Maybe WordPress isn’t crap, maybe you are!

As I write this, WordPress is reported to power more than 43% of all websites, yet it’s still not unusual to hear people declaring that WordPress is a pile of crap that should be avoided like the French.

If that’s how you feel, I’m going to (probably foolishly) try and convince you that WordPress isn’t the problem, you are.

A few days ago, I heard part of a podcast with Matt Mullenweg as the guest. In case the name means nothing, he’s the original creator of WordPress, the software, and the CEO of Automattic, the company that runs WodPress.com, Tumblr and WooCommerce, among other things.

For anyone who hates WordPress, part of that podcast won’t make for pleasant listening as he anticipates WordPress’ market share hitting 85% of all internet sites.

That sounds like a crazy figure on one hand, but in reality it probably isn’t a wild supposition. The growth of WordPress has been inexorable for years and while it’s never going to power the whole web, 85% sounds feasible to me.

So how could that possibly happen if WordPress is as crap as some people say?

Even if doesn’t grow any further, how could it come to power 43% of the interwebs if it’s crap?

The most common complaints are that it’s insecure, slow and hard to manage. I’ll add to that the complaint that the code is poorly structured that some coders throw at it.

That last one is the least important, but I know some people who know even less than me about the subject will happily cite that as a reason to condemn WordPress.

I’ll share my opinions on each of those complaints, starting with the last first, to get the least important out of the way quickly.

WordPress code is crap

I studied and worked as a graphic designer for various design and publishing companies, but I’m completely self-taught when it comes to writing code. I’m not an expert, but I’ll quickly try and sum this up as the code is at the heart of WordPress.

The philosophy behind WordPress means you can open some files and find HTML and PHP code mixed together quite freely. The HTML code is concerned with handling how a site looks, while the PHP handles how a site works.

A more pure view of how code should be structured insists it should be separated for ease of maintenance and performance. The code handling the data, controlling how the site works and the code controlling how the site looks should be separated as much as possible. Such philosophies, however, come with the overhead of being harder to learn and to put into practice.

I think a large part of WordPress’ success comes from the fact that it isn’t prescriptive in that regard. Anyone with a very basic understanding of PHP can jump in and extend it and create something useful.

The code they write may appear a mess in the eyes of some coders, but surely all that matters is that the code does what it’s meant to do in a reasonable amount of time.

Do you care if code takes a tenth of a second longer to run? Do you care if it doesn’t look “beautiful”?

Pragmatic decisions have driven the development of WordPress. If you’re a hardcore coder, sure argue the code corner, but if code is all Greek to you, don’t get caught up repeating others’ philosophical arguments.

WordPress security is crap

Reputations quickly gained can take an age to shake off. That’s the main reason for persisting claims that WordPress is insecure.

The shoddy graphic above is my attempt at a bell curve to help explain why you can largely stop worrying about WordPress being insecure.

When WordPress was first released, there were few users and so few security incidents. There’s no point hackers spending time trying to compromise software that has few users.

This in turn meant that security wasn’t a great priority. Why spend time hardening software that isn’t being attacked?

However as WordPress became more popular, it started to become more rewarding for hackers to target the software. Now if they were able to exploit a flaw in the code, they could target thousands, tens of thousands or perhaps even hundreds of thousands of sites.

So naturally the number of security incidents increased.

That increase also naturally meant that those using and developing WordPress had to start prioritizing security.

The long term result of that focus meant that even as the number of sites using WordPress increased, the number of security incidents dropped.

Nowadays, WordPress is a mature and generally secure system.

No software is 100% secure, but the sheer number of users means WordPress is largely safe and is patched quickly when flaws are discovered. In practice, most security issues with WordPress nowadays revolve around plugins and themes, not WordPress itself.

Ultimately though, the biggest security flaw in WordPress sites today is the site owners. There are various things most of us can do to almost 100% guarantee our sites aren’t hacked. However there are plenty of site owners who completely ignore their own responsibility and then choose to blame WordPress when their own failures lead to problems.

WordPress performance is crap

This is another complaint which largely comes down to users failing to take responsibility, in at least two ways.

The first is due to a lack of understanding of how WordPress works. WordPress is a dynamic system, so a database contains all the information needed to create each page of a site and every time someone visits a page, the correct data has to be found in the database and combined with other files before the page can be sent back to the visitor. By default, this happens every time a user visits a page.

You can get around this by using a caching plugin. These work by making a copy of each page after someone c¡visits for the first time. The next time someone visits the page, rather than recreating the page from scratch, the already prepared page is sent back to the visitor instead.

While WP Fastest Cache isn’t the most popular WordPress caching plugin, it’s one of he easiest to set up. I recommend it as some of the more popular plugins can actually make your site slower if you don’t configure them correctly.

The second way site owners slow their sites down is by installing lots of unnecessary plugins and poorly written plugins. On its own, WordPress performs perfectly well, assuming it’s on reasonable web hosting.

In most cases, adding plugins will affect the performance of the site, though in some cases this may be limited to the back end. Poorly coded plugins may be particularly damaging in this regard.

You may hear people say that you should never add more than 10 or more than 20 plugins to a WordPress site. Ignore such claims as no two plugins are the same. A plugin could be a single line of code to do something like hide a post title. Alternatively a plugin could contain tens of thousands of lines of code.

Just the amount of code isn’t the whole story either. A badly written plugin containing little code could slow a site down much more than a larger and more complex plugin.

If you randomly install badly written plugins with no real plan, you shouldn’t be surprised if your site turns into a tortoise. I’ve shared some tips on how to choose the right plugins in case it helps.

Managing WordPress is crap

This splits into two parts.

First there is the practical side of maintaining your own WordPress site. This may be intimidating to new users, but if you select a reliable web host, this needn’t be complex.

In practice it’s mainly just a case of keeping your site, plugins and themes up to date. Ideally set a reminder at least once a week to pay a visit to your site’s back end to update anything that needs updating.

You could set the plugins to auto-update which takes even more pressure off you. If you’ve got a few sites and don’t want to enable auto-updates for plugins, take a look at some services that allow you to update multiple sites in one go. Uncle Chuckles uses ManageWP for this.

The second part is WordPress’ admin screens can become overwhelming as more plugins are added. This can be a genuine concern as different plugin developers add numerous different menu items.

If you compare the admin screens of 100 different sites, you’d likely see 100 different admin menus.

Fortunately there are plugins that can help you with this. Uncle Chuckles’ own Underwhelm plugin is one example and you can learn how that can help you in this article on managing your admin menus. The article also suggests some other plugins that offer alternative solutions to the same problem.

WordPress is as good as you make it

WordPress is a great tool, but it will only be as good as you make it. If you don’t want to take the time to learn how to use it properly or don’t want to pay an expert, then it will probably be a huge pain in the arse for you. You’d be better off paying for a service that provides all the tools you need and manages them for you.

If you learn the basics of WordPress though, it’s likely that you’ll have a rewarding experiences with that it.

As your needs change and develop, you may find that other platforms will better serve you, but when starting out, WordPress can be a very flexible and affordable friend.