I am breaking up with WordPress
I have been developing in WordPress for several years, and for a lot of that time I thought it was the greatest solution for pretty much any website. Why wouldn’t I, It’s self hosted and completely customizable, the interface is easy to use for clients to maintain their sites. It comes packed with so many features and it’s open source.
With the development of Advanced Custom Fields, it has never been easier to fully customize a WordPress to whatever means you need. My biggest fascination with WordPress is that it is a self-contained package, so all I have to do is install it on a server, get the database hooked up, and you are good to go.
So why would I stop recommending this tool that I am highly proficient in to clients? There are several reasons that I have found over time that have influenced my new viewpoint, that using WordPress just doesn’t make sense anymore.
Most sites just don’t need a self-hosted database for site content. Most content can be placed directly into HTML or text files (I’ll get to this more later). Also, having a MySQL database with WordPress is a huge security vulnerability and pretty damn slow.
Wordpress is notorious for being susceptible to malicious attacks. I’ve had multiple sites injected with Viagra ads (good job, hackers 👏) in the database or malicious PHP in the source of the application. WordPress also makes it very easy to install plugins (secure or not), and plugins are usually the backdoor to malicious attacks.
WordPress comes with a lot of stuff built in, and requires a good amount of “tweaking” to get most of those things to work properly. The equivalent HTML solution would be as easy as putting a file in a folder - The WordPress core even has more things than it needs just to function like it’s supposed to, and it is certainly lacking some things that it needs.
WordPress requires a great amount of maintenance. If you want to build a quick and simple site that you can update the content periodically, it doesn’t make sense to use WordPress is almost definitely overkill. Just a few things to consider: you will have to make sure you have the latest versions, and that you are always aware of the latest security threats- and what happens if you do get hacked?
What is the right alternative to WordPress? Well, for about 99% of your standard content-based websites you can get away with good old-fashioned HTML. I wouldn’t recommend just building static HTML sites, as it can get very repetitive. That’s why there are static site generators like Jekyll. With Jekyll you can build templates and write modular code without the repetition, and it compiles out to static HTML content that is rendered directly by your browser.
Although Jekyll itself is not a CMS, you can very easily hook up a content delivery tool to it, like Contentful. Contentful is a “headless Content Management System” that delivers your content via a REST API That way you don’t have to worry about database maintenance or malicious attacks, because there is a team maintaining this tool.
Over the past couple of months I’ve switched my workflow to using Jekyll and Contentful to build sites, and it has proven to be an astonishingly better solution over using WordPress. Sites are loading faster, are quicker to build, and I don’t worry about hackers anymore.