The real cost of using Wordpress


5 min read

Posted by Matteo Granara on February 03, 2021

The real cost of using Wordpress

Open-source content management systems are here to stay, and that’s a good thing. The communities behind the plethora of existing CMS have driven features and innovation in the web sector for two decades now. Each CMS has its own history, mission and target audience, but the general trends are often very similar from one product to another. A simple example: the WYSIWYG interface, the real last innovation in that sense.

Among them, there’s one open-source CMS that stands out: WordPress. Pretty much everyone knows it, from people in the business to content enthusiasts. It’s relatively simple to setup, fairly intuitive to use, and, most of all, free to use.

Is WordPress really cost-free?

In my opinion, no. Or not entirely at least. Sure, you don’t have to worry about the license fees, but there are other hidden costs that pile up over time that need to be considered from day one. On several occasions I witnessed prospect clients being surprised by the costs generated by their WordPress websites. Not to mention the roadblocks that they encountered down the road due to the poor support.

The right tool for the job?

Let’s take a step back, all the way to 2003, when the first ever version of WordPress was released to the public. It was designed to be a blog engine (everybody wanted a blog at the time!). With its simple architecture and intuitive interface WordPress became an instant hit with the community, and it kept growing exponentially over the years. The genius move was to allow the community to design shareable themes and plugins. In the space of a couple of years, WordPress became the de-facto standard for blogging. And that’s the keyword: blogging. Blogging is what WordPress was designed for. However, the community around it began developing more and more features, allowing full websites to be built on its framework.

Today there is a plugin for pretty much any requirement, from the most basic features to advanced ones, and even themes ready to be installed from the gallery. However, as the saying goes, all that glitters is not gold.

Dependencies on third parties

The first thing to be aware of, when using plugins, is that you are using third party software written by members of the community (with a few exceptions). There is very little warranty – if any - about the quality and safety of the component, but most of all, about its support, both short and long term.

Plugins are controlled for malicious code when they are submitted, but they are not necessarily tested for compatibility as the latest versions of the platform are released, nor are they tested for vulnerabilities. Oftentimes they do not receive updates for months or years, and they can even be discontinued altogether without warning.

Users also tend to abuse the plugin model, even by simply testing, disabling, and deleting them, but unbeknownst to them almost every plugin leaves traces in the database and often on the file system. In turn, these remnants often create unexpected backdoors for malicious users or can cause performance issues as time goes on.

Worst kept secrets

Thanks to its flexibility, WordPress is the most widely used CMS in the world with millions of active installations, but this doesn’t necessarily mean only good things: its flexibility and notoriety make it the preferred target of wannabe hackers or hack bots alike. This characteristic becomes even more enticing to the so called “script kiddies” when you consider that the WordPress foundation regularly releases the list of vulnerabilities to the public, with the honourable intent of showing what has been fixed in the current release. This is a dangerous combination that forces you to regularly upgrade the CMS and all of its components pretty much every second week, and you have to hope that no plugin ceases to function or breaks altogether in the process.

As you can imagine, maintaining such systems requires effort and time, which in turn means increased costs. Using too many plugins, or even worse, making too many of them the focal features of your website, may end up costing you time to fix them or to replace them. Even to the point that you need to rebuild your website from scratch because the upgrade and maintenance costs are higher than a fresh rebuild.

Considering the average lifespan of a website is approx. 4 years, you want to ensure that your website is always functional, well protected, and that it doesn’t generate unexpected costs during its planned life span.

What is a license?

The open-source approach still works well today for smaller or personal websites, but when it comes to corporate websites, WordPress cannot compete with proprietary CMS such as Sitefinity, Sitecore, and Kentico, which are specifically designed from the ground up to cater for this target audience. Corporate websites require security, scalability, and well-planned roadmaps to ensure everything is covered from day one.

Proprietary CMS are regularly tested for code quality against the most demanding standards (e.g., OWASP and ISO), they are developed with best practice in mind and according to a roadmap that typically covers at least two years.

Releases are supported over time and updates are continually developed. When a vulnerability is discovered, a bulletin is shared with the partner companies such as Arekibo so that actions can be taken in a timely fashion before the issue becomes widely known.

When a feature is not part of the product out-of-the-box, an experienced development team such as Arekibo’s will develop it by leveraging the architectural model of the CMS and ensuring that best practices are followed at all times, from planning to delivery.

Ultimately, the license is also a commitment from the issuing company that allows you to plan your website over time with no surprises. Most of the time, a website is not a “just a simple website,” rather a platform that needs to be designed, built, released, supported and upgraded over time. The license provides you with peace of mind to expand your platform without having to constantly playing catch up with unforeseen roadblocks.

Additional benefits

Since the advent of Microsoft Azure, the teams behind Sitefinity, Sitecore, and Kentico have begun integrating more and more features with the Azure ecosystem, adding features such as secure login with Active Directory, Multi Factor Authentication (MFA), Advanced logging and monitoring capabilities to name a few. These added benefits stem from roadmaps planned around the .NET framework.

As a conclusion to above, from my point of view, open-source solutions such as Wordpress are not really free, as they pose serious risks when managing your digital presence long-term. Choosing the right CMS for your business is a decision every business should make on their own, however for those businesses who prioritise security and scalability, we would recommend using alternative technology platforms, such as our partners Sitefinity, Kentico and Sitecore.

Is your site currently on Wordpress? Contact us to discuss upgrading to Kentico or Sitefinity today.

About the Author

Matteo Granara
Matteo Granara

Matteo is a certified Azure Cloud & SQL Server specialist. He has worked in Arekibo for over 10 years and is Head of Cloud Hosting Solutions at Arekibo.