12 November 2015
WordPress is arguably the web's most popular content management system and blogging platform, and for good reason. The system is free, easy to use and provides a wealth of features. But if something sounds too good to be true, it usually is.
While the WordPress platform still represents a useful web development option for small high-end interiors businesses and individuals if your business is reliant on your website, particularly for income, you should think carefully about basing that on free open-source software.
It’s understandable for small and start-up businesses in the interiors and property sector to consider it in the early stages as it keeps costs down and there would most likely be minimal impact on the business if anything happened to the website, but for larger and more established business, it is quite a risk.
Before we explore further it may be prudent to explain some of the language used:
Open-Source— it denotes software for which the original source code is made freely available and may be redistributed and modified.
Closed-Source— or proprietary content-managed system (CMS) is a type of program source code development. With closed source software, the source code is not shared with the public for anyone to look at or make changes to. Closed source is the opposite of open source.
Plug-ins—A plugin is a small program that can add a new or special feature to your site.
WordPress, and many of the themes and plugins for it, are freely available as Open Source code under the GPLv2 license. In short, this means you can freely modify and distribute the code without paying licensing fees (assuming you comply with other aspects of the license).
Open-Source—This one item is fundamental to WordPress, and has a lot to do with the risks inherant in the system. Open Source is, by its very nature, also Open to Hackers. In other words, a hacker can download all of the code for Wordpress (WP) and take a look through the code to find opportunities for open doors that will let them gain access to the inner workings of a website. This is not only for the main system for all of the free plugins as well. It’s not costing them anything to do this.
Updates—Have you ever logged in and found that you have an outstanding update to install? If so, you just created a huge attack vector. One of the joys of open source is that when security flaws are fixed, the whole community learns about the flaw and how it could have been exploited. The problem though is that anyone who does not promptly upgrade to the newest version is suddenly extremely vulnerable.
Permissions—A “real” CMS such as Drupal or other proprietrty systems will give you granular control over who can access and edit every aspect of the site. You can create groups and assign people to them. WordPress doesn’t support this by default, and you need to use a third-party plugin for this. Using a plug-in for something as fundamental as security and permissions seems a high risk strategy.
The joy of Wordpress is that anyone can expand the basic functionality by building a plugin. The curse of Wordpress is that anyone can expand the basic functionality by building a plugin and, unfortunately, sometimes very poorly written, or intentionally malicious plugins become extremely popular.
3rd party code—that means a web developer responsible for using third-party plug-ins in your website cannot be held repsonsble for that plug-in breaking, or no longer being supported by the original developer of that plug-in. The analogy of a tap and a plumber springs to mind. Your tap 'leaks' you cannot trace the manufacturer of the tap to take issue with it - you just have to pay the plumber to fix it. The same will be tru of plug-ins fail in your Wordpress site.
The core Wordpress program needs to be updated failrly constantly. These core updates can often break your existing plugins, and thus your site.
There are often clashes between plug-ins that are used, in part due to the eay they are writen, that can affect other parts of the site, its like building a house of cards.
Some themes or plugins web developers install and use may be proprietary and licensed commercially. As such you could find that while in principle the majority of yuor site is Open-source on Wordpress, you have engaged with a level of functionality that requires additional licence you fail to maintain current licenses for the software, you may be unable to access updates and support to keep your website functioning.
A pragmatic business view would recognise that not all relationships within business remain the same. No more so than surrounding your website and the developers tasked with looking after that for you.
The main argument for using WordPress rather than a properietry system is that it is open source and therefore there are plenty of other web developers that can take it over on behalf should the relationship fail. If you fall out with your developer you may think can just move it to another one. It’s surprising, though, that most companies we see don’t have the presence of mind to make sure they have full backend access to the website.
Not the CMS but the actual server control panel that gives you access to the website files and, more importantly, the database that runs it. If you have fallen out with your developer or lost all contact with them you will not be able gain access to the site files and database so it doesn’t matter whether it is WordPress or not.
The only option then is to try to use a Website Scraper to download all of the pages and their content. However, this just gives html files and images and doesn’t give the database information that the CMS is reliant on so it all has to be set up again anyway, and therefore at this stage, no different from simply building from scratch. The only saving is that you have the base design as files so that could fairly easily be turned into templates for the new CMS.