Under the hood

How it works

If you are the kind of person who wants to know what you are actually paying for before writing a check, this page is for you. No jargon. Just a plain explanation of how we build things and why we made those choices.

The short version

We build websites out of plain HTML, CSS, and JavaScript — the same formats the web has used since the beginning. No proprietary software, no platform you can get locked into, no monthly fee owed to a website builder just to keep your site alive. Your files are yours. If you ever leave, you take everything with you.

What your site is actually made of

A website is, at its core, a collection of text files. HTML describes the content and structure. CSS controls how it looks. JavaScript handles anything interactive, like a contact form or a mobile menu. That is all a basic business website needs to be.

We do not use page builders, drag-and-drop editors, or proprietary CMS platforms. Those tools trade simplicity for lock-in: they are easy to start on but hard to leave, and they add cost and complexity that most small business sites do not need. A plain HTML site loads faster, costs less to host, and has no moving parts to break or expire.

Where it lives

Your site is hosted on Cloudflare Pages, which serves files from data centers around the world so your site loads quickly regardless of where your visitor is coming from. Cloudflare is one of the largest internet infrastructure companies in the world. Your site is not sitting on a shared server in someone's basement.

The code itself lives in a GitHub repository. GitHub is where developers store and track code — it is owned by Microsoft and is the industry standard. When we push an update to GitHub, Cloudflare automatically picks it up and deploys it within minutes. No FTP, no manual uploads, no login to a hosting control panel.

The deployment pipeline

Here is how a change goes from a text editor to a visitor's browser:

Me local files git push GitHub PlainWebWorks/site auto-deploy ~2 min Cloudflare Pages + Edge 200+ locations HTML/CSS/JS on request You plainwebworks.co

Your domain

Your domain name — the address people type to find you — is registered through Cloudflare Registrar, which charges exactly what the domain costs with no markup and no upsells.

In most cases we set the domain up directly in your name so you have full access from day one. In some cases we purchase the domain on your behalf and bill you for it — for example, if you are not comfortable navigating the registration process yourself. Either way, the domain is yours. If you are current on your account and want it transferred to your own registrar account, we will do that. The one caveat: Cloudflare requires a 60-day waiting period before a newly registered domain can be transferred out. That is their policy, not ours, and it applies to all registrars. After those 60 days, the transfer is yours to request at any time.

Email

Business email (you@yourbusiness.com) is set up through Google Workspace the same tool your personal email may already be using, just with your domain on it instead of @gmail.com. We also set up the security records (SPF, DKIM, DMARC) that tell other mail servers your email is legitimate, which reduces the chance your messages end up in spam.

Everything is open

This website — the one you are reading right now — is built the same way we build client sites. The source code is publicly available on GitHub. Our business card is an HTML file. Our client flyer is an HTML file. We eat our own cooking.

You can view the source code for this site on GitHub. Nothing is hidden. If you want to hand it to another developer someday, they will have no trouble reading it.

The Python script we use to run daily health checks on client sites — checking DNS, SSL certificates, page content, contact information, and broken links — is also publicly available on GitHub. Here is an example of what the report looks like. That is the code that justifies the maintenance retainer.

What we do not use

We do not use WordPress (common target for hacks, requires constant updates and plugin management). We do not use Wix, Squarespace, or Webflow (monthly fees to keep your site alive, hard to export). We do not use heavy JavaScript frameworks (unnecessary for a business site, slower to load, harder to maintain). We do not use tools that require us to be involved just to keep the lights on.

The security picture

Because the site is plain files served from Cloudflare's edge, there is no server to break into. No database means there is nothing to dump — no customer records, no stored passwords, no form submissions sitting somewhere waiting to be found. No CMS means no admin login page, no plugin with a known vulnerability, no outdated software quietly accruing exploits in the background.

Contact form submissions go through Formspree — they land in email and are not stored anywhere on our end. The realistic attack surface for this entire setup is two things: a compromised GitHub account or a compromised Cloudflare account. Strong passwords and two-factor authentication on both is essentially the full security story. There is no third thing.

The bottom line

We use boring, proven, open tools that have been around for decades and will be around for decades more. The goal is a site that works, loads fast, costs what it should, and belongs to you. Not a platform. Not a subscription. Not a hostage situation.