Well, something like using a Wordpress template makes sense in this situation. It's pretty easy to customize it the way you want it and you can probably find one already designed exactly for your purposes in mind. It'll be easy for your client to figure out how to post, edit, emphasize and label.

When done right (a network of static HTML and blog pages originating from the same domain), this can make for a very powerful, SERP shaking, rock and rolling machine.

You said no coding or databases (which is the really cool, expandable as needed part . . . )

I want to develop a site with all HTML pages (no databases, PHP, ASP), but have at least one or two pages with text that the client can modify?

Server side includes.

.....
<body>
<pre>
<!--#include virtual="/path-to/text-file.txt" -->
</pre>
</body>

Save as .shtml, run on 'Nix. Doesn't get much more simple.

I'd have someone script it, a simple one-page CMS can be handled by a single script less than 500-1000 lines. IMO O.S. CMS systems are just too huge and bloated for most small client needs, which is probably one of the reasons they are so often hacked.

Sounds like a day, maybe two day, project. :-)

Well, something like using a Wordpress template makes sense in this situation. It's pretty easy to customize it the way you want it and you can probably find one already designed exactly for your purposes in mind. It'll be easy for your client to figure out how to post, edit, emphasize and label.

This might be the direction I take, then.

Server side includes.

I use includes for submenus areas or wherever ads are placed, I might it try it for this one.

CMS systems are just too huge and bloated for most small client needs, which is probably one of the reasons they are so often hacked.

How often are content management systems hacked? That's one of the reasons why I'm funny about doing anything for clients that involve a database.

Enter into Google: hacked wordpress site:webmasterworld.com

I get 489, today.

Temper the above info with the information on this site about securing a WordPress installation, most of the hacked installations are due to not keeping the installation updated and following best security practices . . .

I'd played a little with WP for the very reason you mention - customers who only want to keep two or three pages updated - the overhead is just too much for this. In the time it took me to upload, install, and configure a test installation, I could have coded up a mini CMS involving two or three files . . . which is what I wound up doing. Ten pages or less, I code it, larger sites, I might consider "calling in the big boys . . . "

It's not databases that are insecure, really. It's how they are accessed. One could just as easily hack a flat file DB or a set of text files if the programming is loose enough.

I completely understand your post, but I would recommend that you start looking at CMS platforms. I would say that right now my business is delivering CMS websites 90% of the time. Up from 40% a year ago.

CMS has become too well known by clients and they recognize that it will lower their total cost of ownership if they have some type of ability to make edits themselves.