The pitfalls of a customized WordPress website

I recently observed someone offering a potential customer of theirs a customised WordPress install. I immediately winced and wanted to shout out to the potential customer to be careful. Before I get into why customisations can be a very bad thing, I need to establish my own credentials.

My own website history

For much of the 30+ years of my professional career, I’ve worked with, managed, developed and designed websites. I spent over twenty years as a senior UNIX engineer and have managed the infrastructure that underpins thousands of websites. Today, I’m the technical Operations Manager for a hosting company which accounts for thousands of individual customer websites. I’ve seen different technologies come and go over the years and I’ve been there each time a new trend has taken hold. I’ve witnessed successful sites and not so successful sites. I won’t kid you. Despite having had numerous websites of my own, it’s not a foregone conclusion that my own website designs are always going to work or be successful. It’s a notoriously hit-and-miss affair with websites; my audience may or may not want or like what you’re your audience wants or likes, for example.

How to build a website

There’s nothing mystical about a website. It’s just a set of instructions that tell the browser what to display. All it takes to build a website is a text editor. If you can type, you can build a website. The following lines of code represent a most basic website:

<html>
<header>
<title>
This is title
</title>
</header>
<body>
Hello world
</body>
</html>

Write these lines of code into a file called index.html and that’s it. You’re done. You’ve created a website. Of course, you need some sort of website software – called a webserver – to make this website available and visible to someone with a browser. The most common ones are Apache and IIS. For our purpose, we don’t really care about what webserver is being used. Perhaps I will address that subject in another blog.

The Content Management System

Wordpress - one of the most popular Content Management Systems in use todayOK, so nobody is actually building websites nowadays using a text editor. Why is this? Well for one thing, the average web page contains far too many lines of code for it to be practical to write it all out manually. Use your mouse to right click somewhere on this page. Find the ‘View Page Source’ entry and select it. That window that opens up full of gobbledegook shows you all the lines of code used to construct the page you’re looking at right now. Can you imagine having to write all that out manually? Enter the CMS or Content Management System. A CMS is just a fancy term for the software that’s used to build and manage a website. It manages everything for you in a way that’s easy to understand and use. Some of the features of a good CMS include:

  • Allowing multiple users to collaborate on the same content
  • Managing different versions of the content
  • Making it easy to work with various types of content, such as text, graphics, audio, video, etc.
  • Permitting you to build interactive content for your users

There are a number of really good CMS’s out there today. These include Drupal, Magento, Joomla, WordPress, Alfresco and many more. Perhaps the most popular of them all is WordPress. Originally designed as a blogging tool, WordPress has become the de-facto CMS of choice for the majority of website owners. One of WordPress’ strengths is the truly vast array of themes and plugins that will enhance its functionality – many of which are freely available.

Perhaps more than anything else, a CMS mostly serves to facilitate the ability for the average person to make their own website. How? By creating a user interface that allows the website builder to simply point and click their way to a finished website design. When you have a good CMS, there is no need for any coding experience at all. It’s all point and click; drag and drop. A few clicks here and there and all the required coding necessary to construct the page is done for you automatically. And best of all, you won’t ever need to see that code.

The Pitfalls of a Customising a WordPress Website

Someone tells you “Hey, I can make you a terrific website. I’ll even customise it for you.” Wow, that sounds like a great offer, right? Perhaps not. Before I can explain why this might not be such a good idea, let’s take a little look at what goes on under the hood. I promise this will be easy to understand.

Regardless of what the website looks like on the front end – i.e., it’s design, layout and what the browsing public actually sees when they visit it, there are some general rules about what to avoid when building a website that I’ve learned are crucial to pay attention to. One of these is that it’s dangerous to rely on any customisations. WordPress relies heavily on pre-built themes and plugins. Think of these as little bits of software that are designed to do something specific. A theme defines the general layout and look & feel of your website. It’s responsible for the colour scheme, the general layout of the page, where the menus are and what they look like etc. A plugin adds a particular piece of functionality to the site, such as social media buttons, an image carrousel, a calendar or whatever. There are literally tens of thousands of plugins available for WordPress and countless themes to choose from.

So, you’ve decided on a WordPress CMS, you’ve found a theme you like and you’ve added a few plugins to get the functionality you need. Congratulations. With a bit of clicking here and there you have a beautiful website and can now sit back and rest on your laurels. Right? Wrong. Here’s the rub. Software developers change their software all the time. They are constantly coming out with updates. There are a number of reasons why they do this. Here are some of the more common ones:

  • New functionality is introduced
  • Bugs are found and fixed
  • A vulnerability is discovered and the software is no longer secure
  • Regulations change over time
  • WordPress itself is updated

If you’re not updating your theme and plugins routinely, you may find your website is subject to attack and compromise because a bug or security hole has been exploited. The average website is being attacked repeatedly by automated pieces of software called bots. These attacks can come from anywhere in the world. They prod and robe your website in search of a vulnerability. If they detect one, they can take over your website and do their own malicious bidding – and oftentimes you wont even know it’s happening.

Another problem is that out of date plugins or themes may not work at all the next time you upgrade WordPress itself. This has happened to me before. I chose what I thought was a really nice theme from a reputable developer for one of my website. The theme came with a custom editor that I used to construct each of the pages. Unfortunately, the developer of that theme went out of business about a year later. When I upgraded my WordPress CMS, the theme suddenly stopped working and I was unable to modify any of the webpages because the custom editor stopped working. Ouch!

Not to worry, I hear you say. I’m diligent about always keeping a backup of my website and my theme and plugins are routinely updated. OK, so you’re half way there. There’s just one more problem you need to be aware of. Remember that offer of some fantastic customisations? Although well-intentioned it may have been when they made you that offer, you need to ask yourself are they going to be around to continue to provide you with updates each time a new version of WordPress comes around? The problem is that once you sign up to any kind of customisations from any developer, you are now at their mercy for as long as you want to keep your website. Will they always charge a reasonable fee in the future once you’re a captive audience? Can you think of a good reason why they would offer you a custom website to begin with? I know I can.