Blocking foreign nations does nothing... it's literally a feel good measure only. Most attacks on US sites come from the US.
Well, that's not really true at all. Most "hacking" activity is performed via VPN (Or VPS - same idea) - of those VPN hackers, they tend to use exit nodes in countries that do not require the VPN to hold or keep logs - Russia, Koreas, Netherlands, Congo, Belize, Nigeria, etc.
Most attacks may come from the US (I would contend that is actually false, but anyways) but attackers would be stupid to use a US exit point - it's fully and wholly tracked by the US government. So, you block their shady exit points.. that's why blocking foreign nations is a worth-while thing to do. I have literal years of data between half a dozen websites that contradict your stance on geo-blocking.
As for the rest, you've missed the boat. Static sites are CDN friendly, and easiest to move into a pure cloud setting. All the server side stuff moved into micro services.
Right. I get it, I don't think it's a bad way to go, honestly. It's pretty interesting in fact. The problem is, you are attributing too much "ability" towards Hugo and Netlify - abilities which are "missing" and disbar it from CMS/Customer/account use.
Dynamic sites are "CDN Friendly", too.. kind of a non-point. CDN's were, after all, created in response to dynamic sites in the first place.
By the way point 2? COMPLETELY WRONG. Yes, you CAN use static sites for ecommerce pages. And doing so makes your PCI compliance scans MUCH easier because they aren't aimed at you, they're aimed at the payment provider. In many cases you don't even need to scan at all! (Google, Snipcart)
Funny, both Netlify and Hugo disagree with you both in their FAQs/About and their implementation and functions documentation. It can not be a CMS - per the horses mouth. That makes sense, to me.
The PCI compliance bit is exactly the same for Wordpress or any others that use an API - That same API that netlify uses for Square or Stripe is the exact same that is used by Woocommerce or virtually any other payment plugin.. so PCI compliance is still "pointed" at the payment provider. No loss nor gain either way you take it.
You can "sort of" use static pages as an eCommerce site, you're right! However, it still can't be used as a CMS - it still can't manage accounts or members/memberships.
So while you can sell an item from a static page - the completion of the sale happens on Square or Stripe, etc. The customer info is all gleaned from there, the order created, and you can check your payment gateway for a sale to fulfill.
Here's where that all falls apart:
1. No customer area or accounts - Recurring customers, offering discounts to "valued" customers, taking recurring payments, Offering subscription services. Follow up emails, forgot cart emails - all no good.
2. There is no customer area for customers to manage or track. They can't unsubscribe, they can't cancel orders, they can't pay bills, and they can't contact you in any other way than to have your "virtual host" send you a shitty POST email from a website form (That hopefully wont be blocked when Outlook picks it up lol - Domain issues reported here!).
3. There is no SEO feedback, there's no SEO dynamics.
4. There's no (seemingly) meaningful way of integrating Mailchimp, Constant Contact, et al.
5. No inventory management - once you sell something, you have to manually track it! You have to manually delete the static page/item when sold out.
All those things might be fine for a small boutique place that doesn't sell too much - but take a real-world example of a Winery I manage a website for... They sell hundreds of Wines and products everyday. Stock management has been critical as there are 9 people working, often at different venues at the same time and we need to know what "the business" has globally as to not cause anger, confusion and bad reviews from people that were falling through the cracks before we were tracking inventory (and stop refunding people! What a PITA!). They offer a Wine Club membership, "Cancel anytime!", on a recurring quarterly basis where not only is the payment automated, the order creation for each quarter is made, sent to the employee dashboards for fulfillment tracking - all while the customer is charged dynamically - tax, Fed Ex
shipping price based on their location and an NCA(Non Cash Adjustment) fee where allowed.
The Winery also offers a percent discount on items in the store - but you MUST be logged in - there must be a way for the site to know whom to present the discounts!
None of this can be accomplished with a static site. SO, unless that changes, huge swaths of "businesses" are not going anywhere.
P.S. They make CMS systems that build the HUGO for you. I don't use one, but netlify exists for a reason.
No, they make CIS - Continuous Integration System - they specifically leave out anything regarding CMS - as per both their About pages.
P.P.S. Did I mention I'm paying $0 for my sites now... no hosting costs... anywhere... ever.
OK, that's great! Did I mention that each of my businesses that has a website (and I) basically gets to write-off the entirety of the Website as "Advertising"? So in reality, it's all basically free.
IRS.