Woah! Your probably think did I read the title of this post correct? Well no you didn’t! but let me make one thing clear, I’m an avid WordPress fan and use it on a daily basis not only for my own websites and for many clients. Since its inception as “WordPress” in 2003 I was a reasonably early adopter using for my own blogs in 2004 and 2005 and I have installed and insane amount of WordPress installs over the years. So what am I taking about? WordPress is great! Its used by companies such as “The New York Times”, “The BBC” or celebrities such as “Snoop Dogg” to “Usain Bolt”.
The trouble comes down to one of its best assets, the fact it is Open Source and so many people have adopted it.
So why do I hate WordPress?
I’ll be honest I don’t hate WordPress I hate WordPress Developers! You may have ready my post “Shouldn’t my developer know SEO?” and this is the type of developers I’m talking about; it far too easy to find someone who develops WordPress websites, but there needs to be a clear distinction between developing a WordPress Website and Developing a Good WordPress Website. Let me expand on this and talk about where my frustrations come from.
I have come to learn that any website should abide by certain hygiene factors especially these days for example:
- Usability / Conversion
- Basic SEO
- Responsive / Mobile
My main problem with 90%* of WordPress developers is that they take none of the above into consideration, OK well for many WordPress installations they are singular blogs where the owner manages and makes all the changes themselves, however most company sites should be able to be picked up by anyone and I find myself continually battling against this.
The most common mistake I find is that developers put WordPress sites live without un-ticking the box to let Google spider them.
All sites can be subject to vulnerabilities, however one thing about WordPress is its common usage, I asked Irish Wonder for her opinion having seen her present on the subject before, she advised.
Many issues, however, are not platform specific for WordPress only – e.g. any site owner can set permissions to 777, even for a static site not using any CMS. Any CMS can have search results indexable (which is one of the security flaws covered in my slide deck). Same goes for any CMS that is extendable with plugins – theoretically, any third party plugin can add more security flaws. The main risk with WordPress, IMHO, is, like other popular CMS’s, it is a frequent target for those looking for security flaws because once you find one you can use it so many times. Which, of course, does not make bespoke sites more secure, just less likely to be targeted.
In June 2013, it was found that some of the 50 most downloaded WordPress plugins were vulnerable to common Web attacks such as SQL injection and XSS. – Wikipedia with this in mind its no wonder that when I asked Yoast (a prolific WordPress Plugin Developer) about his biggest gripe he advised:
Most annoying thing? Installing unvetted plugins from outside of WordPress.org
If you want to know more about WordPress Security you can also take a look at the slides from Bastian Grimm at SASCON 2013:
My Next Gripe with WordPress Developers is scaling up a project, one great thing about WordPress is that it can be scaled up and reasonably easily… Wait! That depends on on if its been developed in a way to allow scalability. My main tips are avoid:
- Pages which use a template to pull in individual pages – I have seen this many times where a developer creates a fancy template where you can not edit any of the text in the actual WordPress page, in fact it will call an ID in the template and pull in text from another page created. Not only does this potentially create duplicate content, it defeats the point of using WordPress in many ways.
Themes and Site Design
I often find I’m in the WordPress admin for a page and the site has been designed to show to different sections of content with the template, here a developer may use a plugin such as “Advanced Custom Fields” this allows a user to then have various WYSIWYG blocks on the admin of a page, but it becomes UN-manageable and makes scalability difficult as instead of one WYSIWYG editor you know have five or ten all pulling from the database.
Usability and Conversion
Now if you design websites you should design for the user, regardless of how pretty a website can be if it doesn’t generate leads or sale its useless* (*unless you do simply want a brochure website) . You don’t have to be an expert in conversion or usability to know that text colour should be a contrast from the back ground, or that navigation should direct a user to where they want to go. If a page is created you should always think:
- How will someone get here?
- Where will they go from here?
- How do they return to where they have come from?
Again in my mind if your are a WordPress Web Developer you should understand at minimum the fundamental concepts of on page SEO which are:
- Heading (H1)
WordPress is great because it can create search engine friendly URLs and generally gets spidered pretty quickly when a post is published, however please please when you develop a template file include a H1 (heading) tag, this is all I ask…
Of course there are many other things you can do regarding WordPress and SEO, I’m not going to go through them in this post, but one other gripe is that developers are very quick to install an SEO plugin, however if all you do is install it and then leave the same duplicate title on every page then you just shouldn’t! Leave it alone, let word press use the default titles and at least have some originality and uniqueness to the titles.
WordPress is a Content Management System (CMS), you can add users with different privileges so many people can update posts, sales messaging etc, so why design a Theme than has static content which can’t be edited unless you are a developer?
Tip: Also think about using something like Google Tag Manager, this allows you to manage, analytics, Adwords conversion, remarketing code all in one place without access to FTP’s (Once the code has been placed), making updated code easily and adding new conversions for Adwords and not having to rely on a developer.
Responsive / Mobile
If you develop a theme so it is responsive then at least test it, See example below.
The other key point is testing; just because a theme is responsive doesn’t mean it will work better than a non responsive theme, I would personally split test the responsive version against the original (non responsive), I do appreciate that this may not be down to the developer to make this decision.
I wrote a post a two months ago about tracking and testing your contact forms so all I ask as bare minimum MR WordPress developers is please ask your client if you should install some form of analytics and please check it and the forms works.
Above all if you are a developer or an agency which lay claim to WordPress Development (Or any development) please take a little pride and test what you have created! I recommend at least spidering the site to find any common faults (You could use IIS Toolkit (Free), Screaming Frog (Free & Paid), Xenu (Free), Alwebsite Analyser(Paid)) and of course test the forms.
End of Rant?
Please excuse if it seems that I have shoe horned all WordPress Developers with the same hat, I have just had many frustrations having dealt with 50-60 different WordPress Developers and Agencies and having to pick up the pieces, but is this just me? No, I spoke with Alex Moss of Firecask and Shane Jones who both co-founded Peadig a WordPress Theme built on the Bootstrap Framework, this is what they had to say:
I love WordPress. It’s my CMS of choice and I advise most of my clients to use it. Is it perfect? Far from it, but it’s the best choice and there’s a reason it powers 26% of all websites. For me, weaknesses usually stem from poor coding. This poor coding can come from either:
- Bad custom theme development
- Bad paid theme purchased from Joe Bloggs
- Bad plugins
The issue is that none of those 3 things help you unless you know how to look at code and what to look for. I did give a few tips in an article I wrote a few months ago. To me, it’s about trusting the developer most of all, and doing your homework on plugins or themes you intend to buy.
As a developer who never really advertised himself as a developer at the beginning of my career, most of my WordPress creations are a result of someone else doing a poor job of something I think I could do better.
In the setup phase there are a few key things that should always be done. If you’re not the most experienced WordPress developer or you may have skimmed the documentation, you’ll miss an important part about changing Security Keys. These are used for encryption on your WordPress site and as it says on the codex itself:
A secret key makes your site harder to hack and access harder to crack by adding random elements to the password.
This is usually the first thing I do when in my config files and ideally you would make these all different values for the 8 different variables there. Another good issue a lot of people miss in setup is changing your admin username from admin to something less easy to guess. WordPress even recommend this themselves. (Source: http://codex.wordpress.org/Brute_Force_Attacks ) The reason being that most of the brute force attacks that happen on WordPress happen through scripts trying to guess the password for the admin user.
My biggest annoyance with some free themes is some that actually don’t have some core css styles that WordPress requires. These styles can be found here http://codex.wordpress.org/CSS. Without these styles, which can be modified themselves, the page a user creates will not look the same as when they creating the page in the page editor.
Then there is testing, I have worked with some themes in the past that haven’t been tested well. When you create a theme you should really test every possibility of post or page that a user can create. Luckily there are some tools to help you with this. WordPress themselves have a Theme Testing export file that you can upload to your site. Personally I use tool called WPTest.io. These testing tools will create a number of posts, pages, categories, users in many forms. In the case of WPTest, you can click into the posts and it will tell you what you need to look for. Then its a case of tweaking those posts until everything looks great in your theme.