The Popular Choice

Approximately a third of the worlds websites run on the WordPress platform. It is understandably a very popular framework. It is the equivalent of the Model T Ford car that kickstarted the auto industry. Website creation is now within reach of everyone, and that is a good thing. Almost anyone and get to grips with it and create a website. Functionality is easily added using Plugins and there are some very sophisticated WordPress sites out there. If you would like to look at some comprehensive WordPress statistics, then click here.

So, What's the Problem?

With the good comes the bad. WordPress, due to its worldwide popularity, and platform design, it attracts hackers and presents a major target.

It is Plugins rather than the core WordPress software that creates the most problems, although the core software needs updating frequently. With over 55,000 different plugins available, many get abandonded, thus presenting an easy target for hackers. Securing a WordPress site and keeping it secure requires constant vigilance, and full protection costs money. Plugins require updating as soon as updates are issued. Abandoned Plugins require removal and replacement. Here are the main sources of attack:

Supply Chain Attacks

  • Hackers taking control of a plugin or software already used, and updating it with malicious code.
  • Compromised Login Credentials For WordPress, FTP, or Hosting
  • Weak passwords and server level attacks.

All vulnerabilities considered:

  • 75% come from Plugins
  • 14% come from Core WordPress software
  • 11% come from themes

The source of these vulnerabilities

  • 39% of hacked WordPress sites were running outdated core software
  • Out-of-Date Plugins Or Themes
  • Plugins and themes often have vulnerabilities that go undetected.
  • The developer has stopped working on the plugin but people are still using it.
  • The developer quickly patches the issue, but people don’t update.
  • Poor Hosting Environment and Out-Of-Date Technology
  • 67% of WordPress websites use a vulnerable version of PHP.

To check on the latest WordPress vulnarability statistics, click here. But, bear in mind that this data only covers around 2300 plugins, and in total, there are are over 55,000 plugins, so the data underestimates the complete picture.

Performance Issues

WordPress sites (i.e. dynamic sites) are slower to load than static sites. It's a fact. A common mistake is to think that 'dynamic' sites are better than 'static' sites. They certainly sound is if they should be! Dynamic sounds much better than Static! But Dynamic sites require a database, and pages are rendered 'on the fly', which slows the page load speed. Plugins are available to improve WordPress performance, but they suffer from the inherent problem of adding more code to a site, and of course, security.

Misconceptions of Dynamic v. Static

It is often assumed that a dynamic site can have more functionality than a static site. Wrong! Functionality is provided to a static site using API's. These API's are more robust than many WordPress plugins. A static site can be just as functional as a dynamic site, but, with built in speed.

WordPress is Dead - Long Live Wordpress!

It is not all doom and gloom! There are ways of overcoming the inherent issues and flaws with WordPress, and we do work with it. Although the problems are inherent, we have found ways of minimizing them to the point where we are can match the performance of our Netlify headless CMS on a CDN with a well constructed and hosted WordPress site.

Conclusions

At Datum Digital, we fully respect WordPress and its place in the internet eco structure. We fully understand where the weaknesses are and how to mitigate them. So we continue to offer websites for clients that are built on the WordPress framework with full confidence in their security and performance.

Final choice depends upon the clients' requirements regarding content collaboration, functionality and overall budget. Which ever route you take we will provide a fast and secure website.

How Do We Know All This?

We have over 12 years experience in building and maintaining static sites and WordPress sites.