The Popular Choice

Approximately a third of the worlds websites run on the WordPress platform. It is understandably a very popular framework. It is the equivalent of the Model T Ford car that kickstarted the auto industry. Website creation is now within reach of everyone, and that is a good thing. Almost anyone and get to grips with it and create a website. Functionality is easily added using Plugins and there are some very sophisticated WordPress sites out there. If you would like to look at some comprehensive WordPress statistics, then click here.

So, What's the Problem?

With the good comes the bad. WordPress, due to its worldwide popularity, and platform design, it attracts hackers and presents a major target.

It is Plugins rather than the core WordPress software that creates the most problems, although the core software needs updating frequently. With over 55,000 different plugins available, many get abandonded, thus presenting an easy target for hackers. Securing a WordPress site and keeping it secure requires constant vigilance, and full protection costs money. Plugins require updating as soon as updates are issued. Abandoned Plugins require removal and replacement. Here are the main sources of attack:

Supply Chain Attacks

  • Hackers taking control of a plugin or software already used, and updating it with malicious code.
  • Compromised Login Credentials For WordPress, FTP, or Hosting
  • Weak passwords and server level attacks.

All vulnerabilities considered:

  • 75% come from Plugins
  • 14% come from Core WordPress software
  • 11% come from themes

The source of these vulnerabilities

  • 39% of hacked WordPress sites were running outdated core software
  • Out-of-Date Plugins Or Themes
  • Plugins and themes often have vulnerabilities that go undetected.
  • The developer has stopped working on the plugin but people are still using it.
  • The developer quickly patches the issue, but people don’t update.
  • Poor Hosting Environment and Out-Of-Date Technology
  • 67% of WordPress websites use a vulnerable version of PHP.

To check on the latest WordPress vulnarability statistics, click here. But, bear in mind that this data only covers around 2300 plugins, and in total, there are are over 55,000 plugins, so the data underestimates the complete picture.

Performance Issues

WordPress sites (i.e. dynamic sites) are slower to load than static sites. It's a fact. A common mistake is to think that 'dynamic' sites are better than 'static' sites. They certainly sound is if they should be! Dynamic sounds much better than Static! But Dynamic sites require a database, and pages are rendered 'on the fly', which slows the page load speed. Plugins are available to improve WordPress performance, but they suffer from the inherent problem of adding more code to a site, and of course, security.

Misconceptions of Dynamic v. Static

It is often assumed that a dynamic site can have more functionality than a static site. Wrong! Functionality is provided to a static site using API's. These API's are more robust than many WordPress plugins. A static site can be just as functional as a dynamic site, but, and this is the important bit- they are faster, faster, faster!

Conclusions

At Datum Digital, we fully respect WordPress and its place in the internet eco structure. What we have issue with is that as a site is being built, inefficiencies in coding are added in with each plugin that is added. When finished, a rearguard action is required to recitify the problems, and that process takes time, it can be hit and miss, and it is always a 'fudge'.

We believe in building static sites, using efficient, secure code as we progress a project. Plus we know that:

  • Static sites are faster than dynamic sites
  • Static sites are fundamentally more secure than dynamic sites
  • Static sites offer just as much functionality as dynamic sites

How Do We Know All This?

We have over 12 years experience in building and maintaining WordPress sites!