When I first started ClearPivot, I developed websites in WordPress. However, I now believe that WordPress is a severe liability that most companies should avoid.
“But Chris!” you might say, “Isn’t WordPress the ‘industry standard’ for websites? Doesn’t everybody use it?”
A lot of companies use it indeed, but it doesn’t mean they should. I’ve seen first-hand many severe problems that arise from companies running WordPress websites. Here are some of the problems:
It’s a “frankensystem”
WordPress was never built to be a full website content management system. Even nowadays, the core WordPress install has very limited functionality. Most sites will typically install a large number of third-party plugins to incorporate common website functionality, such as forms, URL redirects, caching, and tag management. So the WordPress installation very quickly grows into a “frankensystem” running code from all sorts of companies and authors. This leads to the next big pitfall of WordPress…
As an open-source platform, security on WordPress is entirely up to you. Every single plugin on your WordPress site, as well as the core WordPress software itself, is a potential security vulnerability. Sometimes even the themes can be security vulnerabilities. Since WordPress is open-source, you’re responsible for your own security. And many businesses are not up to the task of doing that. I’ve seen many, many WordPress sites get hacked over the years. I even saw one website get hacked twice. In the second hack, the security vulnerability was a SLIDESHOW plugin.
You don't know "what's under the hood"
Because WordPress is an open-source system, there are often enormous differences in the back-end architecture of WordPress sites. Some sites are running modules through a third-party plugin; other sites are running modules coded directly through the website theme itself; other sites are using third-party page builder plugins like Elementor or SeedProd that override the majority of WordPress's native functionality altogether. Even something like changing a page title can be a laborious process just due to the time it takes to find out how the page titles are controlled. Are they controlled directly from the page/post titles? Are they controlled through a plugin like Yoast? Are they auto-generated from some custom code written many years ago that was originally meant as a time-saver but now is just a piece of forgotten technical debt? You never know what you're going to be walking into when you open up an existing WordPress site to make changes to it. It might be significantly more time-consuming that you think it is.
Bad plugin upgrades
So you need to keep your plugins upgraded and up to date to reduce your risk of hacks and security breaches. But sometimes the plugin updates themselves bring problems! Earlier this year, one of our clients had a bad plugin upgrade that caused severe problems with the website’s visual layout. It took 10 hours of our developer’s time to undo the damage.
We saw a similar issue with another separate client awhile back: a bad plugin upgrade rendered their site nonfunctional. They had a plugin that was symbiotically reliant on their installed theme. When the plugin was upgraded, it broke a dependency in their website theme.
If I remember right, it couldn’t be reversed because the plugin update was required for compatibiity with an upgraded component of the core WordPress install (the Gutenberg editor). So a core WordPress update mandated a plugin update which then broke the theme because the theme was built around the previous version of the plugin.
We eventually moved both of these sites off of WordPress over to HubSpot CMS, and they haven’t had any issues since then.
Poor spam protection on website forms
I have oftentimes seen WordPress forms get plagued by large amounts of spam submissions. People often try to respond to those spam submissions by implementing additional plugins with security measures on top of their form plugins, such as plugins with captcha fields in them. But these additional plugins can cause issues as well. One company we know installed a captcha plugin on all their website forms - but the captcha field triggered browser pop-up blockers, which in most cases caused their form submissions to fail. When you rely on website leads for most of your sales, that is an incredibly damaging problem!
Shrinking PHP talent pool
Tasks take significantly longer
The “frankensystem” setup of most WordPress sites cause common tasks to take significantly longer than they would otherwise. For instance, one of our clients used WordPress with Gravity Forms for website forms, and used HubSpot as their CRM. So for every form we would set up on their website, we would need to do the following:
- Build a Gravity form
- Build a HubSpot form to match the Gravity form
- Create a “feed” in the Gravity Form-HubSpot plugin and map all the fields between both forms to each other
So what would have just been a 1-step process in HubSpot CMS became 3 steps instead.
In another case, we needed to make some changes to a client’s WordPress website. We made the changes but they weren’t taking effect on the live site. In case like that, it’s usually because a caching system installed on the site has not yet ingested the website changes. So we looked up the caching system to refresh it. It turns out that they had *3* caching systems installed on their site: two caching systems installed as WordPress plugins, and a third caching system running on their hosting platform itself. We had to go refresh all three caching systems!
Why we recommend HubSpot CMS instead
So clearly WordPress has a lot of issues. So what do we recommend instead? Simple: we advocate for moving your company website to HubSpot CMS. HubSpot CMS addresses all of the pitfalls of WordPress:
It has modern CMS functionality such as forms, version control, drag and drop editing, URL redirects, and SSL certifications built-in, so that you don’t need a “frankensystem” of 12 different third-party plugins to get everything you need for your website. Version control by itself will be a life-saver to you sooner or later. And "taken-care-of-for-you" URL redirects and SSL implementation are table stakes for SEO and visitor experience on your website nowadays.
This is actually probably the most important reason to choose HubSpot CMS over WordPress. Because it’s a paid platform, you get tech support, infrastructure management, and software maintenance built-in, so that you don’t have to handle security, upgrades, and data integrity yourself. If you get stuck in a pinch on something, you will definitely want phone, chat, and email support available to you to help you out. Unless you're a full-time developer, you do not want to get caught in a situation where you are stuck in an intractable technical problem with nobody on call to get you through it.
More back-end code consistency
Everything in HubSpot CMS sites runs through their theme modules and the page editor. You don't have to worry about third-party plugins and frameworks overriding core functionality. If you want to change a page title on a page, you change the page title on the page. If you want to change a module, you can change the module through the page editor or through the theme editor. You don't have to worry about third-party dependencies like Yoast, Elementor, Advanced Custom Fields, WPCode, WPML, or other externalities connected to the site that you have to hunt down and dig through.
Better spam protection
Website form spam submissions oftentimes go significantly down when we migrate a site from WordPress to HubSpot CMS. And we rarely need to enable captcha fields. If your website forms are getting burned to a crisp from spam, try switching to HubSpot forms and see the improvements for yourself!
Modern programming language
The HubSpot CMS templating language is based on the syntax of Python, one of the most-used programming languages today, rather than PHP. If you are a developer, Python skills will give you a much brighter future than PHP skills, even if you don't stay in the HubSpot ecosystem in the future. And if you're on the marketing or business side and you're hiring a developer, the Python ecosystem will be a much better talent pool to draw from than the shrinking PHP ecosystem due to the gravitational pull of being a growing language.
Because we can do everything we need in one single environment rather than switching between multiple systems, plugins, and themes, we can get significantly more done in less time than we can in WordPress. We don't have to go a wild goose chase across themes, plugins, platform tools, third-party frameworks, or (perish the thought) core platform code forks, just to be able to change elements on a page. This is a massive time-saver. In fact, generally we can work about twice as fast in HubSpot CMS compared to WordPress.
We're sticking with HubSpot
WordPress was a great CMS platform back in 2009. But times change, and unfortunately WordPress has not kept up. Clearly we are making the case for HubSpot CMS as a better alternative to WordPress here. If you want additional options, there are other some viable CMS choices as well. Webflow is a great designer-focused CMS with very clean code output. Squarespace and Wix are easy-to-use options for very small businesses or solopreneurs. Any of them would be a better choice than WordPress! But HubSpot CMS continues to be our platform of choice for all the reasons listed above, and the platform that we recommend to most other people as well.
- PHP vs. Python in Google Trends
- StackOverflow 2022 Developer Survey
- Why Harvard's CS50 course switched from PHP to Python
- PHP usage stats
- PHP frameworks in Google Trends:
- HubL syntax
- Jinja templating engine