Hello! I’m working on a microsite for a client who is very concerned about security. Their standard procedure is to run a copy of their CMS on a local server for editing, and then have a copy of the site on the production server with the admin area disabled in some way, depending on the CMS (for example, for Drupal and WordPress, they strip the users table on the prod db).
My idea for Grav is for the prod server to NOT have the admin plugin installed at all; If my understanding is correct, that will prevent anyone from editing the site (other than meddling with the files directly).
Is my understanding correct? Also, how would I (or they) set up a pipeline? Could we only maybe only push the pages folder from dev to prod when changes happen?
I feel like there’s not a lot of info about this topic out there, so any help would be greatly appreciated!