At 19% of overall website CMS market share, WordPress is the proverbial elephant in the room.
But, WordPress is not without its warts.
As the dominant player in the market, hackers are more likely to create malware and nefarious code insertions on a content management system that is more ubiquitous.
Hacking WordPress is a numbers game. If a hacker plays the numbers using a dominant tool, they are much more likely to succeed. It’s statistically less probable if they pursue such a strategy using Joomla, Squarespace or Webflow.
More recent was the latest WordPress website malware scheme which injected hidden code into the index.php file of unsuspecting WordPress sites. Even the the most religiously stalwart WordPress developers will admit there inherent flaws that occur naturally in a product that reaches the mainstream.
WordPress can and does fail, but before it does, it is best to consider preventative measures to prevent its failure, loss of content, theft of customer data or worse. In the event that the extensibility of WordPress limits some feature-rich sites from experiencing their full potential, there may be other options that can, not without their own cost, fulfill the need for speed, extensibility, security and other features that an out-of-the-box WordPress build simply does not have.
Secure Your Site
As in anything in life, the ounce of prevention is worth a pound of cure. It’s why we purchase insurance policies and get cancer wellness screenings. The same is true for your website. It’s only one of the reasons we recommend a regular and recurring website maintenance schedule and report to ensure you come through with a clean bill of health.
Securing a WordPress website is more than simply having it on the right server and including an SSL certificate. It includes regularly insuring the site’s theme, plugins and code are not exposed to improper function insertions, backlink insertions, data high-jacking or outright site destruction.
Update and Remove PluginsÂ
Some hosts include services that monitor known bad-actor plugins and lack of core WordPress updates that can be areas of weakness that hackers are more easily able to exploit. Some such hosts will automatically remove those they deem a threat. Consequently, if not performed automatically, plugin monitoring and updates should be done minimally monthly to ensure they meet quality guidelines
Any WordPress plugin considered for a given website should also be weighed by the following before even being implemented at all:
- Does this plugin provide significant business, technical or marketing value to the website that is mission-critical? If not, do not install it.
- Is this plugin regularly updated by an active developer (or preferably developer team), ensuring its continued quality existence into the future?
- Is the plugin a known threat (e.g. Trojan Horse) in the WordPress community? What are the reviews of the plugin?
- Does the desired plugin play well with other plugins?
- Could you live without it? If not, is there a replacement that is better and even more secure?
In addition to updating the plugins themselves, updating to the patch and global updates of the WordPress CMS will also be critical in ensuring the latest security protocols are implemented for site security. Care should be exercised in the updates of both of these simultaneously as an update of one can tend to disrupt the effectiveness of the other.
Implement Proper Redundancy Protocols
When a site is hosted properly, redundant backup points can help provide a great insurance policy against any code insertions, hacks or otherwise issues with your WordPress site. Daily backup points, including the option to immediately backup and/or revert to a previous version of a live or dev-server website can beÂ extremely helpful, especially in the event of a website attack or disaster.
Redundancy protocols can even include off-site backups, allowing security for sites that have a great deal of content and work invested in their success. Backup capabilities and protocols are a nice fail-safe in the event of a server or hacker issue, but they unfortunately do not solve all the inherent problems with the WordPress architecture.
Speed Is Paramount
Search engines have stated that site speed and other core site vitals will only become part of the algorithm in 2021, but they may play a more significant role in ranking varying websites among one another. As such, site speed will
Static site generators that are not as ubiquitous tend to be much faster than WordPress. And, given that speed will be a definite ranking factor for search heading into 2021 and beyond, considering function over form when it comes to website design may be worthwhile in the near future.
Sites that have moved to static site generators have reported load speeds of up to eight times faster than those that run on WordPress alone.Â However, switching to a static site generator like Gatsby may require a great deal of input from your design and software development team, depending on your WordPress siteâ€™s complexity and the sheer volume of your content.
When discussing site speed, it is critical to note that site speed is not meant to enhance search engine load times, but is a fundamental aspect of web usability and user experience. Slow loading websites offer a poor experience. Google and other search engines want to ensure they are delivering the best experience to users. Site speed is a huge component of that user experience.
While all of the above may appear to make WordPress look like the scum of the CMS world, the reality remains that WordPress still holds the developer community captive by a landslide. Its ubiquity has created an ecosystem of developers and designers whoÂ are committed to seeing WordPress success.
But, its success is also its downfall. The more successful WordPress is, the greater likelihood that hackers will use it to exploit ignorant and unsuspecting victims who, in most cases are small business owners whose livelihood can be significantly and negatively impacted if a website does not work properly.
Additionally, any time one discusses the move, redesign or redevelopment of a legacy website–regardless of how simple you intend on making itâ€”there are always significant time and monetary costs to seeing such a project is implemented properly. These are all factors that need to be weighed against questions of speed and security for other alternative more static options.
WordPress Alternatives to Consider
It’s not just about preventing or fixing an unintended WordPress failures. More importantly and always paramount is the need to provide users with the best possible experience. WordPress can fail at security and can fail at site speed. Known quantities that can act as alternatives to WordPress include Joomla, Drupal, Squarespace and Webflow, to name just a few.
In addition, static site generators–even those that combine with WordPress as a CMS (e.g. Next.js, Hugo, Gatsby & Jekyll) can provide an added layer of security and speed enhancements not currently had in a standard WordPress installation.
However, your own situation and feature needs may be best served by out-of-the-box themes, plugins and WSYWIG creators that simply make life easier (and often less expensive) for the website neophyte. But where speed and security are concerned, there are definite workarounds and alternatives to a failure by WordPress.