WordPress, the CMS that Could
I built my first WordPress site for a client in 2006. WordPress has come a long way since then, but I get some of the same comments doubting the use of WordPress as a content management system (CMS) as I did then. Here are the most common ones:
Isn’t WordPress insecure?
This is easily the most popular question or comment that I get. Usually, they’ve heard a horror story about a website using WordPress that was hacked. Guess what? WordPress is run by 51% of sites that use a CMS and 35% of all websites. It’s the most popular CMS on the planet. Therefore, it’s bound to be the target of hackers. But don’t think that WordPress is the only platform that gets hacked (because it isn’t). Regardless, there are some basic steps you can take to minimize risk:
- Make sure everyone who needs access to the WordPress admin uses a password that is not simple to figure out. Change the password frequently. Use a password manager to keep track of these changes. We use 1Password, but there are many good solutions out there.
- Don’t use admin as a username.
- Delete unused plugins and especially all plugins that are no longer supported by their developer or haven’t been updated in over a year.
- Keep WordPress up to date along with plugins.
- To go along with that, we lock down the ability for WordPress admin users to upgrade WordPress, add new plugins, or make file modifications. If someone with malicious intent were to gain access to the admin panel, there is only so much harm they could do, and it would be very difficult for them to introduce any kind of malware. This enables us to keep the entire codebase under version control and thoroughly test WordPress upgrades, plugin upgrades, and new plugins on a test environment before going live. This practice has resulted in the prevention of introducing vulnerabilities to our client websites. While this takes a bit more time in the short term, it can save a lot of time and money in the long term if your site is compromised thanks to a hacked plugin.
WordPress is for small websites. It can’t power large, enterprise sites or applications, right?
Back in 2006, this question was phrased a little differently. People assumed that WordPress was for blogging and questioned if it could even be used for websites. Thankfully, I don’t get that specific feedback anymore, but there are still questions about whether this CMS can handle large websites. Well, here are a few household names that use WordPress: The White House, Sony Music, The New York Times, The Walt Disney Company, Vogue, the Dallas Mavericks, and The High Line (built by Storyware).
We leverage the Themosis Framework, a custom WordPress query library, and Composer to transform WordPress websites into cutting edge PHP applications that can be deployed quickly with zero downtime. This allows us to cater to enterprise-level businesses that are seeking extendable, secure, and high-performing websites.
A friend of mine is a developer and they don’t like WordPress. Should I use something else?
Developers are passionate about their craft, as they should be. Like anyone else who creates for a living, we seek new challenges and opportunities. Developers want to try new platforms and frameworks, and WordPress has been around since 2001. That’s a long time for the world wide web, which doesn’t make it an exciting option to many developers.
I know that every developer who doesn’t like WordPress has their personal reasons, but I’ve never heard a reason that should dissuade our clients from using WordPress. That’s because our clients aren’t developers. Our clients are marketers who need to easily update the content of their website without having to go back to a developer for help. That makes WordPress a perfect choice, when built right.
There are plenty of solid CMS platforms to choose from. I don’t have issues with many of the WordPress alternatives. We’ve dabbled with some over the years, but in the end we landed on WordPress as our go-to CMS. It continues to deliver on what attracted me to it 15 years ago – the right balance of management options for content editors and customization for designers and developers.
Thanks to its growth, there are so many people and agencies knowledgeable about managing and building WordPress sites. Therefore, our clients can easily take their site built by Storyware and have someone else maintain or enhance it. Of course, we would like to be that maintenance partner, but the widespread popularity and familiarity of WordPress gives our clients the greatest flexibility of all.
As CEO of Storyware, Todd oversees the direction of the company, business development and operations along with consulting key clients on digital strategy.