A good corporate website should be developed (coded) from A to Z. The choice of WP is mostly related to smaller companies or privates who do not want to invest large amounts of money.
Nevertheless, WP allows to have a very good quality / price final result. For SMEs companies this choice can be enough, especially because the CMS offers the possibility to have a ready to use, well designed and an expandable back office.
There can be good websites as well as bad ones by using both, Open-Source CMS or Coded from scratch.
It is important to consider that any dynamic website (i.e. linked to a database) needs to be maintained and updated for functional, evolutionary and security reasons. For some, a static website (showcase or business card) is enough. It is important to take this decision at the outset.
Wordpress for Websites, Blogs, E-Commerce...
WordPress has evolved substantially especially for its “Back-Office” CMS functionalities which are elegant, well structured, highly customisable and User-Friendly. It can be used for Blogs, Business Websites, and E-commerce.
The WordPress project, begun long time ago, in 2003, and has grown to be one of the largest hosted Web tools in the world. WordPress has become a mature and stable product that benefits from a substantial developer community. It is an excellent semantic publishing platform tool, combining aesthetics, web standards, and usability. WP is an Open Software delivered under GPLv2+.
For Users not knowing web coding and wishing to remain independent in managing dynamic content, WP can be one solution to have a good result at a reasonable price (compared to custom Web development). Nevertheless, a good Front-End development may require intensive work and good knowledge in programming languages such as PHP / MySQL / HTML / CSS / JS.
The WP community constantly updates the core software. Many available themes and plugins can be downloaded directly online from the CMS itself. Nevertheless, like any other CMS, maintenance and monitoring of the software is required to perform regular updates (including security patches).
The WorPress community organise regular WordCamps with well known guests. See WordPress TV.
Security in WordPress
Because of its popularity millions of websites are todays online. When a Open Tool became popular hacker and botnets are always on the lookout for attacks. Recently, even if the WP Community takes security issues very seriously, a lot of XSS attacks (Injections) have taken down thousands of websites. Since the WP CMS is growing every day, hackers will always try to attack in order to insert malicious code to corrupt your core files or your database (by injections).
Unfortunately, regular updates of the core system and related plugins today is not sufficient. Depending of the kind of hosting service you have, several mesures must be taken to avoid this kind of attacks.
Potential security issues may arise if none of the basic security precautions aren’t taken by the webmaster. Therefore maintenance and monitoring of any online website must be done on a regular basis.
These articles will give you some advices for making your WordPress website more secure:
- Hardening WordPress (Server and Files)
- WPScan Vulnerability Database
- OWASP WordPress Security Guideline
The most popular attacks are:
- Cross-site Scripting (XSS) attacks.
- SQL Injections.
- Filesman backdoor.
- .htaccess Hacking.
- PHP malicious code injection.
- And many more.
A WP developer must take into account all these parameters to secure any website at best. Moreover, patches and updates must be applied regularly (Server side and Front side). And old PHP version can become quickly obsolete and have many functionality corrupted. Plugin must be chosen carefully because no sustainability is guaranteed.
ARTELABS DIGITAL AGENCY provides consulting, maintenance and monitoring services for all the sites it develops.
Pros of WP
- WordPress has become a mature and stable product since 2003;
- Since 2021, updates and patches can be automated);
- Since 2021, a new integrate great feature called “site health” server side included (PHP versions, variables, security, etc.).
- Community developers constantly ensure innovation and security;
- Open-Source Free software and Multi-Platform (Web Application);
- Universal access. Users are not locked in to using a single vendor’s system;
- Developers can modify and adapt the software for their own business requirements using plugins or creating their own extensions;
- Front-End completely separated from the Back-End in order to perform core updates without impacting the main theme;
- It has proven sustainability because it evolves and has not stop since 2003.
- It has surpassed all other CMS such as Joomla by its modularity and technical structure.
Cons of WP
Since free WP software has become very popular for blogs, websites, e-commerce and other purposes, attacks have increased considerably. This means that the developer must master all aspects of this technology (including security).
- Must know what are the Plugins developed by real experts (pro).
- Some plugins may contain annoying embedded-ADS (publicity) and tracking scripts for the creator to gain visibility.
- Not all plugins are free. But for professional websites it is worth buying the premium version (also to support the work of its developers).
- No guarantee of sustainability of all the available Plugins. When a plugin become obsolete it must be replaced by another one compatible.
- Although WordPress software is itself mostly free, there may still be some indirect costs involved, such as need for external support.
- Although having an Open System means there are many people identifying bugs and fixing them, it also means malicious users can potentially view the code and exploit vulnerabilities. The WordPress community is in charge of validating uploaded plugins.
- Because of the way it has been developed, Open-Source software can require more technical know-how than commercial proprietary systems. That is why a developer is always useful, especially for customisation or Ad-Hoc extensions.
Approximate Development Process
Back-Office User Training