Remonkeys Remonkeys

Fatal error: WordPress security vulnerabilities

Speaking to WordPress experts,  WP clearly appears to be an interesting solution for start-ups, microblogs and cash-strapped SME’s. Its core blogging feature ensures that sites rank well on average on Google as long as you put out good content even at a minimal frequency. It remains a relatively easy-to use system. It is free. It is supported by a large community of developers… And that’s about it!

Taking a closer look at the giant of free websites CMS out there- powering 27% of the world’s websites- it turns out that giant has feet of clay!  WP websites are tiny and often minimalistic blogs. With few features. A rigid / limited UX. Bloated themes resulting in slow page load. Constant updates. Plugin clashes. Trashily-coded plugins. It turns out it´s not that easy to use, unless you are a webmaster! Sounds familiar?

As a start-up founder myself, I wasted so much valuable time and effort trying to build a high-quality online presence for my business, I quickly realised WP was not worthwhile, especially in early stages of business creation when so much energy needs to be dedicated to far more pressing and meaningful matters. There are legions of other dishevelled users who can attest for that.

Before you decide if WordPress is the right solution for you and your business, ask yourself the following questions: what functionalities do I need for my website? Is my working knowledge of this CMS enough? What are the experiences of other WordPress users with similar business needs?

Take a few minutes to go on WordPress forums and you will find a myriad of issues most users encounter. In this article we decided to focus on matters related to user-friendliness, core technical issues as well as safety faults. By the end of this read you should be able to decide if a WordPress solution is right for you and your business, or not.

WordPress is not as easy to use as you are made to believe

It is one of the easiest CMS out there in terms of usability. However, for someone with no or little tech background, it’s all but easy-peasy! Sold to hapless users as a “Weeeehee, it’s so easy click-click it’s ready weeehheee!” quick-fix solution, in practice, trying to understand how to actually install the core software on your server, how to use visual composer, why that page doesn’t load anymore, why that plugin crashes when you click on this etc is more likely to drain the life out of you!

Design and UX are often poor on WP sites

I know you have all seen the beautiful demos and all these themes that promise you eye-meltingly good UX, graphics, flexibility etc. The problem here is that some WordPress themes can indeed do that, but WP remains a blogging platform at heart. These demos are simply enhanced, sped up, or the result of elite WP programmers and designers doing their best. In other words, if you have no design training, are not a semi-competent webmaster and/or programmer, you might find yourself caught in an all-time and all-energy consuming quest for an unreachable result… Only to come to the conclusion and admit to yourself that getting the professionally-looking and fully-functional website you coveted requires hiring a team of crack techies.

But then, if you are willing to incur that kind of expenses, why even choose WP at all? Why attempt to use a platform which fundamentally cannot offer striking design or UX in the first place?

It cannot power e-commerce sites or sites with large content volume

WP simply cannot handle numerous items SKUs and custom options and will get overwhelmed pretty quickly. The same applies if you have lots of content, in which case you should probably hire a full-stack programmer to do something bespoke and perfectly optimised. If you really want to stick to a major, free-ish CMS, you may want to consider Magento or Drupal.

WordPress experts and developers don´t rate it very highly

Have you ever considered having a look at online reviews written by actual programmers and developers who had to learn the internal WP code? Pretty heavy stuff eh?

The internal language and coding hierarchies that power WP at its core make coding in COBOL on an AS/400 feel like a breeze!

It can be highly unstable

The core code is not the issue here but rather the unavoidable add-ons such as plugins or themes. “Open source” coding is a great idea on paper, what it means in practice though is that anyone can code a WP plugin or a WP them. Anyone. That includes poor programmers, who develop wonky plugins. Install two of these, watch them make conflicting queries out of your SQL and behold!

WordPress themes are often slow / bloated

You need a theme to power up your core WP blogging functionality, lest you want a site that looks like a spartan blog from 1993 with content only showing as blog form, plonking one on top of the other in a central feed, and nothing else. Not exactly that warm and fuzzy feeling for your visitors.  The quality of the code is often basic. Past the glittering online demo and the raving reviews, you will find many themes are poorly coded and barely optimised. Get ready for a lot of un-optimised JavaScript / CSS / and/or browser caching! Many themes will affect your site load speed, to the point that you are going to lose users and SEO value -Google doesn´t rank slow sites very highly as we all know.  So much for SEO, hey!

WordPress Themes are unsafe

A poorly coded theme can open up gaping security breaches on your WP site. You are essentially allowing hackers to use your theme as an entry point to access your WP Mailchimp plugin! And upload the whole list…

Let’s put it this way: If you find the sound of a working paper shredder comforting, open-source coding will give you the creeps!

WP is VERY popular with hackers too

One of the reasons is to do with open-source code of the core software, or that of the themes you’ll need to tack on to give the platform more visual impact and more functionalities.  Another reason is down to pragmatism: if you were a hacker would you waste time on Drupal, powering around 1% of the sites out there, or WordPress- 27% of sites globally?

The popularity of WP is also its Achilles heel.

The administrator of the website needs to actively ensure that security threats are kept to the absolute minimum on a WordPress site. Open source allows hackers to understand the entire framework and build scripts to attack WordPress sites specifically.

At the very least, you should make sure that your site is hosted on a quality server and that security options or SSL support are optimised. Frequently reviewing plugin updates and core improvements is also essential.

All in all, WordPress certainly has a lot going for it, judging by its success. Its intrinsic security faults and other technical issues can however represent major threats to immediate business development and long-term business agility.

To find out about the safety of your website and how to optimise user experience, please sign in here for a free UX consultation.

Share Post :