Over the years WordPress continues to grow in popularity. In my humble opinion it is the wrong solution for most companies. It often comes down to dollars and cents in most cases, and I understand how the argument can be made for serving a website that has serious code bloat, and security concerns can be attractive. At Appeal Design, we don't love WordPress, but we have to live with it in today's environment. They are a necessary evil in today’s web world.
WordPress is easy to use and can make for some quick website work. It isn’t efficient work, but with so many premade templates, companies can get a starter site off the ground in a day. Again, I think WP is the great tool, just not for most applications.
Here is why:
Commenting is overrated
WordPress commenting system is faulty and ties successful comments to the user's table. Every user in a WordPress site has a login and a way to post content to the site. Commenting engines while nice, are rarely used for anything good. They are easy fodder for hackers and an easy way to eventually gain access to your site, for something you never intended to allow access to. Yet, it loads. It loads on every page of your site, whether you disable it or not. “But there is a plugin for that, I can disable comments with it.” Ahh, yes there are many, I’ll address plugins later.
Speed - WordPress Sites are Traditionally Slower
The speed of most WordPress sites will be slower than most, or slower than they could be. WordPress is made to fit the masses and they have tools that many use and many do not use. As a result, their application has a good amount of bloat to it that loads regardless of whether or not you are using it. For example, we do not use Widgets, we use something much more custom than that on the most sites. We cannot decouple Widgets from the WP platform, they are baked in. Thus, we wait for the widgets to load on each page view. Most pages should load in less than 3 secs. Simpler sites usually load in less.
Customized Plugins Don't Hold Up Over Time
WordPress is built as a brochure site software and blogging tool. Most brochure websites have a realm they can live within; we use common plugins to make them work the way we want them to. The more plugins, the slower the site and the more vulnerable, and more chance for conflicts. When a plugin is "customized" it is altered from its original author’s intention and can no longer be updated without breaking it. If there is a vulnerability later found in that plugin, the customized plugin cannot be updated. For example, for a client of ours, we customized and tied two plugins together to create the pagination with custom image feature the client desired. It works, and it is also a hack of WordPress. We can’t update either plugin now; they are stuck.
WordPress Updates are a Pain
WordPress has monthly updates. Plugins have updates. Each time we run updates, the site has to be backed up in case the updates do not all jive together. In addition, it is difficult to test each feature of each update after it goes live.
WordPress has Security Holes
WordPress is less secure. With WP, a custom website, and anything on the web, vulnerabilities will exist. However, WordPress is open source, and thus many more people will attempt to hack it. For the same reason that Honda Accords are the most stolen car, WordPress serves the most vulnerable type of site architecture. For every WordPress site, the login is domainname.com/wp-admin. A hacker thinks “Let’s put a bet on it, and eventually it will be right.” And they are right. Every plugin you install contains vulnerabilities. The average WP website has around 15 plugins installed in addition to 2-3 themes. As hacks are found, the plugins need to be updated and maintained. The install folders of the plugs are in a very predictable place on every WP install. Once an exploit in a single WP plugin or theme is found, hackers can start testing the fences on every site in the same spot.