For many marketing and creative agencies, the default platform for hosting client websites remains, and may forever remain, WordPress. The free, open source content management system (CMS) powers more than 500 million websites across the globe. It’s a stable and well supported platform. But there are some fundamental issues with the whole WordPress ecosystem that are worth looking at.
WordPress’ enormous user base makes it a huge, tasty target for malicious, or even mischievous, actors. I have seen and repaired many a hacked WordPress site, and breaches can happen for any number of reasons. Vulnerabilities primarily come from plugins and the hosting environment itself–not WordPress core files.
In order to deliver even the most basic WordPress site, a web server must exist to manage MySQL and the WordPress database, PHP, HTTP requests, asset delivery, and other functionality. And in order to build out a functional front end, some collection of third-party plugins and themes are inevitably needed.
This means that in order to keep your website safe and secure, you must commit business resources to hosting and server maintenance, plugin subscriptions, site updates, and general upkeep. You might consider this the cost of doing business on the web. But if we look at the primary requirements of delivering a website, the need to respond to HTTP requests and send HTML, images, CSS, and JavaScript back to the browser, we don’t need a vulnerable ecosystem in the background to do it.
So why do so many people use WordPress?
WordPress is great in a lot of ways. While the plugin ecosystem opens up a range of vulnerabilities, it also allows for a lot of creativity and ingenuity for people who are not developers. Plugins provide e-commerce functionality, complex form behavior, interactive content, security, file management, and on and on. Once a plugin is installed and activated, all of this functionality is managed through the WordPress admin interface, so there is familiarity and continuity with most WordPress plugin UIs (though some will open up an entirely new interface inside of WordPress 🙄)
WordPress is also easy to set up and install, especially on a hosted platform like Flywheel, SiteGround, WP Engine, etc. WordPress themes, while opening up other possible vulnerabilities, provide an easy way to style and present your content without touching a line of code. This often means that non-developers can build out an entire website, which is efficient and cost-effective for agencies. And I think that’s my main takeaway, WordPress is popular because it’s easy for the people building your site, but is it best for users?
What do users want?
Your users don’t really know or care about what powers your website. They want a site that comes up fast and delivers the information they’re looking for in a pleasing way. They don’t want to feel like they’re waiting for or fighting with your website. Design and content are obviously key to that, but good performance is essential.
How can we avoid these issues?
By focusing on our users and understanding the fundamentals of web technology, we can look at web hosting a little differently. Modern cloud computing allows us to manage and distribute files instantly to data centers all over the globe, and modern build tools allow us to automate those file distributions. Using tools like GitHub Pages, AWS Amplify, Netlify, Vercel, and others, we can edit website code; push it to GitHub; and watch as the pieces that make up our website are assembled and distributed worldwide within minutes. Once the website files are in the cloud, they become instantly available to users everywhere.
Without a back end to support, PHP files to render, caches to connect to, extraneous style sheets to load, bloated HTML to render, and more, your website suddenly becomes a whole lot faster. And that makes your visitors happy.
Managing Content
But how can we manage content in a practical, flexible way? WordPress is useful for that.
If we decouple content management from front-end file delivery and use a customizable CMS, we can have precise, specific content management in a private environment–totally separate from what our users are interacting with. This managed content is then available to our build tools whenever a build request is made. My current platform of choice for content management is Directus - a content management platform that allows for complete control of your data and data modeling.
WordPress sites often use a plugin called Advanced Custom Fields to add custom content fields to posts and pages. With Directus, custom fields are integral to the data modeling process–there are no default content assumptions made on your behalf. Your home page might have one set of content, while your About Us page might have a completely different set of elements. Directus gives us the ability to create page-specific content collections in addition to shared elements (like a standard set of SEO fields). I use Directus to manage the content on this site, and the URL for the CMS is completely separate from the site you’re seeing.
Decision, Decisions
WordPress, when configured properly, can be a great platform to host your website. I offer comprehensive WordPress support services, and I can manage the issues described in this article.
But if you’re looking for performant, innovative ways to serve your customers online, know that there are efficient, flexible options available and they’re worth exploring.