Doing something by design means that it’s taken into consideration from the very beginning of the project and informs every decision that’s made along the way.
So for example, it would automatically be assumed that any form of user editable input would be prone to malicious attack. So all code that handles user input would first make sure to sanitize it and strip out anything but the data that it was expecting. Likewise, in the case of performance by design, all non-dynamic images would be identified in the design phase, they’d be stored on a dedicated image server, given a far future
Expires header, and pushed out to a CDN for improved performance.
Of course these sorts of things could be done to an existing site, but they normally imply major changes in architecture which can be very expensive. Messing with a site’s architecture isn’t something that can be done haphazardly. If it isn’t done right, it could cause more problems than the ones that are being addressed. This is why I contend that experienced web developers “do it by design.” Their experience allows them to anticipate a site’s needs, and informs their decisions right from the start.
Read more from the archive.