Originally published in the Development Edition of the Heavy Chef Magazine
Jumping straight to the point: It depends.
As with most things, WordPress meets the needs of a specific task and is excellent at doing certain things. In fact 48% of CMS driven websites are using it. Before Wordpress, we didn’t have many options for posting content up on the web, and it’s done a fine job at making the process as easy as possible.
So, what exactly does it depend on? Your requirements. If your requirements are loose enough and your website will be made up of the content basics: text, images, and video; then WordPress should cover you. As soon as you start stepping outside of that box, you can either:
- Squeeze your requirements into a mishmash of plugins, which is kind of like trying to fix a lightbulb with a hammer.
- Move to a different platform that gives you a bit more customisability (e.g. Drupal).
- Define your requirements in detail, and opt for a custom developed system.
Here’s an analogy. If we think of building a website as if it were the same as building something with Lego bricks, we can say the following about each of the above points:
- WordPress is like buying a preset box of pieces, with a 5 step instruction set on putting it together. What you get is what you see pictured on the box, but nothing else. Sure, you could extend it with off-brand bricks (plugins), but they never fit quite right.
- Systems like Drupal (or Joomla) would be the same as buying a bag of mixed blocks and putting them together in any shape you can imagine.
- And lastly, creating a custom system is like building a factory that can create any shape, size or form of brick you need. You decide what you want to build, and your brick producing machines (your framework, e.g. Laravel) will build all the bricks that you can piece together to create the final product.
Do you care about performance?
Because they all aim to solve different problems, comparing different CMS's is a bit of an apples vs oranges problem. So, how do we measure a CMS's performance? Two of the simplest metrics are:
- Average Response Time – how long a user has to wait for the website to respond. Lower is better.
- Request Rate – how many people can use the website at the same time? In a nutshell, this is a loose insight into how well a system will scale. Higher is better.
For each CMS, a fresh Digital Ocean (single CPU, 512MB RAM, 20GB SSD) server was spun up with an out of the box installation of each system; with no additional content or plugins. This ensures that each system is on an equal footing while being benchmarked.
After setup, we ran benchmarks using Siege on the home page of each site. The test settings were 50 concurrent connections run over 30 seconds with no delay between each request. Going higher ended badly, but more on this below. Pictured below is a summary of how it went:
At first glance, WordPress performed comparatively well – but as mentioned above, as soon as we started going above 50 requests per second, the website would crash (as did Magento). This is quite easily fixed by throwing more server hardware at WordPress and toying with the configuration, but that necessitates higher costs.
As a small side point of interest, Ghost (a blogging platform written for node.js), handles just over 90 requests per second on the same hardware and scaled to over 1000 concurrent requests before I gave up trying to overwhelm it.
Does your site need to be secure?
As the internet grows and we continually increase how much information we share on the web; security, rightfully so, is becoming more and more of a concern.
WordPress at its core is relatively secure (nothing is ever 100% impenetrable, run away fast if anyone claims this). However, WordPress plugins are in general far from secure, and are generally the root cause of why WordPress sites get hacked (especially when left out of date).
A casual study done in 2013 claims that approximately 73% of the top 40,000 WordPress sites were insecure
. In July 2014, a plugin vulnerability (estimated to be used on 86% of WordPress sites) was exploited on at least 50,000 websites. During 2014, an estimated 800,000 banking credentials were stolen using compromised WordPress installations.
Fortunately WordPress, from version 3.7, has included functionality to automatically update itself which prevents a large number of the "drive by" breaches that occur. Not so fortunate is when, for example, a developer has not updated a plugin used by your site and you are forced to either replace it with something that works slightly differently, or leave yourself open to being hacked.
Security within the context of custom development is a difficult metric to quantify, as it is dependent on the expertise and qualifications of each development team.
While custom development might offer you security via obscurity (i.e. because it is closed source, it won't be as easily targeted), this does not guarantee any standard of security. As such, it is always a good idea to question the developers about security, or even hire an external security consultant to do a code audit. Doing so will probably lead to higher development costs but, in my opinion, it is well worth the value it provides and can save you from even more costs (not only financial) going forward.
How flexible are you?
Taking a look at the WordPress plugin repository, there are currently 38,650 plugins available. That's a lot, and with a bit of digging you can probably find a plugin for most requirements that you have. However, you'll need to bend a few of your needs into how the plugin is built to function; and the further you bend something the higher the chance it has of breaking.
Where does WordPress win?
Put simply – usability.
WordPress's major success is in how it is built for the user and not the developer. This makes it simple to install, configure, and get going with content generation.
A large number of tasks (e.g. basic SEO) are handled for you (or with a plugin), so it takes the pain away from having to tinker with the details.
Another winning point would be its cost, with the caveat that this is generally only in the short term and is heavily tied to the other points discussed above.
From a personal point of view, WordPress is great at doing the small stuff. So for getting an MVP out the door, no problem! However, for moving beyond this basic territory (whether to scale or perhaps to integrate with an ERP system to get going with e-commerce), custom development is a much better choice.
Instead of framing the question as "Should I go with WordPress or custom development?" look at it as "What problem am I trying to solve, and is WordPress a good fit?"
As I said in the intro, it depends! This article is an attempt at covering the major points (from a technical perspective), but there are countless angles to look at the discussion depending on the situation – which we're more than happy to discuss over at World Wide Creative or we can chat directly via Twitter