Is WordPress insecure and mainly for small law firms and accountancy firms?


If you’re redoing the website for your professional services firm how should you go about choosing your developer and content management system?

Our suggestion is always that you do it in this order:

  1. Which CMS platform?
  2. Does your prospective developer have significant experience with the CMS platform you’ve chosen?
  3. If cost is a key consideration should you go onshore or offshore (bear in mind that a lot of ‘local’ developers may be offshoring behind the scenes anyway) as that may reduce your costs by 60% or even 80%.
  4. Does your developer have experience specifically with professional service firms?

Why put the choice of CMS first?

Simply because the CMS system you choose today will have a larger impact on your digital presence over time than your developer. And of course picking a developer who has little experience in what you consider to be the best CMS for your firm doesn’t make a lot of sense.

We’re not necessarily talking about the platform for your deal room, or your matter management extranet, just what you use to put standard marketing collateral up on the web – bios of your staff, articles, practice group descriptions and so forth.

Five reasons why we normally recommend WordPress as the default CMS choice

1. Visual presentation optionsWordPress is used on about 1 in 4 websites on the web and as with Microsoft Word documents, the fact that Techcrunch and Time magazine both use WordPress does not mean their websites look the same. About 3 out of 4 of our professional service firm clients doing revamps now move to it but you wouldn’t be able to tell that just by looking at their sites. For visual purposes there is also a huge market in pre-built WordPress themes (page layouts) which can give you a good starting point about how you want your site to look and which then can be customized by your developer.

2. Skills availability. The ubiquity of WordPress means you have a larger number of developers who can work in it, and increasingly large numbers of marketing staff who’ve already used it when you hire them. Your IT department may be more familiar with Microsoft tools, and your web developer may still want to use XYZ CMS (because they achieve better ‘lock-in’ that way and have less competitors for XYZ work) but those aren’t sufficiently good reasons by themselves to choose a particular CMS.  Go to one of the big web contracting marketplaces like Upwork and do a quick search for contractors with WordPress experience vs XYZ CMS and see the difference in the numbers for yourself.

3. Cost. The range of agencies, contractors and web hosts that support WordPress (onshore and offshore), the range of free and cheap plugins when you want to add a neat new gadget, and the extent that you can easily make changes yourself, will drive the price of your web presence and enhancements down over time. This large WordPress ecosystem means that you won’t have to pay your developer to build a widget from scratch when you want to do something in 12 months time, and in many cases you’ll be able to find what you want for free. Most law firms do not have the website development budgets of FMCG companies and by reducing the upfront cost you can afford to iteratively improve the site –  look at how people are using your site after launch via the analytics and then make small tweaks over time as you’ll never 100% guess what users want upfront.

4. IP rights. WordPress is a free public software project – there are no licensing or upgrade costs. Similarly you don’t have to worry about your developer’s IP rights over the code that runs your website.

5, Meets professional services firms requirements. Perhaps most importantly WordPress has every piece of functionality a good professional services website actually needs, in many cases straight out of the box, ranging from underlying SEO, to full featured what-you-see-is-what-you-get editing, to social media plugins and the rest.

What your developer may say about WordPress security and other objections

When a prof services firm specifies WordPress our clients tell us developers put forward counter-arguments about CMS XYZ being “more customizable” or “safer” (or simply say that they don’t have expertise in WordPress) but in our opinion these arguments are weak at best.

On the customization front we’ve seen no evidence that WordPress is less customizable than anything else out there and significant evidence over the last 13 years that the WordPress core software keeps pace with changes on the web.

On the security front developers know that mentioning ‘security’ pushes all the hot buttons of your average law firm. And a quick Google search will highlight mentions of WordPress exploits. Yet the fact that your average newspaper tends to highlight crime in your neighbourhood because that sells more copies doesn’t actually mean you are inherently unsafe (whatever some politicians may say).

WordPress is targeted by hackers simply because it has the biggest marketshare (and equally when an exploit emerges is therefore mentioned more on the web). So exactly like Microsoft Windows, WordPress and its plugins need to have patches applied (no patches = poor security). In addition since version 3.7 released in 2013 it’s been able to automatically apply security patches and has a wide range of security plugins like Wordfence which will harden it further if you wish.

Finally, just in case you’re wondering, we don’t do web development and we also know that not all our clients will choose WordPress for their next website rebuild. But we do think WordPress should be on your shortlist when you choose both a CMS and a developer.