4 Hidden Costs of WordPress Sites
April 15, 2008
I’ve written before about WordPress and similar “baby CMS” products being great alternatives for small business web sites.
They can be configured to have the same look and feel as the typical “static” small business site, with the following added advantages:
- Old pages can be updated and new pages can be added without having to have in-house web design skills, or hire a developer to make minor changes.
- The “blogging” side of the system can be configured as a press release section, article library or other form of regularly added content, encouraging visitor retention, re-visitation and added search engine traffic.
- Proper theme development and plug-in use can offer substantial search engine optimization with little or no manual intervention.
As a result, many small business owners have turned to having sites developed (or redeveloped) either partially or completely within WordPress. Unfortunately, they often overlook some of the hidden on-going costs of such sites:
The nature of all software is that no matter how carefully the developers have planned for security, it is vulnerable to previously unconsidered security issues. WordPress is no different. In fact, due to its popularity, it has become a popular target for hackers. As a result, updates are released frequently to correct security issues.
Most WordPress sites use anywhere from a few to a large handful of plugins. Not only are these subject to their own potential vulnerabilities, they often need to be updated when WordPress itself is.
As WordPress and any plugins are updated, these updates often require the theme of the site itself to be changed. This can be sometimes be minor (small syntax changes), or sometimes not so minor (the nature of a feature itself has changed requiring a fair amount of re-work.
More than a few site owners look at the items above and decide that they’re going to solve the problem by ignoring it. This can be the most costly decision of all.
It was recently announced that well over a million sites running old and vulnerable versions of WordPress have been defaced by search engine spammers.
In some cases this resulted in sites that were unusable by customers (or that certainly gave the wrong impression of the businesses that owned them), while in other cases the damage wasn’t immediately noticeable, but still caused Google to quit sending traffic to the site, resulting in lost business opportunities
As a result, if you are using WordPress (or plan to use WordPress) to create or enhance your business site, you absolutely must factor in maintenance costs. If you have the talent to do these tasks in-house, then budget time to allow them to be done.
If you have contracted with outside developers to create your site, keep an ongoing relationship with them to update your site as necessary — it will be far less costly than cleaning up the problems that an unmaintained site can face.
While WordPress is getting better and better at letting you know that updates are available, you may wish to consider negotiating a retainer arrangement with your developer, and have them automatically update your site when updates are available — chances are, they’ll know about them before you do.
In all fairness, while I’ve picked on WordPress here regarding this issue, it’s only because of how widespread WordPress is in these applications. The same considerations, however, apply to all popular web applications. CMS software / blogging software and web forums are particularly prone to such issues, and being prepared to keep them regularly updated is part of the cost of ownership of such features.
Even full-on custom web applications are not immune to such considerations. Although they might not result in as much attention from hackers as widespread applications such as WordPress, they are still developed in scripting languages that require regular security updates, and these updates can often require changes to be made in the web application itself.
If you run a site that is based on or includes a web application such as WordPress, what experiences have you had keeping it up to date? Do you do your own maintenance? Do you have a relationship with a developer who maintains it for you? Please share any good stories or cautionary tales with us!