Over the years we've launched more than a few client sites using WordPress. And why not? It's seemingly a low-cost platform with all kinds of extensible features. We've found it to be true that if you can imagine some functionality that you need but don't have, someone somewhere has created a WordPress plugin for it.
The catalog is huge, with over 44,000 offerings at the time of this writing. The support community is active like no other. In recent years, in terms of actual use, WordPress has gone from a favorite blogging platform to now being regarded as one of many leading open source content management system solutions. Experience can be a rough teacher so bearing that in mind here are regular responsibilities to embrace if you want to launch WordPress as either a small scale or large-scale solution.
"Free like a Puppy"
If this saying applies to anything, it sure does to WordPress: attractive, fun, relatively easy to set up. However, even if you don't implement any customizations, you are still on the hook for regular maintenance. The WordPress core needs to be kept up-to-date as well as any plugins you may have installed. In addition, sometimes plugins become unsupported or worse become incompatible with the latest WordPress version. All that means is that you have to do care and feeding. A brief audit of your WordPress version and plugins should be conducted on at least a quarterly if not a monthly basis.
Caution about Customizations
Because of the openness of WordPress, it lends itself to situations where even a plugin or a site theme may be subject to customization—depending on requirements and whether that plugin or that theme needs tweaking in order to meet the need. It could be anything. Maybe you have an event calendar plugin and you'd like to add a Facebook like button. But probably it is something more critical than that. Recently one client with a premium service site had a specialized need that would be satisfied by modifying the WP-Members plugin. But now having introduced your own modification to the code, that plugin can no longer be updated using the usual updating process. That can be fine, but it is something to be managed going forward. There's an increased cost-of-ownership that's introduced. Over time, the plugin may become incompatible with WordPress and the whole issue will need to be revisited.
The day it is launched, and probably the day after, the results may be terrific. And yet, WordPress is nearly always hungry for plugin or theme updates. Remember, it's like that free-spirited puppy, and neglecting it can have disasterous consequences.
Security Concerns
When it comes to security, WordPress can be a victim of its own success—so popular it is a big target for hacking. You don't want your site lauching links to malware, one of the most common exploits. Clean-up can be very difficult and sometimes near-impossible. In the meantime, your site may become blacklisted if serving malware.
It's not complicated, it's just that you never want to "set it and forget it." Just follow some simple guidelines to keep your site healthy and safe:
- Keep up with releases and updates: The number one rule in maintaining security for this platform is keeping up with frequent core releases and plugin updates, many of which are to patch-up discovered vulnerabilities.
- Use complex passwords. Wordpress will now autosuggest complex passwords for user accounts. Don't override this with easy-to-guess alternatives.
- Rename the "admin" account to something a bit more obscure.
- Use security add-ons such as Sucuri or Wordfence which can help limit unauthorized login attemps as well as scan for unexpected changes to your file system and alert accoridngly. Conveniently, these security plugins can also send out email notifications when updates are available.
- Have a means of making a backup of your Wordpress installation before making major changes to your installation.
- If you decide that the maintenance and security requirements are just "too much," the hosted solution of wordpress.com may be a reasonable option. Just be aware that the ability to extend functionality and customize style will be necessarily limited.