WordPress: A Love Hate Relationship
I’ve probably created nearly 100 WordPress sites in the past couple of years. I can do a manual install with one eye closed and one hand tied behind my back. I can spend hours looking for that perfect theme. Not to mention that my limited php skills are actually enough for me to successfully tweak and modify WordPress templates to my liking. I’ve worked with Drupal and Joomla sites, Code Ignitor, Mambo, and various e-commerce content management systems. But at the end of the day, WordPress has my heart. For me, the flexibility of being able to do whatever I want with a simple plugin makes my life easier. Need social media functionality? Plugin. Video capabilities? Plugin. Want to create quizzes and surveys? Plugin.
I’ve definitely had my share of troubleshooting WordPress – futzing around with the .htaccess file on earlier versions; learning about chmod commands, cleaning up several security hacks that have injected strings of malware into my code. But I don’t mind, because with each issue, I learn something new, and how to deal if it were to ever happen again. Besides, every CMS will have its fair share of issues and limitations.
But lately, my WordPress sites seem to have a mind of their own. In trying to keep up with the never-ending WordPress updates (3.0.2 on November 30th and 3.0.3 just this past week on December 8th!), funny things have been happening. With one website update came a broken theme, which led to a disappearing Uploads folder, and the loss of several thousand images. Luckily we had back-ups and were able to recover the files, but it was not without wasted time and frustration. On another site, the automatic upgrades would not work, leading to more wasted time trying to figure out why. So yes, WordPress has been frustrating the hell out of me lately.
My partner Avi thinks WordPress is a terrible (gasp!) CMS and has more security issues than the TSA. Because with every install the files and code are the same, and every default login URL is the same (/wp-admin), 2nd graders can figure out hacks. For me, I just know how and where everything is structured and laid out, so setting up a beautiful site is a a no-brainer. The trick is to be smart about protecting your site. Here are some ways to stay secure:
- Change the admin URL! Rather than logging into the back-end with www.yoursite.com/wp-admin, you can set it up to be any URL you want, making your site less vulnerable to hacks. Simple instructions here.
- Always back up your site regularly! You can do manual back ups, or use a plugin, such as WordPress Database Backup or WordPress Database Manager.
- Don’t login using Admin, which is the default username, change it to something a bit less obvious.
- Change your password from time to time.
- Don’t be plugin happy! Make sure your plugin is popular and has been reviewed several times; you don’t want to install some unknown plugin that may contain malware.
- Update your version of WordPress as upgrades become available. WordPress releases upgrades when they find and fix a security breach.
So, these are my thoughts on WordPress in a nutshell. Would love to hear about how you all feel about WordPress. Does it rock or am I just one more disaster away from breaking up with it forever?
I publish about 50 WordPress sites and I like it because of its flexibility to produce websites, blogs and websites with blogs, and because it is in the cloud and not on my laptop. However…because it is database driven, it is much slower than my html sites. Many of my WordPress sites take up to 4 seconds to fully load vs. less than 1 second for html sites. I rely primarily on organic traffic but I would be concerned about sending paid traffic to a site that loads this slowly.
You can always use a caching system for to improve the speed of your sites. There are a few plugins that do that for you.
Many of my WordPress sites take up to 4 seconds to fully load vs. less than 1 second for html sites. I rely primarily on organic traffic but I would be concerned about sending paid traffic to a site that loads this slowly.
Although I have not assessed this hypothesis in a controlled experiment, I believe there is a positive correlation between the speed of which a site gets indexed and the WordPress CMS. Google, for some reason or another, seems to love WP sites and will index a new WP page rather quickly in my experience.
By the way, there is a good article here about the safety of downloading free wordpress themes. I suggest checking it out. The bottom line is that you have to be wary of malicious code in a lot of free templates, unless you download a theme directly from WordPress.org.