Ok, so this is less of an article and likely should be classified as a “rant”. You should definitely move on to the next article if you don’t like opinions and rants.
A couple of days ago a prospect of ours posted about our product in a private Facebook group.
Our potential customer had just finished up a 1-on-1 demo session and seemed really excited about the possibilities. So a few hours later they posted their thoughts to a private FB group whose members were building projects similar to what they [our prospect] were attempting to create.
As you might expect, competitors rolled in to speak badly of WPCD. Which is to be expected; WordPress isn’t immune from cut-throat competition.
Professionals Trashing WordPress
What was surprising were the regular WP professional folks that jumped into the fray.
Folks that use WordPress and make their money on WordPress started telling the world that WordPress is insecure and not good enough to be used for mission-critical products like WPCD.
There are two reasons why this was surprising:
- WordPress probably has more eyeballs on it than any other open source CMS. Because of this, it is far more secure than regular folks give it credit for. And the professionals who use it day in and day out should know this and be willing to recognize and publicly promote the fact that WordPress is as secure an application platform as anything else out there.
- These professionals deliver mission critical projects built on WordPress to their customers every day. If they truly believed that WordPress is insecure, why would they use it for their customers’ projects? This is a product on which the core of their businesses are built. And yet they have no problems continuing and enabling the very inaccurate perception that WordPress is less secure than other options.
We have tried to battle this “WordPress is insecure” perception in multiple ways including with our security FAQ.
But, to see WP professionals who depend on WP for their living trashing it in a public forum is very disappointing. It makes their lives harder as their own customers question the wisdom of using the platform; and makes the lives of everyone else involved in the WP industry much more difficult than it needs to be.
Imagine taking a date to a dance and then telling everyone you know that your date is ugly. In this case, the date is WordPress.
WordPress Is A Secure Platform
WordPress is just as secure, if not more secure than any other alternatives out there. But if you put insecure stuff on top of it (such as insecure plugins, themes etc.) then it becomes insecure. If you use poorly constructed passwords, fail to use a firewall and fail to turn on 2FA then it becomes far less secure.
In other words, the professional wielding the hammer (WordPress) is responsible for making sure that they build the doors, windows and locks correctly. If they don’t then the bad folks will just move right in. But that is not the fault of the hammer!
So we’ll keep doing or tiny little part to continually battle the perception that WordPress is insecure. We just hope that other WP professionals eventually follow suit.
PS: What’s better – a completely custom built dashboard where the only eyes on the code is your developers? Or one built on WordPress where the core platform has thousands of eyes on it every day? Or something built on a framework like Laravel – where you’ll still have a single point of risk, just like WordPress?
Automatic Notification Of New Articles
Sign up to get automatic notifications of new articles. This is a different list than our standard list - you only get new articles within 24 hours of publication. No other emails will be sent unless you sign up for our general list as well.
Follow us on Twitter! We post a lot of cool things there first. Click the bird below!