It’s hard to believe, but there was a time when every change to a website had to be made by a developer—they were called “webmasters” for a reason. There was no WordPress, no Blogger, not even Facebook. As the web evolved and businesses wanted direct access to updating their own websites, a field of commercial content management systems (CMS) popped up. Making a choice was difficult and reliable options were expensive, while at the same time, the open-source movement was still gaining steam. Several open-source CMS options have risen over the years as today’s clear market leaders: WordPress, Joomla and Drupal. But even in 2016, the CMS selection process begins with the project budget.
Free or $$$?
Ervin & Smith routinely recommends open-source CMS products over commercial, paid options for a variety of reasons. A decade ago (an eternity in web time) proprietary offerings were more mature and had more features than their open-source counterparts. But nowadays it’s rare to encounter a feature that doesn’t have a robust open-source alternative or that justifies the additional cost of purchasing a CMS. In addition to licensing costs, additional hosting and technology requirements increase total cost of ownership with commercial products. Open-source products are, by nature, extendable, and the developer community is constantly creating new features and add-ons. These plug-ins are exceptionally valuable, as they enable new functionality on sites without the custom effort of re-creating the wheel.
Why Ervin & Smith uses WordPress (and why we do it better).
Picking the right open-source CMS has also gotten easier in the last few years. Google “WordPress vs. Joomla vs. Drupal,” and you’ll find a number of articles from a few years back that compared and contrasted features of each platform. Since then, each platform’s developer community has put a lot of effort into making sure their CMS isn’t feature deficient in relation to other products. But one more trend has clearly impacted the field: WordPress alone now powers over a quarter of the Internet. The fundamental impact of that type of market share is difficult to overstate. While “because everyone else is doing it” isn’t itself a sufficient rationale, the sheer size of the WordPress developer community has some compelling benefits. The core WordPress developer team has established a release schedule that reliably provides improvements and new features every three to four months. Beyond the base WordPress platform, the number of free and commercial plug-ins drastically outnumbers any other CMS. This results in more features and more robust options, which, in turn, means a better website with a lower cost.
While there are a lot of impressive benefits to using WordPress, we certainly understand concerns some new clients share with us. If they’ve had a bad experience with a WordPress site, they might be thinking twice about repeating the same decision. But we don’t make the recommendation to use WordPress blindly. We listen to current pain points, digest new website goals and dig through all the technical requirements. We’re always striving to do the best for our client, with a strategic partnership that makes recommendations as if it was our own business.
So as we discuss CMS recommendations for a client’s project, we occasionally revisit what the WordPress experience can be when done right. What follows are our thoughts on some common WordPress-related topics:
Like any other piece of software, WordPress can introduce vulnerabilities if not installed securely, used properly and updated regularly. While one bad experience of a site being hacked can be hard to shake, it’s important to know that WordPress isn’t inherently less secure than other CMS products. From our experience helping clients move to secure WordPress installations, risks usually occur in one or more of the following areas (which really apply to any CMS product):
- Installation and setup: The most important hacking prevention takes place before the first webpage is created on the new WordPress site. Oftentimes, a site is set up by experienced IT teams, though they may lack specific expertise with CMS tools. The basic WordPress install is actually very quick, but all of the IT best practices for security take some additional effort. These “hardening” tasks make sure the web and database server is locked down to prevent unauthorized access.
- Proper usernames and passwords: When you hear a story about a website being hacked, the cause is usually traced back to someone’s username and password being guessed by an intruder. Fortunately, there is a simple solution: Use strong passwords and avoid using the default “admin” username. Quick and easy, this measure is the single most effective website defense. There are also more advanced security approaches available to protect WordPress sites from common automated password-guessing attacks.
- Regular updates: Like most software, WordPress provides updates when new features are available. While major updates should be tested before installing on a live site, WordPress offers minor, security-related updates that should be installed as soon as possible. These security updates are specifically designed to not affect functionality, so the risk of these updates affecting site uptime is extremely low. For several years now, WordPress has also provided an option to enable automatic installation for security updates to reduce the effort of manually maintaining these updates.
For a more technical discussion of WordPress security, we highly recommend reading the WordPress security white paper. This document overviews specific IT security topics and the WordPress team’s development philosophies and methodologies.
Like most CMS products, WordPress supports themes: code that gives your site a particular look and feel, settings to adjust some predetermined options and, usually, a few additional features. Since WordPress is so popular, there are plenty of prebuilt themes available online to purchase for the low, low price of $20 to $60. Though these prebuilt WordPress themes are economical and (sometimes) easy to use, they take a holistically different approach to web design: Start with a pre-existing website and tweak it with your content and images. Additionally, I think these prebuilt themes are often what contribute to the perception that “all WordPress sites look the same.” There are certainly some contexts in which this is a reasonable solution, but Ervin & Smith rarely uses prebuilt themes because we’ve found that they are typically insufficient to meet many businesses’ web objectives.
You see, we rarely receive requests to merely “freshen” a site. “Improving website metrics” is the single most common goal our clients seek with a rebuild. Increasing traffic, conversions or leads requires a robust strategy that is specific to a business and their customers. This upfront planning not only makes the rest of the process more efficient, but it also results in a diverse starting point for the design of the site. So our clients get a design solution and user experience that is unique to their business and their objectives.
Check out more of Ervin & Smith’s web design and development work.
It’s true that there are a lot of really slow websites out there. The flexibility of a CMS can also backfire on a poorly implemented site, just as it might be easier to get in a wreck with a fancy, fast sports car. Adding a lot of bells and whistles via the CMS without consideration for performance can slow a site rather quickly. Unfortunately, speed is no longer just a frustration for visitors. A slow site now has direct costs: reducing SEO performance and subsequent organic traffic, increasing bounce rate, and increasing IT infrastructure costs.
A fast-loading website or bug-free browsing experience starts with development quality, regardless of what CMS or programming language is used. Ervin & Smith has an established habit of prioritizing development best practices, which allows us to build quality websites without the cost often associated with custom build. Read more on our blog about all the decisions that go into developing a website that affect reliability, security, performance, maintainability and more.