Hey, Volcanic! Why you can afford to use WordPress
Written by on October 10, 2022
Volcanic wrote an article about WordPress. I need to put the record straight.
You can’t can afford to use WordPress
This post is a reaction to the outdated and lazy article on the Volcanic blog about WordPress.
You can read that article here.
I want to put the record straight.
Yep, WordPress has problems
It’s true, WordPress isn’t perfect.
I’m not going to say that if you choose WordPress for your recruitment website that the clouds will part and you” enter some kind of utopia.
WordPress is a tool. It’s a tool that can be used well and (unfortunately all too frequently) is a tool that is used badly.
WordPress security issues
In Volcanic’s article, they highlight security as the major problem with WordPress.
It’s true that this is generally regarded as a weakness with WordPress when compared to closed systems such as Volcanic.
There are a few reasons why security is a challenge for WordPress:
- WordPress has a HUGE market share, making it an attractive target. If you want to hack a lot of websites, WordPress is a good starting point.
- Admin access. With so many people using WordPress, things like weak passwords happen at a much larger scale.
- Out of date code. Many WordPress website owners (and their developers) don’t keep their sites up to date meaning they miss out on essential security patches.
- Poor 3rd-party coding standards. The extensive ecosystem of third-party add-ons and extensions (themes and plugins) for WordPress is it’s greatest strength, but also it’s achilles heel.
- Shared hosting. Many WordPress websites sit on cheap, shared hosting services. Even if your website is secure it might be hacked through another website on the server.
A few easy security wins
There’s not much you can do about the market share issue but the others in this list are all easily covered by:
- Use strong passwords (you can force users to use strong passwords)
- Don’t give too many people admin access.
- Keep your site up to date either though auto-updates or a developer who will do this for you. Or both.
- Only install plugins from respected developers and only when necessary. They higher the skill level of your developers, the less they need to rely on third-party solutions.
- Use better hosting. This isn’t your mum’s blog, it’s your business website, so invest in decent hosting – it’s not that expensive.
Now that’s out of the way, let’s respond to all of Volcanic’s points.
The big problem with secuirty on wordpress is that their currently list to thw world a total of 194 security vunerabilities for wordpress
Ignoring the typos, let’s talk about the substance behind this. Firstly, this article is way out of date already, and actually the number of vulnerabilities is actually much higher now (344 at time of publishing).
But that number is hugely misleading.
On first glance through that list, it is immediately obvious to me that most of the vulnerabilities are on old versions of WordPress. All of the first ten vulnerabilities are for version 5.8 and older. WordPress 6.2 is about to be released.
If 10/10 of the first vulnerabilities don’t apply, how many of the rest of them do? I couldn’t find a way to filter by version, so I’m not sure.
WordPress is designed for blogging but has lots of plugins that make it do other things like job posting or search.
This is 100% true and I’m not exactly sure what the author is getting at here. I think he’s suggesting that because WordPress started out as a blogging tool that it isn’t suitable to be used for recruitment websites.
I did some research a while back that showed approximately 40% of recruitment websites are built on WordPress. It might not have been built for recruitment but it’s doing a pretty good job.
Indeed, over 40% of all websites are now built on WordPress, including some of the biggest brands, so I’m not sure this is an argument that holds any weight at all.
The problems with plugins are that they can go out of date, be no longer supported or in the worst instances be insecure
Again, although 100% accurate, I think that the author is misleading the reader here.
As already covered, choosing well built and supported plugins, and keeping them updated are the easy and obvious workarounds here.
It’s like saying that the problem with cars is that they sometimes break down. Lazy writing.
Without support a wordpress site can very quickly age and without a full time company checking the vunerabilities then it can be a real risk
Let me rephrase that for you, Volcanic.
“Without support a wordpress website can very quickly age.”
I don’t know any websites that magically redesign themselves over time. I’m pretty sure that with Volcanic this is part of their paid service, just like it would be with WordPress.
Regarding full time companies checking for vulnerabilities, yeah, they exist and are doing exactly that. There are a lot of eyeballs on the WordPress codebase and a lot of people heavily invested in making sure it’s a secure platform.
…my view is that recruiters who need to record and store details should either use a professional monitored wordpress service or avoid.
Couldn’t agree more! If you’re going to employ your nephew to install a WordPress site and then not touch it for 5 years – you’re probably going to have problems.
So they’re right, but wrong?!
“But Keith, you’ve just agreed with everything that they’ve said in the article!”
My problem with articles like this is that it hand picks a few half-truths and presents them in a way as to deliberately mislead the reader.
If a layman reads that article, it’s clear that the message is “WordPress isn’t secure, so don’t use it for your recruitment website”.
Nope.
The truth is that, handled by a professional, competent developer, WordPress is an amazing, market-leading website platform and a perfect fit for recruiters large and small.
And weirdly, although the title of their article is “Why you can’t afford to use WordPress”, there is nothing about cost in there at all. 🤷🏻♂️
Writing this article has only strengthened my resolve to give truthful, useful advice to recruiters about their websites. Sometimes we won’t be the right fit, sometimes we will – but we’ll never try to trick people into working with us.
Get in touch
We’d love to discuss your next recruitment website project with you.