An intro to systems
Among the very first questions you’ll have to answer when it’s time to build a website is what are you going to build it with? Most clients I talk to pay this question little mind–whatever the web person uses is good enough for them. It’s worth digging into a bit though as all systems have their pros and cons. At FS Creative we build all our sites using a system called WordPress.
In olden days (the 90s) getting a website built meant you’d be dealing with a whole whack of HTML files, and you needed to know a bit of code to edit it. Evolving from there, we started using systems that removed the need to touch those files at all. Today, obstacles continue to be removed at a rapid rate, and we’re reaching a point where the act of getting a basic website is becoming fairly straight forward. We’re still struggling a bit with how to do it well, but if the goal is to get a website up, we’re crushing it.
WordPress is one of these systems that allows people to build websites. Of the available systems, it’s considered the largest, making up approximately 43.2% of the entire internet. Starting as a blogging platform in 2003, it has grown into a titan largely by virtue of the fact it’s free and open, allowing for anybody to jump in and create functionality.
This growth has made it incredibly versatile. It can run a cookie blog just as well as it can run massive corporate websites. Does that mean it can run your site? Certainly yes, but whether you want that will be up to you. Let’s take a tour through what WordPress is so you can make a decision.
Is it easy?
“I thought this would be easy”, my exacerbated friend once told me through a haze of regret. He had been told that WordPress would be an easy way to get his grand vision onto the internet, but after a couple wasted evenings he was feeling anything but grand. Had he been lied to? Had be been made a pawn in a wicked game by Big WordPress? Technically no, but he had been the victim of an annoying oversimplification.
To say WordPress is easy to work on is like saying something with 4 wheels that rolls around is easy to work on. One would be wise to ask: what kind of 4 wheeled thing are we talking about here? A lawnmower? A golf cart? A 1994 Ford Tempo? A Tesla?
Just as we find in our example, “WordPress” is a bit too wide of a term nowadays to label it as either simple or complex. It can be both depending largely on how it’s built or how you want to use it.
What got my dear friend into trouble was the degree to which he wanted to fiddle. Getting something up onto the internet with WordPress can be frightfully straightforward, but he wanted to tinker and play around with how things looked and behaved. That’s where most people run into something of an uncomfortable problem. You can really only tinker up to a certain point before things can start to get complicated.
The question is flawed somewhat because WordPress is incredibly customizable. Almost every part can be removed, adjusted, and put back into place. Two WordPress sites built by 2 different people might end up looking and behaving so differently you wouldn’t believe they were the same system. This is why when somebody tells me they dislike WordPress based off some bad experience, it’s a complicated problem because chances are what they’re calling “WordPress” could be very unique to that particular site.
There’s three primary ways you can adjust how a site looks and behaves, and that is by using a theme, customizing the files themselves, and using plugins.
Theming
Changing the general look of a WordPress site can be done with the push of a button. There’s entire businesses centred exclusively on selling themes to people to give them a head start.
It doesn’t just include what the site visitors see. Almost all themes adjust the back-end of the site as well (this would be the part of the website you see when you login to edit it). So when I note that some people rage against a bad experience with WordPress, sometimes what they’re saying is they hated the theme they were running. For example, all 4 of the edit screens below are WordPress, but they’re using different themes. Notice that it isn’t just a matter of different colours and buttons–the entire experience is different.
The further we get into the world of themes, the more intense they can become. Over the past few years, some themes have become more than just a pretty face. They offer special functionality to allow the site owner incredible amounts of control. Entire page layouts can be adjusted on the fly in seconds by simply clicking and dragging. These are a class of themes all their own often called builder themes. They’re not as locked down as traditional themes, and they allow site owners to modify their site layouts as if they were built with LEGO bricks.
The rise of these builder themes further muddies the waters. Some people praise the degree of control they allow, while others find them bloated and overly confusing. Truth is, neither is incorrect. They are incredibly impressive, and they also try to be everything to everybody, resulting in endless options that can become overwhelming to use.
Customizing a Theme
For those who want a solution more tailor-cut to their situation, there exists an option to create a theme from scratch instead of purchasing a pre-built theme. This is the way to go when we want the customizability of the builder themes, without the slowdown and complexity.
This method does tend to drive up the cost somewhat, as the entire design isn’t merely stamped out from a pre-built mold. Where this solution becomes attractive however is when you’re like my friend who needed things to look a very particular way. Unfortunately (as he would soon learn), you typically need a web person who’s done this a few times to help you.
Plugins
WordPress is the most widely used platform on the internet, so it has the benefit of having plugins that can provide almost any functionality you can think of.
These plugins can turn a standard brochure website into a an online community builder, a storefront, or a streaming service. The options are seemingly endless, and the flexibility in this area makes WordPress a very attractive option for website developers.
Much like themes, there are entire businesses built around the selling of professional-grade plugins meant to bring your vision to life. While WordPress itself is free, the tools we use on it oftentimes are not.
Also just like themes, when somebody says they’ve had a bad experience with WordPress, it’s very possible they’ve just had a bad experience with one of the 50,000+ plugins.
I’ve Heard It’s Unsafe
Heavy is the head that wears the crown. By virtue of being so popular, it’s naturally a hot target for bad people who want to take control of people’s sites. The good news here is if you take even basic precautions these concerns can be almost entirely alleviated. The bad news is if you don’t take these precautions, something bad will happen to you eventually. What are these precautions?
Good Username/Password Practices
Much like anything, don’t use passwords multiple times across the internet. Using a password manager such as 1Password or LastPass is a massive help in this regard. By default all WordPress usernames are set as “admin”. Simply changing this is the first step to keeping things locked down. It’s not enough, but it’s a good place to start. Think of it like locking your car door… you’ve already made it less attractive to get into.
2 Factor Authentication
By making it a little bit more annoying for yourself to login, you can make it an unmitigated nightmare for bad actors to get in. It’s a frustrating second step I appreciate, but almost nothing is as frustrating as finding your business now sells Russian penis ointment.
There are plugins you can use such as WordFence that will allow you to use a service like Google Authenticator to access your site. Google Authenticator is an app that lives on your phone and provides you a new 6-digit access code every few seconds. You sign in with your regular username and password, and then have to provide the code. Without a code from the authenticator, nobody can get in.
Seal all the doors
Don’t forget there’s two ways in. Most people log into their site through a web browser, but you can also access everything via your web host. This might be a company like GoDaddy if you’re cursed, or FlyWheel if your website was set up by somebody who feels love for you.
Having a bad password on this service would be like boarding up your doors for the zombie apocalypse but leaving a zombie-sized hole in your wall. Websites and host. Lock them both down.
Update Your Stuff
All those themes and all those Plugins (and WordPress itself) are constantly being updated to patch security holes. If you don’t actively stay on top of it, people will eventually be able to find their way into your site. This is commonly an ignored step by people because it’s both annoying and kinda frightening. Sometimes an update goes awry and your site shuts down. The fix is simple for that, but it’s uncomfortable enough to make a lot of people gun-shy. Should you find yourself in such a predicament, consider hiring somebody to handle this for you. It’s much more of an investment than a cost. Remember, whether you change the oil in your car or you pay somebody else to do it, you have to pick one or the other.
Choose your plugins wisely
Plugins range in price from free to super not free. While the temptation is to go all free all the time, free solutions can often times become problematic if the developer of that plugin decides they’re done and stops updating it. With a paid plugin this is less likely to happen, so in certain scenarios it’s worth the money to buy a quality product than to roll the dice on saving $30.
Depending on how you’re building your site (with a pro or DIY), you may not have a say in what plugins are added to your site. If you’re having it built for you, perhaps have this discussion.
Off we go?
WordPress is an incredible system that is so versatile, it can land anywhere on the spectrum from dead-easy to wildly complex. Some find the security issues to be simply too much to handle and go for a less flexible system with the trade-off of being a much smaller security target. By weighing the pros and cons hopefully you can decide if it’s best for your next web project.