I got an email from a copy-writer that I know the other day, and it seemed like a good thing to share on the blog…
I wanted to share the information below regarding a conversation I had with the developer I’ve used. I wanted to get your feedback on what he had to say about WordPress…”
“The most-common option would be to use WordPress as the back-end. I say this because it’s being used by literally hundreds of millions of sites each and every day. Personally, I’m not a fan and would not recommend it. I mention it because it’s free to start with it and I’m sure you’ve heard of it before. The main problem is that it’s constantly being found full of security holes and potential exploits. You really have to stay on top of it and update it weekly, if not daily, depending on the volume of work being put out by the malicious dev community. The few bucks saved via free base software aren’t worth all the time and hassle that become the routine of maintenance. Currently, I only work with one dev who works with it, and I keep him around in case I inherit a project already using it. Between you and me, because you’re also a mac guy, I’d liken it to the mac/pc cost argument… You get so much more by paying for just a little bit of software and that added peace of mind. Mind you, no back-end is perfect, but the multitude of sites running it make it a very easy target, and the bots they create with the malicious code can easily seek out a WordPress site and automatically attack hundreds of WordPress sites on a server just be recognizing some of the root code.“
“As far as his assertions about WordPress, he’s not incorrect. Regular maintenance and security updates are highly recommended for security and functionality. But, they are not labor intensive. A typical backup/update/new backup (for new baseline) takes about 30 minutes, and is usually something you can do really when you’re doing something else – start the backup, go work on something else, come back later to push the updates, go work on something else while that’s processing, etc.
His analogy of mac/pc is accurate for other reasons. Part of the reason that PCs are so often targeted for hacking is simply due to the ubiquity of them – there are more of them, so more potential targets. No piece of software is without holes – whether Mac or PC, or WordPress or ExpressionEngine. WordPress is updated pretty frequently when holes are found and fixed or bugs are found and fixed.
The other side of this is that since WordPress is open source, anyone can create plugins to extend the functionality of it – I’ve even written a few. This means that the possibilities are nearly limitless in what a WordPress site can do. With a closed system like EE, new functions are generally only available as a possibly expensive add-on or when the core development team feels its warranted.
Yes, WP sites are hacked everyday. It’s only happened to a maybe 2 of my clients (while they’ve been my clients) because I take certain security precautions when setting up the site to make it more difficult to hack. I also offer maintenance packages for my clients where I take care of scheduling their backups and updates so it doesn’t become another item on their to-do list.”
No one’s claiming that WordPress is perfect or infallible. In fact, most people in the community will tell you exactly the opposite, and generally insist that you adopt a backup and maintenance routine. But I think it’s the opportunity that WordPress presents that makes it such a great platform. It’s fairly easy to learn, and if you need some guided help, there’s plenty of free WordPress tutorial videos or low-cost training options available. It’s popular, and lots of developers are available to create a custom WordPress theme for your site, or you can buy some great ready-made themes for your site. And with plugins, and the option of creating your own or modifying an existing one to better fit your needs, the possibilities of what you can do with your WordPress site are almost limitless.
Sometimes I think about learning to use other CMSs, just to be able to be more versatile. But I generally circle back to the fact that I just really like WordPress.
What’s your favorite (or least favorite) thing about WordPress?