“Is WordPress safe?” …….. this is a question I’m often asked by prospects looking to build a new hotel website.
NB: This is an article from gcommerce
While WordPress isn’t the solution for every website, here are some reasons why we recommend the #1 content management system on the market.
Subscribe to our weekly newsletter and stay up to date
WordPress Security in General
As the most popular content management system with over 40% market share, it’s understandable why WordPress might be an attractive target for nefarious activity. Here’s why we rest easy:
- World-wide community. With a world-wide, open source community, it’s in everyone’s best interest to find, share, and patch security vulnerabilities, which WordPress releases at frequent intervals.
- Security plugins. We install a security plugin on all GCommerce hotel websites called Wordfence that helps protect against brute force password attempts, keeps a log of file changes and user logins, blocks suspicious IPs, and more.
- Regular updates. We apply released security patches (using the WordPress update panel) on at least a monthly basis with our Preventative Maintenance service, and more frequently when a critical patch is needed. This keeps our site from being low hanging fruit for would-be attackers.
It’s important to remember that hotel website software is organic and constantly evolving – it’s not something that should be set and forgotten (which is a good way to become a target). While we can’t control when or how software updates are released by WordPress or 3rd party plugin developers, we can control when and how these updates get applied. We offer a Preventative Maintenance service for clients that host with us to do just that – taking the stress and unknowns of what’s going to happen out of the equation.
For GCommerce, this means using testing environments to identify and address issues before they’re applied to public-facing hotel websites. So while we cannot guarantee there will never be breakages (no one can), we do everything within reason to keep this reality of software development manageable for ourselves and our clients.
On the topic of WordPress plugins
“Okay, I see how I can make WordPress secure for my hotel’s website. How do I keep plugins from breaking?”
In a nutshell, plugins add functionality to your hotel’s website. They can do anything from adding a simple button, to adding an Instagram feed, to adding an entire eCommerce store. Considering the complexity of what you need and how mission-critical it is to your operation is a great way to keep your investment in perspective.
Before installing anything to our clients’ websites, these are the key factors we consider when evaluating plugins:
- Age of the last plugin update. We look at the latest update date for a given plugin to determine if it is still receiving ongoing support. Depending on the complexity of the plugin, we will generally only use ones that have been updated within the last year or less.
- Number of installations. We consider how many websites have the plugin installed and in use on their site using the WordPress plugin repository. The larger the user base, the more likely there will be community support forums and/or support provided by the plugin developer which means more bugs are being discovered and fixed across a variety of development environments. In other words, it’s likely to be more robust and secure.
- Premium options for complex or critical functionality, when needed. For functionality that is more complex or sensitive in nature (for example eCommerce plugins), we will generally recommend premium WordPress plugins for guaranteed support availability and responses.
- Using a limited number of plugins. We strive to avoid using too many plugins on a site to reduce the risk of compatibility errors. Whenever possible (and when it makes sense), we will first write functionality as part of the WordPress theme before reaching for a plugin to further reduce the risk of breakages. A good target is to limit to 12 – 20 plugins, but there are always exceptions. Just understand the more you add the more likely you may need to come up with creative compatibility solutions.
We know how frustrating it can be when a WordPress plugin that was working perfectly fine last week seems to stop working for no good reason. And while it’s tempting to say “Just change it back! It was working before!”, you run the risk of your out-of-date software being exploited.
By keeping on top of updates so your version changes are small, dealing with these incremental breakages (which is normal) will keep the long term maintenance cost lower. It’s a lot like getting an oil change for your car. If you change it regularly you’ll get better mileage and performance out of it, with disastrous consequences if you let the oil run dry and melt your engine instead.
On the topic of WordPress themes
Similar to plugins, WordPress themes (also sometimes referred to as commercial templates), focus on the look and feel of your hotel’s website, with some functionality baked in. Wherever the theme functionality ends is where plugins begin.
Similar rules apply when selecting a theme, especially the support. As far as expected mileage goes, I’ve found the lifespan can vary drastically from client to client. My rule of thumb – if you want to take advantage of the latest speed enhancements and stand out from your competition, you should consider revisiting your website needs every 3 – 5 years. (I mean, if your smartphone is considered ancient after 2 years… you get the idea.)
Why Should I Use WordPress For My Hotel’s Website?
There are many, many reasons why WordPress is a go-to for our company. Here are some of our favorite reasons that impact our and our clients’ bottom line:
- Access to quality developers. There are plenty of qualified WordPress developers available anywhere, making it easy to find, vet, and hire support when you need it. While your current developer is hopefully providing all the services you need, having assurance that external support is available to maintain your site should you need it is a great insurance policy.
- More affordable long term maintenance. WordPress applies frequent, incremental patches which tends to make compatibility issues less severe and easier to address when they do arise (and they will). But because there is better WordPress developer availability, it’s more likely these issues can be addressed in a timely manner and at a reasonable cost (vs. paying premium for developers in limited supply for other platform solutions like ExpressionEngine or Magento).
- Reduced staff training. The longer WordPress is used, the more likely it is you will have future employees that already have familiarity with the content management system, making training faster, more accessible, and easier to work with.
- No recurring license fees and includes upgrades. WordPress has no recurring license fees for the core software and users get to enjoy the benefit of having functionality upgrades for free. The trade off however is that the onus of keeping the software up-to-date is the responsibility of the site owner, unlike with a proprietary system.
Still not convinced? That’s okay. WordPress isn’t for everyone and it’s not appropriate for every site. But hopefully you now have a more informed understanding of why it might be the right choice for you. Thanks for reading!