Graduating from WordPress

Table of Contents

    Subscribe for Email Updates
    Graduating from Wordpress

    WordPress offers a cheap and quick way for new companies and not-for-profit organizations to develop a website. Within a short period of time, you can have a nice looking site that works well on desktop browsers, tablets, and mobile devices. And with over 60,000 plugins you can add pizazz and character with animated galleries, text that fades in as you scroll, customized forms, and much more. With a market share of over 63% of all websites using a content management system, WordPress is a sure bet to kick off your website marketing efforts.

    But how do you know when you’re ready to graduate from WordPress? The sections below highlight some of the more common reasons organizations migrate to a more professional solution. Whether you’re ready now or not, this information, at the very least, will provide some talking points as your organization grows and your needs become more complex.

    Website Availability & Uptime

    Webserver Example | Single ServerWhen you get started, very few visitors hit your site, so a little downtime here and there isn’t a big deal. Most WordPress web hosting providers give you a single server environment that is shared with hundreds (and often thousands) of other sites. In each case, the web site and database reside on the same server.

    This is how you get to the $8 per month hosting options. Web hosts like GoDaddy and Dreamhost maximize the number of sites and databases on each server to squeeze out the most profit. 

    This is very common across the board for the majority of WordPress hosts and has a drastic effect on availability, uptime, and page speed.

    Problems with Single Server Hosting

    The availability of your site is completely dependent on one server. If the server malfunctions or has to reboot to apply updates, your site goes down with it. There is no backup server or backup database. You just have to sit and wait and hope for a quick resolution.

    If one of the other sites on the server starts receiving high amounts of traffic, your site speed is drastically affected because the available processing power, memory, and network bandwidth of the shared server is significantly diminished. Then your site must wait for those resources to free up before resuming normal activity.

    Backups

    For most hosting providers, backups are not automatically made for your site. That’s typically included in an upgraded package or add-on which means you are responsible for maintaining backups. If your database or website files become corrupted, you might have to start from the beginning.

    SecurityWordpress Structure

    WordPress is not known for being a highly secure environment. There are often hidden vulnerabilities that allow a hacker unfettered access to the database or some other resource. It’s typically not the fault of the core WordPress software, though. It’s most often one of its plugins.

    Plugin Attack Vectors

    The WordPress software core is maintained by a skilled group of developers that do a nice job of addressing known vulnerabilities. And they thoroughly inspect and approve all plugins available through the wordpress.org website. But they only do this when the plugin is first added. Subsequent updates to the plugin are not inspected or approved and would be a huge task considering they have over 60,000 plugins available. This leads to vulnerabilities and considering the WordPress core is useless without plugins this makes every single WordPress site potentially vulnerable at any given time.

    Unaddressed Vulnerabilities

    Plugins are often built by only one developer who has a regular job, a regular life, and regular activities outside of their plugin development. When a vulnerability is discovered in their plugin, it is their responsibility to fix it as soon as possible.

    If the WordPress team is aware of this, they may make the plugin inactive and alert the developer. But this only keeps sites from downloading and installing the plugin and doesn’t affect those who already installed it. Their choice is to either uninstall the plugin or wait for the developer to make the fix. Neither option is a choice any organization should have to make.

    Server and Database Access

    Plugins typically execute server side code and access the database directly. When a vulnerability is discovered, malicious users can easily obtain direct control over the server and database. Then they can make changes to the site, hold the site ransom until you pay, or cause many other types of malicious havoc.

    Shared Server

    The web server and database typically reside on the same server. If a malicious user gains access to the server side code, it can lead to direct access to the database where they could alter site content, user logins, and more. Additionally, if one of the other sites that share that same server are breached, it could provide the malicious user access to the entire server and all websites on that server. All because one plugin developer didn’t address their vulnerabilities.

    Page Speed

    The time your site takes to load into a visitor’s browser is of critical importance. The slower the site, the quicker the visitor abandons it and goes elsewhere. Your overall search engine page rank is affected by the page load speed and total downloaded resources of your site. So, the slower the site and the more data that needs to be downloaded, the lower your page rank will be.

    When you’re starting out, you just need a professional looking site that presents your products, services and value propositions. Page speed may not be top of mind, but it really should be.

    Total Resources

    Because WordPress relies so heavily on plugins, you have to be cautious of what resources those plugins require. The more plugins you add the more resources a visitor will need downloaded to render the page. And the more resources that are required, the longer the page rendering will be.

    Total Resource Size

    Resource size is also important to obtaining higher page speeds. Images need to be compressed and properly sized and stylesheets and javascript need to be minified. The popular plugins will do this automatically but lesser used plugins by novice developers may not. 

    Custom Functionality

    When your needs require a more customized solution, you’ll need a WordPress developer to build this for you. First, let’s clear up the phrase “WordPress developer”.

    Many people call themselves a WordPress developer, but they are no more than glorified parts-changers. They know how to navigate WordPress, how to integrate plugins, and how to manage some of the more technical aspects of the software, but they are not true developers.

    A true developer will be able to write custom PHP code and SQL queries - the core rendering languages of WordPress. They know the ins and outs of the WordPress system and can probably build just about anything you ask. However, when making changes to WordPress like this, you have to be very cautious.

    Dangers of Modifying the WordPress Base

    When a developer makes changes or additions to the WordPress base software, you have to be very careful and plan ahead. It’s very easy for a developer to change the core software to suit your custom needs, but then subsequent updates can get tricky.

    Frequently, a developer will change core code and then a future WordPress update will fail or overwrite the custom changes. Keeping these synchronized and up-to-date can get very expensive.

    Dangers of Custom Plugins

    The better approach to custom functionality is to use the WordPress API and write custom plugins. Sadly, many popular plugins don’t utilize the API and make direct changes to the core code and database. 

    If a competent developer writes a good plugin, then they’ll use the API and keep the WordPress base system untouched. This is best practice for separating concerns. Of course, as the WordPress core is updated and the API changes, you’ll need the developer to update the custom plugin.

    Ready for Graduation?

    I’ve painted a fairly bleak picture of WordPress, and my intention is not to deny WordPress credit where credit is due. They’ve created a great tool for millions of website owners around the world. But because WordPress is such a popular content management system many people automatically think it’s the big dog in the room and is going to be the best fit. This is far from the truth.

    No content management system is going to be one size fits all. It just can’t. Let me repeat that a different way - no content management system can possibly be the go-to for every type of organization and site. There are too many variables for anyone to make this claim and if they do, it is utter nonsense. Run away, fast!

    If you’ve made it this far and have questions about your WordPress site with regards to availability, uptime, updates, backups, page-speed, security, customizations, and more, then you are ready to graduate from WordPress to a more professional content management system. And of course, Marketpath CMS is a great place to start your search.

    Ready for a Maintenance Free CMS?

    There's no cost to register and play around. We even have a free site plan available.

    Create a Free Site Now

    Related Tags:

    About the Author

    Matt Zentz

    Matt Zentz launched Marketpath from a small Broad Ripple bungalow in February 2001 with a focus on custom web application development. He built the first, basic version of a hosted CMS called Webtools and shortly afterward expanded his team and created the first version of Marketpath CMS.

    Matt has worked for a national consulting firm, taught computer programming to high school juniors and seniors , and led the information technology arm of the auxiliary business units at Indiana University.

    Matt graduated from Indiana University in 1999 with a B.S. in Computer Science and has built custom web applications since 1995. Matt is husband to an amazing & supportive wife, has three beautiful children, supreme master to Archimedes (Archie) the dog, and mostly tolerant victim of 2 flying rats (cockateils).

    He coaches various kid sports, enjoys furniture and home renovation projects, and plays guitar and piano. Matt is also active with his church as a parishioner, technical advisor and board member on the festival committee.

    Subscribe for Email Updates