Why We Don't Use WordPress
Published March 14, 2019
We’ve recently received several requests for website proposals containing a requirement that the new website must be developed in WordPress, so we thought this would be a good time to explain why we won’t do it. This article may be a bit long, however, if you are considering a WordPress website, we think this information is definitely worth your time, even if you decide to go that route.
The Seductive Allure of WordPress
WordPress is the most popular website content management system (CMS) of all time. It began as a blogging platform, but has morphed into full website platform, with content management features, themes and plugins – and lots of users. As of February, 2019 nearly 30% of all active websites in the world were using WordPress. That’s some 75,000,000 WordPress sites!
To be sure, on the glossy surface, the prospect of developing sites with WordPress is very appealing. Basic installation of WordPress is super easy (if insecure). It has many advanced features. There are more than 11,000 WordPress themes available. And all those plug-ins! There are thousands of website developers out there using WordPress. Heck, it's so easy, it seems anyone can call themselves a website developer these days.
Wouldn't it be easier if we did the same? Couldn't we be more profitable using WordPress?
So, Why Don’t We Use WordPress?
We admit that we ask ourselves that question every so often. Would we be better off to give in and just use WordPress? More importantly, would our clients get better results? Each time the question is asked, we discuss it as a team, and so far we always come back to a firm “no.” Not only does the whole team continue to believe we can build better websites without WordPress, there are six main reasons we implicitly prefer to avoid building WordPress websites.
Six Reasons We Avoid WordPress
1. WordPress is the Most Hacked CMS in the World
In 2018, 90% of all infected websites were WordPress sites, according to multiple studies. Website security firm Securi reports that that number has increased from 74% in 2016 and 83% in 2017. An estimated 50,000+ websites are hacked or compromised by malware infections every single day. Of those, approximately 45,000 are WordPress sites.
...90% of all infected websites are WordPress sites...
We can anecdotally attest to these statistics. Most WordPress sites we have helped maintain have fallen victim to infection at least once in the past. Also, in access logs we see the attempts of nafarious bots nearly constantly poking at our websites, and the majority of them are scouring for WordPress files and vulnerabilities. That ought to be a clue.
WordPress is the most targeted CMS in the world because hackers can comb every line of its open-source code for vulnerabilities, and the sheer volume of WordPress sites means they can easily cast a very wide net. Discovery of a single new vulnerability can allow hackers to compromise tens of thousands of sites in a matter of minutes.
The many consequences of site infection can be very costly in terms of money, lost traffic, brand and reputation damage, and possible liability. For example, about one in ten infected websites gets blacklisted by Google, which results in an average loss of 95% of traffic.
This one seems like a no-brainer to us. The way we see it, using WordPress is akin to buying the car with the absolute worst vehicle safety rating, even if the manufacturer is constantly issuing safety recalls.
To be fair...
There are millions of WordPress sites that will survive infection attempts on this very day, and there are steps that WordPress site owners and their developers can, and absolutely should, regularly take to reduce the risks, but it is time consuming, and new vulnerabilities are discovered all the time, which brings us to our next point.
2. Updates Out the Wazoo
The top cause of WordPress infections is out-of-date installations, themes and plugins. Therefore, zealous diligence at applying updates is imperative to risk reduction on WordPress sites. Delay of a single update can leave a site unprotected against the latest exploits. To make matters worse, virtually every exploit that is discovered quickly spreads through the hacker community.
...zealous diligence at applying updates is imperative to risk reduction on WordPress sites...
Many WordPress updates are like safety recalls. There were 31 updates to WordPress core alone in 2017 and 2018 and countless updates to plugins and themes. As of this writing, there are a combined 13,725 documented WordPress vulnerabilities, and new exploits are discovered almost weekly. Third-party themes and plugins are especially vulnerable because those developers are often unable to respond to new vulnerabilities as quickly as the WordPress core team, yet you need different plugins for almost everything outside of basic content control.
Imagine having a home security system becomes outdated every week or so, and, if you fail to manually monitor it and install the latest updates asap, hundreds of home invaders will just be waiting in the bushes with access to bypass the system and walk right in.
Yea, we'll pass. The effort to monitor and stay up-to-date is a costly drain on resources, it can be stressfull, and, as you’ll see later, every update comes with risks of its own.
To be fair...
Nope, can't really think of anything.
3. Most WordPress Sites Fail Speed Tests – Often Miserably
We put a premium on site speed when we develop and maintain websites, and for very good reason. (Read why site speed matters.)
It’s not impossible to build a fast WordPress site, but it is apparently extremely uncommon. Of the scores of WordPress sites we’ve assessed for clients in recent years, we’ve seen only one that the developers managed to make fairly zippy. That’s right. One. The rest all performed poorly, often miserably, in speed tests, and site traffic statistics reflected as much. (See our HuskyPortable.com case study for one such example.)
...the rest all performed poorly, often miserably, in speed tests...
Furthermore, the more WordPress plugins, the slower a site tends to become. A great many plugins require additional external resources, which are automatically loaded on every page of the site – even if they are only used on one page – reducing page load times and responsiveness.
To be fair...
It is possible to optimize a WordPress site for speed, but in our experience it is difficult, requires multiple plugins, and we've run into some limitations in each of the plugins. Oddly, we've noticed that a lot of WordPress developers still don't even bother to try.
4. Custom Functionality is Extra Challenging
Despite the fact that there are more than 50,000 WordPress plugins available that do a myriad of things, finding a quality plugin that will do exactly what you need or want can be virtually impossible. The more detailed your needs, the more difficult the challenge.
As a result, WordPress site owners are frequently forced to make compromises on their requirements in the end, and lesser developers don’t bother to mention up front that they are limited to the plugins they can find. We are in the business of “can do” versus “no can do”, and WordPress development tends to be an obstacle to that philosophy.
...WordPress site owners are frequently forced to make compromises on their requirements...
Furthermore, with every plugin or theme you choose to use on a WordPress site, you are trusting that the developer of that plugin/theme will continue to develop and support it and address known bugs and vulnerabilities in a timely manner. We've seen this become an issue for a few clients.
To be fair...
It is possible to modify the programming in the WordPress core and/or plugins and themes – even write your own plugin, if you are an advanced developer – to get exactly the functionality and design you want, but as you’ll see next, it is risky to do so.
5. Updates That Break Things
In our experience, every update applied to the WordPress core, a plugin, or a theme comes with a decent risk that something is going to break – occassionally even the whole website.
...every update applied to WordPress... comes with a decent risk that something is going to break...
It’s not good when the whole website breaks after an update, but at least it is obvious and can be immediately addressed (hopefully). Worse is when functionality breaks that is not immediately obvious, which can lead to longer-term consequences. For example, a lead capture form plugin stopped processing leads on a client’s website after an update, but it took several weeks for anybody to realize it. Sometimes it is necessary to revert to the earlier version and wait indefinitely for yet another update, which is not good.
As a result, we have to plan on spending extra time on every update to anticipate breakage and to re-test virtually all functionality after every update, which can be very time-consuming and costly, especially on larger, more complicated websites.
To be fair...
Only some updates break things?
6. We Don't Like Stress
WordPress is fine, but we often want to pull our hair out when we work with it.
...WordPress is fine, but we often want to pull our hair out when we work with it....
For example, one of our designers just told a story of being frustrated when a super simple "five-minute" style tweak recently took 30 minutes in WordPress. Our SEO tech describes being consistently stymied by limitations to implementing certain SEO tweaks, even when using some of the most popular SEO plugins. We all dread applying regular updates, for reasons already stated.
To be fair...
There are probably a lot of developers and site owners out there who love working with WordPress, but we just don't like the risks, the limitations, or the constant worry and stress.
In truth, there is a seventh reason that we don't use WordPress: we don't have to.
We have developed a private CMS framework, built from the ground up to be easy to use, infinitely customizable, mobile friendly, secure, and highly optimizable in terms of speed and SEO; and, we think it is easier to use.
Our CMS has a 16-year track record (same as WordPress). We know exactly what it is capabable of, which is anything our clients need or desire. Our approach is one of seamless integration of CMS, design and functionality – all built by one team working in one big room – for a high degree of stability, consistency and quality control. We don't have to depend on third-party developers, worry about compatibility among themes and plugins, or deal with updates gone bad. If something does break, we can fix it without waiting for an update that may never come from some developer we don't even know. We're perfectionists. If it needs to look better or work better, we can make that happen. It is development freedom that ultimately serves you, the client.
While no website platform is impenetrable, our code is not open-source and is not used by half of the world, which clearly has its advantages. It is private, but not proprietary. Our clients own their websites, and other developers can work on them. There are no hostages here.
Sure, there might be some advantages if we just gave in, followed the crowd and started using WordPress to build websites – especially of the less-than-stellar quality we see all too frequently – but the bottom line is that we do it the way we do it because we truly believe the outcome is better for our clients.
Not convinced? That's your call – we’re not into high-pressure sales tactics – though we would challenge you to ask yourself honestly why you think you need WordPress. (We're pretty sure that you don't.) In the end, though, we just want to be helpful. Honestly, we hear a lot of horror stories from new clients about other developers, and we see a lot of bad WordPress websites, so below is a helpful link to some tips if you absolutely must find a WordPress developer for your new website.