What's wrong with building sites with WordPress

Photo by Moritz Mentges

As an experienced web developer, I understand the need to use the right tool for the job at hand. WordPress often fits the bill.

Before rushing to install WordPress every time we start a new project, lets quickly summarise the requirements of a typical website framework:

  • permit easy development of the public facing theme
  • allow admins to create or edit content using an editing system
  • provide a reasonable SEO configuration
  • have a rich plugin ecosystem
  • be compatible with standard web hosting packages
  • provide security for protected pages such as the admin area

I will happily admit that WordPress provides all these features, and of course a good deal more. If you have a very simple web site, then using WordPress is a good option that will serve you well.

My disagreement with WordPress starts when things get a little more complex:

  • You find yourself looking beyond the standard configuration of Posts, Pages and Categories, and installing additional plugins to provide custom content types, additional taxonomies, and whatever else the default installation does not give you.
  • Having to install additional security plugins, such as WordFence or iThemes Security, in order to prevent your site being hacked, mostly by script-kiddies who don't even really know what they are doing.
  • Needing to add a caching plugin such as WP Optimize to speed up your site, because WordPress gets slower and slower the more plugins you add.

I have lost count of the number of times I have taken over an existing WordPress site, to find that whomever had been maintaining it before seemed to think that having 40+ plugins installed was a good idea - all by different authors, without compatibility or awareness of the other plugins, half of which don't work properly, with no notes anywhere about WHY a plugin was installed and WHAT feature it provides.

For what it's worth, I do think that with a bit of careful planning and due diligence, it is possible to have a well maintained WordPress site with a reasonable set of plugins to provide additional functionality, that performs well and is reasonably optimised. But this requires a pretty strong commitment from the developer and/or site owner.

However, in the vast majority of cases, what you end up with is a total mess of half-baked plugins, hacks in the functions.php file, CSS fragments defined in all sorts of weird places, and who know what other disasters waiting to happen. There is no software craftsmanship involved, and no best practice followed.

Finally, because WordPress powers a huge proportion of all websites on the web today, it is clearly a target for hackers. If you don't keep your installation and all plugins updated to the latest available versions at all times, your site is just waiting for a hack to happen. There is no "security by obscurity" either - all you have to do is hit CTRL-U, look at the source code and see references to "/wp-content/" in the code and immediately you know it's a WordPress site.

I don't want this post to be seen as unfairly targeting WordPress. It's a great platform that sits on top of a long legacy - it's been around for a long long time (forever in web terms). It empowers anybody to be able to build their own website with virtually no technical knowledge, and this is a great thing.

However, if you have technical skills you should question WHY you are using WordPress - is it the right tool for the job, and are there any alternatives that might suit YOU as a developer better?

I explore some alternatives to WordPress in my next post.

Share this content!