WordPress is the most popular website building platform in the world. What began as an open-source blogging platform has morphed into an extremely popular system used to build websites for organizations of all sizes. It is estimated that up to 40% of all of the websites in the world run on it. While many people love that it is free, easy to use, and has a seemingly unlimited number of available themes and plugins, there are several downsides to this website-building giant.
WordPress uses plugins to enhance the capabilities of its content management system. There are plugins for everything. I don't know if I've ever worked on a WordPress site that didn't have at least half a dozen plugins installed and activated, and that can be a problem. There are potential risks you are taking with each plugin you install.
Anyone can build and publish a new plugin. Some of the most popular plugins on Wordpress.org are built and maintained by freelancers. Others are owned and maintained by big development groups. Sometimes if you run into problems the developer or community at large can be super helpful in resolving your issue. Sometimes, you feel like you are on your own, not even trusty Stack Overflow can help you.
Over the years we've learned that not all plugins are created equal and even highly popular plugins with big developer support behind them don't always play well with others. Usually the more plugins you are using, the more likely it is that they will start fighting with each other, and getting to the bottom of the conflict isn't easy.
The number one rule, if you choose to use WordPress is to keep everything up to date. Being the elephant in the room has made WordPress a juicy target for bad actors. WordPress pushes out a stream of regular software updates to address potential threats and vulnerabilities. It's imperative that you keep your WordPress core up to date, but sometimes it seems you are more diligent than the creators of your themes and plugins. Updates can often cause problems. Some people are brave enough to install updates without making a complete site backup. Those people are crazy. Keeping your WordPress core engine and all of your themes and plugins up to date can be exhausting. Most website owners are not good at keeping up with this. This brings us to the main point.
Try doing a Google News search for "WordPress vulnerability" and look at the dates on the articles. WordPress is a big target, a victim of its own success to a large degree. There seems to be a never-ending stream of stories about vulnerabilities being discovered in the core engine itself or in major plugins and themes.
We've been building and hosting websites for almost twenty years. During that time we've learned a hard truth. It's not a matter of if your WordPress website will be compromised, it's a matter of when. Every week we get calls from businesses whose websites have been compromised. They are always running WordPress.
The bottom line, we aren't trying to stir up trouble. We are just trying to be pragmatic. We've learned over the years to use other platforms that are less vulnerable to these kinds of issues. We've settled on a development stack that we love and feel safe recommending to our customers.
If you've been bitten by WordPress in the past and are looking for another affordable alternative for your next website, you've come to the right place. Look at our demo site and our FAQs to see if we might be a good fit.
About the author