WordPress is one of the most widely-used website platforms. ("Platform" in this context simply means the technical environment in which your website exists.) If you have a WordPress website, you're in this situation:
Your audience interacts with your website. Hidden from view, your website is managed by WordPress, which, on one hand, generates the content and output which gets shown to your visitors while also providing you (or whoever's looking after your website) the means to add to and update that content. In this sense, WordPress is your website's Content Management System or "CMS". It's the system you access when you want to update your website.
Let's establish a few key facts about WordPress before we consider whether it makes a good choice for your website's CMS.
WordPress is actually a blogging tool. It was originally developed specifically for people to create an online blog, not a full website. And although its capabilities have been stretched well beyond that original scope, at its heart it is a tool for running an online blog.
WordPress is also what's called "open source" software. You may have heard the term "open source" and a lot of people misconstrue that to mean "free". Open source software is often made available freely but it doesn't have to be that way. Open source literally means that the source code - the actual computer program that makes up the system - is available to everyone.
Traditionally, computer programs are more of a "black box” affair: you can buy Microsoft Word but Microsoft won't give you access to its inner workings; you can buy Photoshop but Adobe won't let you see or change its underlying code. Open source software is the opposite: the person or organisation that creates the program makes that code available publicly.
As it happens, WordPress is also free. You can go to the WordPress website today, download a copy of WordPress, install it on your server… and away you go.
Given that it's so widely used, has been around for a good amount of time and it's free... why do some web development agencies choose not to use it?
At Rubiqa, we're reluctant to go anywhere near WordPress! And there are other web developers who see things the same way… but there are plenty that don't.
Let's investigate that a bit further because it has implications for you, the website owner.
Firstly, because WordPress is open source and the code is available to anyone, what happens over time is that new parts of the system get developed by different, unrelated people, each of whom contributes a specific feature or enhancement. Contributors do not always work together - or even know of each other's existence - and as a result you can find examples of where different WordPress contributions either clash with each other or depend on each other. These contributions are often called "plug-ins" - they provide specific functionality that is not part of the core system but is available to users who want to bolt on the extra features that plug-in provides. But think about what that means for your organisation strategically: if your corporate site runs on WordPress and uses certain plug-ins, your business website relies on ad hoc contributions from people you've never met, who have no accountability. If someone creates a WordPress plugin that you use on your site, there's no contract between you that requires them to provide support, fix issues or keep that plug-in up-to-date. You may assume that your web developer has a duty of care here, but he or she didn't create that plug-in either and so they're unlikely to know how to fix any issues.
With open source software, there's often no clear notion of ownership and, therefore, no support. If something goes wrong, there is no supplier that you or your web developer can turn to for help. And this is a commercial risk for you. Often, some form of support is available from a community of willing volunteers, many of whom will be fellow users of that software. But, understandably, they exist without any accountability and they have no commercial imperative to help you.
When you think about the practical implications of "open source" systems like WordPress, you'll realise that security is an issue. If someone makes available every line of their system's code, they do two things:
- They give well-meaning people - other developers - the chance to improve it, and this is a good thing
- But they also give hackers the chance to work out how to ruin it, and this isn't!
It's not uncommon to hear about a WordPress website that's been hacked and this happens for a few different reasons. Firstly, the "open source" nature of the system means that you give hackers a head start. If you were a hacker and you wanted to hack a WordPress site, you'd start by downloading a copy of WordPress so that you can learn in detail how it's built and where vulnerabilities may exist. When a hacker discovers a WordPress security problem, all websites using WordPress are at risk. There have been many instances where businesses with WordPress sites are put at risk when a security exploit becomes public knowledge.
Better still, if you know that WordPress sites use certain plug-ins, why don't you just focus on how to hack that plug-in? Because once you can do that, you can hack every WordPress site where that plug-in is in use. And, given the popularity of WordPress, the rewards for you - if you were a hacker - are potentially high: work out how to hack WordPress and there are a lot of potential victims available to you. The popularity of WordPress makes it worthwhile.
Security is a concern with WordPress websites. But there are common sense measures you can follow to help mitigate this risk. You should make sure that your admin user doesn't have a username of "admin" (it happens!); make sure any admin user has a very strong password; lock down access to the WordPress admin system so that you can only login from known locations such as your office. And keep the WordPress system itself up-to-date, as well as any plugins that you use.
Horses for courses
WordPress is a blogging tool. When you login to its admin system, you'll see straight away that the whole thing is built specifically around concepts like "posts", "tags" and "categories". These are all blogging terms. So, strictly speaking, WordPress is not a true Content Management System, even though it often gets used for that purpose. Why is this important? Well, there are times as a website administrator that you may feel that you're fighting against WordPress rather than working with it, because you're using it in a situation that it was never designed for.
Because it's available for free, WordPress appeals to website developers. They can charge clients for a solution that uses software they sourced at zero cost and the profit margin for the developer is high. This is the easy option for a developer but it is not necessarily the best outcome for the client.
It's also possible to buy WordPress "themes". Think of a theme as a pre-built website, empty of content. This potentially makes the developer's job even easier: download WordPress for free, buy a theme for a hundred dollars or so and sell that on to a client at a high margin. This is not the approach taken by all WordPress developers so don't assume that just by mentioning "WordPress", your developer is up to no good and taking you for a ride - not at all. But this does happen and we have taken on clients at Rubiqa who have been affected by this directly.
Even if a developer is charging an acceptable amount for building your WordPress site, by using a generic theme, it's likely that your website will look like others… as they've all been put together in exactly the same way. WordPress websites are often very obviously WordPress sites: they have a distinctive look and users can tell at a glance. For many businesses, their website is an important opportunity to reinforce their brand and gain a competitive advantage over their rivals - so creating it in such a generic way isn't the obvious way to achieve that.
Long term foundations
We work with clients over the long term and when we look back at how some clients' websites have evolved, it often happens in specific stages of development - times where we've enhanced or adapted their website in response to what their business needed at the time. We don't use WordPress for client's sites: instead, we build bespoke websites we have an in-house Content Management System that we designed to offer the high level of versatility we knew that we'd need.
There's a subtle but important difference here: with WordPress, you have to accept what it does. If it does what you need now and what you think you'll need in the future, everything's fine. But if you need something it can't do… tough!
On the other hand, when a developer creates a bespoke website or application for you, they can (within the boundaries of what's possible) make it do anything you need. That scenario where you've asked for something new only for your developer to turn around and say "Oh, you can't have that. WordPress doesn't do that!" simply won't happen. You don't have to fit your requirements to the software; instead, the software can be made to fit to your requirements.
Let's summarise some key points: WordPress is an option for anyone considering a new website for their business. But an understanding of why it's so popular, particularly among web developers, will encourage you to evaluate whether it's the right choice for your business and not just the right choice for your website designer.
WordPress and its various plugins has no single supplier, so accountability can be a problem. Who's responsible for making sure that all elements of the system, as well as each individual plugin, work well together? And if there is an issue, who do you turn to for support? Your web developer, of course… but can they always fix issues that weren't of their making, which involve code they didn't write?
Because WordPress is open source, it's possible for people to work collaboratively and improve the system. But it's also easier for hackers to identify security weaknesses and compromise WordPress sites. And through no fault of its own, the popularity of WordPress really counts against it here because hackers deliberately target WordPress knowing that there are so many websites that they can affect.
If you're running an online blog, WordPress is a strong contender for your website's back-end admin system. But if you want a more generic content management system, WordPress may be the wrong horse for that course. And be wary of a web developer who forces that solution on you simply because it suits them. They have their priorities round the wrong way.
If your business simply needs a basic online presence, the chances are that you'll be fine with a WordPress site. But if your website has the potential to give you a competitive advantage, or you need a clever website that you'll build on in future years, a more tailored, sophisticated content management system may prove a better choice.