WordPress is a platform used to create websites. It can be a very quick and low cost way to get a professional looking website, and for this reason it is very popular.
Unfortunately it’s not always as good as it seems.
Like with most things in life, you get what you pay for and it always confuses us when people go with a low cost alternative then wonder why things aren’t working as they’d expect. One of the reasons for this is that many WordPress developers sell it as a one-size-fits-all solution; they promise the world to their clients and then under-deliver. This isn’t really the client’s fault.
WordPress is built on an underlying core-system, and then has a theme installed to determine how the site looks, and plugins installed to add functionality such as image sliders, contact forms and photo galleries.
The core-system is always being developed and there are regular free updates to improve it. Although these updates are optional, they frequently contain security patches that fix WordPress vulnerabilities. This means that these optional updates are in fact crucial if a user wants to keep their website secure.
It doesn’t usually matter of course, the updates are easy to do just a click of a button, right?
Well no, that’s the problem.
Usually they work, but the issue is that themes and plugins are developed by different people, some are made well, and others not so. A core WordPress system, theme and selection of plugins may work together wonderfully when the site is built, but each time an update is made there’s always a chance that part of the themes and plugins break. Furthermore the themes and plugins themselves require updating meaning they have less chance of remaining in harmony, and themes and plugins are often modified and so can’t be updated.
Each time WordPress, a theme, or a plugin is updated it should be a simple click of a button, but there’s always a slight chance that something will stop working. If you multiply this slight chance with hundreds of thousands of WordPress installations, plugins and themes, the end result is lots of broken websites.
Once things have broken there’s a dilemma. Do you wait for the plugin or theme to have an update and hope that everything works again? Do you pay your web designer to fix it? Do you pay your web designer to find an alternative solution that works with the latest update? It’s not a nice choice to have to make, especially when the costs are fairly open-ended.
This of course leaves WordPress web designers in a tricky situation. Should they keep their clients websites updated and risk the website breaking each time, or should they not do the updates and potentially leave massive security holes in the website? Although neither choice is ideal, from our experience most web designers do the latter, and cross their fingers hoping that clients’ websites aren’t compromised.
The only proper solution here is to be perfectly upfront with clients. Explain to clients that they may be saving initial development costs, but explain the risks (and huge costs) involved with a vulnerable website that’s not updated, versus the unpredictability of keeping it up to date. The costs for who pays for the updates and fixes should be agreed before a project is started.
Unfortunately there’s no nice solution, this is one of many compromises that clients, sometimes unknowingly, make when choosing a WordPress system.
Of course there are alternatives which alleviate this dilemma, and that’s where we come in.