Recently we had an inquiry by a customer for a classifieds website. The customer pitched a good number of agencies and independent providers for quotes, looking for the best and most affordable solution that would scale well and be as stable as it gets.
While WordPress is mostly promoted as a platform for blogging and small business websites (due to the massive marketing worldwide mainly in that direction), we do specialize in high-end solutions such as Software as a Service platforms, large membership websites, media networks and the like – some getting over 10,000,000 page views a month, or handling thousands of subsites in a Multisite environment. Scalability is totally doable within the WordPress context, but the general perception of WordPress is that it won’t handle a real production project for a successful business.
That said, a good number of companies we are talking to pick enterprise-grade platforms that offer less than WordPress and costs up to 6 figures a year – simply due to that marketing that we’re all seeing online.
Here are some of the questions or consultant opinions that our prospect shared with us during the process.
A WordPress website won’t scale at 100,000 visitors a month
That should be pretty easy to counter, especially given a popular number of well known websites and news outlets receiving millions or even tens of millions of visitors a month.
Yes, but those websites are news websites or multi-user blogs. WordPress can’t handle a membership site / eCommerce website / any other non-blogging platform
In fact the architecture of WordPress is content-driven, and content isn’t limited to just blog posts.
WordPress provides two types of public-faced content: Posts and Pages. There are several other default post types used for menus, attachment and revisions, but we won’t touch them for the time being.
There are several great APIs for creating custom post types such as Products, Ads, Real Estates, Profiles, Locations, Courses or anything that your site needs that has a title and content, and a number of required fields (text, checkboxes, dropdowns and so on).
The website should be mobile-friendly – can you create a mobile-friendly website in WordPress?
Responsive websites (or the mobile-friendly ones) depend on the presentation layer of a web platform which usually caters to the design considerations and front-end development (building a theme with the required templates). Unlike many other platforms, WordPress has almost zero constraints when it comes to building the markup. Designing anything and tailoring it for any mobile phone, tablet, or another terminal with a display is just a matter of technical implementation, and is not limited by WordPress in any manner.
Regular WordPress updates are dangerous for my business and can easily ruin it
WordPress releases 3 major updates a year. Those are functional updates that include additional features and tools, as well as API improvements and simplifications for the dashboard user interface.
We have migrated dozens of WordPress websites through 10-15 major releases without any regressions. Think of upgrading WordPress 2.9 to WordPress 4.4 which runs smoothly with no updates needed.
In addition to that major updates are not mandatory. While some 3rd party plugins (which are completely optional) may officially support only the past 2 major versions, they often work with no issues for older WordPress versions. Plus adhering to the WordPress standards ensures longer lifetime with no needs to update as WordPress focuses on backwards compatibility as a major product decision.
Minor versions are automatically updated – these only cater for security issues here and there which are often hard to exploit, and cause no regressions for existing customers.
Customizations in WordPress are introduced in the theme, which affects the portability and causes regular regressions
Bringing functionality in a WordPress theme is considered a very bad practice, and should be avoided at all times. This only happens with a number of multipurpose premium themes or when working with inexperienced service providers. New features should be built as custom plugins, which normally keep working even if you change the presentation layer (the WordPress theme) at some point of time.
Adding plugins to WordPress causes incompatibilities and breaks down the site
There is no guarantee that different plugins from various authors around the globe will work smoothly with one another. That said, at DevriX we do build custom plugins on a daily basis for customer needs. All of them comply with the WordPress Coding Standards which prevents them to collide with other plugins.
Using established and proven plugins is preferred, and carefully assessing and testing solutions at a staging environment should you choose to add several 3rd party off-the-shelf plugins to your website. Well-coded plugins that solve different problems are not supposed to interfere with one another, when picked carefully.
WordPress is inherently insecure
WordPress, as a platform, is one of the most secure web content management platforms out there. Being open source and used by 27% of the Internet, it’s a common attack target for hackers. That’s why it has been tested continuously by both malicious hackers, and professional security experts who have been hardening it constantly for over 10 years now.
There are best practices for hardening WordPress that should always be implemented in a solution, and failing to comply with these is not a problem of WordPress itself.
Hacked WordPress websites are usually breached due to one of the following reasons:
- Using a low-cost shared hosting that could be breached through a completely different website on the server – or a loophole in the server itself
- Poorly chosen passwords or wrongfully assigned privileges are the way to get hacked
- Using insecure wireless networks may intercept your password
- Hack through a 3rd party plugin or a large bloated theme may lead to accessing your website, but those are external add-ons that you choose to install yourself, unrelated to the Core itself
Those issues can easily be mitigated by carefully assessing any third-party additions to your website and choosing a reliable VPS or dedicated server provider that has been configured securely, and complying with a legitimate security policy for your passwords and access control, just as with every other website out there.
There have been other attacks against WordPress from the same prospect, as well as dozens of other leads who don’t have in-depth experience with WordPress. Naturally, this harms the business market and often discards the platform as a viable solution for enterprise or large business needs.
As seen in DX Summit, WordPress ranks as a lower end platform when compared to Drupal, Crafter, epicore or Typo3 in the higher-end market, as well as sitecore, Adobe ECM, Sharepoint and others ranked high for the serious business fields:
— Seth Earley (@sethearley) November 14, 2016
What were the most challenging or interesting problems that you’ve solved with WordPress?