Why I Don't Build on Wordpress
in: websites, code
There is no mistaking the dominant position Wordpress holds on the web today. Not only is it the go-to answer for bazillions of small sites (and still some plain-ol' blogs), but even major publishing powerhouses like CNN and Condé Nast actually use this platform.
So, with widespread adoption, a mature ecosystem of developer talent, plugins galore, integrations for every possible service and more turn-key theming choices than you could ever possibly need, why on earth wouldn't I work in Wordpress? More importantly, should you even bother to look at any other solution for your next web update?
Let's Talk About Plugins
Yes, plugins seem great on the surface. Modular, plug-and-play, designed for purpose and typically free or very low cost. The promise of the universe of plugins is simply enormous. Sadly, like many things in life, the promise rarely matches the reality on the ground.
Plugins mask one of the essential shortcomings of Wordpress. Many essential services that are required for the most basic websites are still not included in the WP core. Need to manage your metadata for SEO? You are going to need a plugin for that. Want to include even a basic form? Yep … that is another plugin. Want an image carousel to feature products or new content on your site? Yeah, that will be another plugin. Google Analytics? Plugin. Membership management? Plugin. Backups? Plugin. Security? Plugin. Plugin automator? Plu … wait a minute.
That last one shows where the problem with plugins starts to rear its ugly head. With so many different services and components of your website managed by different chunks of code written and maintained by different developers, it is only a matter of time before your plugins are in a turf war for credentials or just fail to provide the data other plugins need. Add in a couple “all-in-one” options that overlap each other, and things can go downhill fast.
So, how bad can this be? In my WP days, the average number of plugins we found in the sites we took on was more than 30. 30! To get the full scope of the potential danger, imagine running a brick and mortar storefront relying on 30 different people to show up — none of which you know, employ or even manage. They just show up, but if they want to leave one day or decide to change their hours without warning, you wouldn’t see it coming. And this brings us to our next problem …
“I Don’t Fail, but When I do, I do it Silently”
Keeping plugins up to date and playing nice with each other can be a formidable task. Throw in WP core updates, and conditions are ripe for disaster. Updating your Wordpress build to the latest version seems like a good idea, right? It might have security patches or new functionality that appears essential. There is only one problem; updating the WP core will often break some of your plugins if they don’t have their codebase ready to roll for the update.
This problem Is made worse by one huge issue … the “Update Wordpress” button sitting prominently in the web UI of a Wordpress backend. You might think keeping credentials and user roles tidy would prevent unwanted access to this dangerous button, but in the years I worked with clients on Wordpress, not one client escaped disaster after a well-meaning admin, or more often CEO, clicked the tempting blue button. Not one client.
Having plugins fail can lead to visible and embarrassing display or functionality problems on your site, but this isn’t often what happens. Many plugins, when they fail, fall over silently and go unnoticed and useless for appalling lengths of time. While this is essential to prevent a failing plugin from crashing your site, it could mean everything from your conversion funnel to your backup software might not be doing its job and you will never know. Customer leads could be vanishing into internet nothingness. You could be losing Google Analytics data during crucial weeks of an ad campaign. Support tickets might be going unheeded, all while you think things are humming along smoothly.
PHP Sucks. Full Stop.
Full disclosure here … for most clients and end users, this doesn’t matter initially. For site owners, though, maintaining a clean, performant, modern codebase carries significant benefits down the road. This, however, is a tough sell for many business owners or marketing departments trying to make the most of their budgets on short timelines.
The truth is, PHP is a dated language from a different era of the Internet, and while it served us valiantly, times and technology have moved on. So too, it turns out, have many developers. There are good reasons for this. Working in PHP, and wrangling the mySQL databases and Apache servers needed just to do simple local development on your site is honestly a pain.
What this means in real dollars is that established developers can make plugins and designs relatively cheaply, but modifying these designs past a point can become expensive and time-consuming quickly. This means site owners need to do more planning up front about what their site will be, do and look like … work that often gets left undone in the rush to deployment.
The web is not a safe place. No two ways about it. If you have data available on the web, there is someone out there who is going to come gunning for you. Too be sure, keeping your Wordpress site up to date (which has its own problems we mentioned earlier) can help mitigate this due to the diligent work of the WP core development team, but this is part of the trouble.
Site managers are often left with a terrible choice … keep running on a legacy version of WP to preserve the functionality of a custom plugin that is no longer being updated, thus risking the security of their site, or updating their site and having to shell out for custom development to get back functionality they have been relying on. How many times have I seen this? Only every single Wordpress client I have ever had.
Wordpress security exploits are well known, and it is easier than you might think to get slurped up in a wide-ranging attack that goes hunting for any insufficiently secure WP site. While every potential platform could have similar issues, well known and widely used ones like Wordpress suffer more than others from this plague.
What Should I Use Instead of Wordpress?
If I have convinced you that Wordpress isn’t the greatest thing since sliced bread, it begs the question, “What should I use instead of Wordpress?” There are many answers to this question depending on who you are and what you do.
Personally, for my web projects and the clients I work with at Web Apps, NODE.js-based sites built in React are fast becoming our go-to option. With rapid prototyping, clean, modern code, flat-file CMS options and Git-based deployment and backup options, we can develop, deploy and maintain sites with stunning ease.
This hands-on approach sometimes requires a little more up-front investment, and slightly higher on-going maintenance, but the benefit of not needing to pay sky-high hourly rates after hours to get your site back up after the intern clicked “update Wordpress” more than makes up for that initial investment. This is to say nothing of the lightning-fast site rendering times that will only help your SEO efforts.
In 2021, it is also worth asking yourself if off-the-shelf solutions like Squarespace might not be a good idea as well. Every year these plug-and-play site creation tools get better and better, with new products emerging to serve various niches all the time.
“Fine. I’m Convinced. What now?”
If you are having trouble sorting through the options available, maybe you just need a little help. That is why Web Apps not only builds and maintains client sites, but we provide consulting services as well.