9 | A$3–9 |
| WordPress/plugin updates | 1–3 hrs/month | None |
| Security monitoring | Manual (or paid add-on) | Minimal |
| Recovery if hacked | Many hours | Restore from files |
| Estimated annual volunteer time | 15–36 hours | 1–2 hours |
A self-hosted WordPress site that is not actively maintained is not a cheaper option — it is a security liability in waiting.
Self-managed VPS (the proposed approach) — you rent a small virtual server and run only what you need. Because Hugo produces static files (no PHP, no database), the cheapest available VPS is more than sufficient:
| Provider | Location | Monthly cost |
|---|---|---|
| IONOS (this demo) | Europe | ~A$3 |
| BinaryLane | Sydney | ~A$6–8 |
| Vultr | Sydney | ~A$9 |
| Linode | Sydney | ~A$8 |
Direct comparison
| Item | Current (IONOS / WordPress) | Proposed (Hugo + VPS) |
|---|---|---|
| Hosting | A$___/month (to be confirmed) | A$6–9/month |
| SSL certificate | Included or paid add-on | Free (Let’s Encrypt) |
| WordPress plugins/themes | A$___/year (to be confirmed) | Not needed |
| Domain registration | ~A$20/year | ~A$20/year (unchanged) |
| Annual total | A$___/year (to be confirmed) | ~A$90–$130/year |
The committee is asked to fill in the current IONOS costs above. Once confirmed, the saving can be calculated precisely. Based on typical IONOS pricing for the service types they offer, the new approach is expected to be meaningfully cheaper — and the cost is fully predictable with no surprise renewals.
Domain name options
The club currently uses swissclubact.com. The options are:
Option A — Transfer the existing domain (preferred)
If the existing domain can be transferred to a club-controlled registrar account, there is no new cost. A .com domain renews at approximately A$15–25/year. This is almost certainly what is being paid already.
Option B — Register a new domain If a new domain is needed (for example, if the existing domain cannot be transferred), a fresh registration would cost:
| Domain type | Approx. annual cost | Notes |
|---|---|---|
.com |
A$15–25/year | Generic; widely recognised |
.com.au |
A$20–35/year | Australian; requires ABN or ACN |
.org.au |
A$20–35/year | Recommended for non-profits; signals legitimacy |
For an incorporated association like the Canberra Swiss Club, .org.au is the most appropriate — it is restricted to Australian organisations and signals that the club is established and accountable. A name such as canberraswissclub.org.au or swissclubact.org.au would be available to check.
In either case, the domain cost is modest and fully predictable — no hidden renewals or upsell pressure once registered with a reputable Australian registrar (e.g. VentraIP, NetRegistry).
4. Hugo Instead of WordPress
Hugo is a static site generator. A volunteer writes content in plain text files (similar to writing an email), and Hugo converts them into a complete website. The result is a set of simple HTML files — fast, secure, and easy to host.
| WordPress | Hugo | |
|---|---|---|
| Content editing | Web-based admin panel | Plain text files (simple markdown) |
| Database required | Yes (MySQL) | No |
| PHP required | Yes | No |
| Security patches needed | Constantly | Rarely — no software running on the server |
| Page load speed | Slower (generated on demand) | Very fast (pre-built files) |
| Hosting cost | Higher (needs PHP/MySQL support) | Lower (any basic server) |
| Skill needed to update content | WordPress admin familiarity | Basic text editing |
For a small club site with infrequent updates — events, newsletters, news posts — Hugo is a significantly better fit than WordPress.
5. Security Improvements
The proposed setup is meaningfully more secure than the current WordPress site in several ways:
No WordPress attack surface. The majority of website hacks target WordPress login pages, vulnerable plugins, or outdated PHP. A Hugo static site has none of these — there is no login page, no database, and no PHP interpreter. There is simply nothing for a WordPress-targeting attack to exploit.
Tailscale for server access. Rather than exposing the server’s SSH port to the entire internet (where bots probe it thousands of times per day), we use Tailscale — a private network that makes the server’s management port invisible to everyone except enrolled devices. Only authorised committee members with Tailscale installed can connect to manage the server.
SSH key authentication. Password-based logins are disabled. Access requires a cryptographic key file, which cannot be guessed.
Free SSL via Let’s Encrypt. The proposed site would use HTTPS with an automatically-renewed certificate — no manual certificate purchases or renewals.
Remaining security work (before go-live):
- Set up automatic OS security updates (
dnf-automatic) - Configure Nginx security headers (Content-Security-Policy, X-Frame-Options, etc.)
- Set up automated daily backups of the site files
- Document the recovery procedure if the server needs to be rebuilt
6. Transparency of Governance and Executive
One underutilised purpose of a club website is making governance information readily accessible to members. The current site has very little of this. A modernised site offers a natural opportunity to improve this, in line with the club’s obligations under the Associations Incorporation Act 1991 (ACT) and good practice for an incorporated association.
What should be publicly accessible to members
| Information | Current site | Proposed site |
|---|---|---|
| Current committee members and roles | Not listed | Dedicated page |
| Contact details for each role | Only general email | Role-specific emails (e.g. secretary@swissclubact.com) |
| Club Constitution | Not visible | Available for download |
| AGM dates and minutes | Not published | Published after each AGM |
| Annual financial summary | Not published | Summary published after each AGM |
| Membership fees and how to join | Partial | Clear, up-to-date page |
| Events calendar | Partial | Maintained events page |
Benefits for the committee
- Reduces queries to the Secretary and Treasurer — members can find answers themselves
- Demonstrates accountability — members and the ACT Registrar can see the club is well-run
- Supports handover — when committee members change, the website holds the institutional record
- Builds trust — transparency about who is on the committee and how the club is managed encourages member engagement and retention
Practical implementation
For the new website, this means adding two pages not yet in this demo:
- Committee page — names, roles, and contact email for each office-bearer (President, VP, Secretary, Treasurer, Property Officer, ordinary members)
- Resources page — downloadable Constitution, links to AGM minutes (hosted in Google Drive), and the annual financial summary
These pages require no ongoing maintenance beyond updating names after each AGM — a once-a-year task.
7. What This Demo Does Not Yet Include
This is a first draft. Before going live, the following would be needed:
- Final content review and sign-off by the committee
- Transfer of newsletter PDF files to the new site
- DNS cutover: point
swissclubact.comto the new server (one DNS record change) - Let’s Encrypt SSL certificate (requires DNS cutover first)
- Move server to a Sydney-based provider (BinaryLane or Vultr)
- Automated backups
- Training for the Secretary (or another volunteer) on updating content — estimated 30–60 minutes
- Decision on whether to keep the WordPress site running in parallel during transition
8. Recommended Next Steps
- Confirm current IONOS costs (hosting type and monthly fee) with the Treasurer — this determines the financial case
- Committee decision: proceed with the modernisation or not
- If proceeding: choose a Sydney-based VPS provider and migrate
- Nominate a content custodian (likely the Secretary) who will update the site going forward
- Arrange a 30-minute training session on Hugo content editing