Building a Better Website: Why Custom-Coded Websites Outperform Every Time

By Ryan Owens

Understanding the Tragic Pitfalls of Wordpress, Joomla!, Drupal and Other Common CMS Platforms

This blog article references a third-party report compiled by the Securi™ Remediation Group, a leading Internet security consulting firm and resource for qualitative data and analysis on technology.

Download the Securi™ 2016 Website Hacked Trend Report

Doing Things the Hard Way

I've been personally building custom, one-of-a-kind websites since the dawn of the Internet, more than 20 years now of this writing. Along the way my company has grown to become Greenville's most-awarded web design firm, having been honored with various awards and accolades for outstanding web design and development, including a 2016 WebAward, 2015 Interactive Media Award, 2014 Horizon Interactive Award (responsive website design), 2014 Horizon Interactive Award (email campaign), 2012 Horizon Interactive Award, 2010 Interactive Media Award, 2008 WebAward, 2007 Interactive Media Award, 2006 Horizon Interactive Award, and 2005 WebAward.

However, my experience with computers goes back even further, all the way back to my childhood when I received a Commodore 64 for Christmas. I taught myself how to code by the time I was 12, and each year I would ask for and receive a different peripheral device... one year a color monitor, the next year a floppy disk drive or dot-matrix printer, and I even had a modem and a subscription to Compuserve in the early 1980s, even though my parents didn't even know what that was or what I would do with it. So I've been online for about as long as a person can be, and I've seen a lot of things come and go over that time.
Stratatomic Web Design Greenville SC
In the early days of the World Wide Web, we had to custom build everything from scratch, because there simply were no shortcuts or other ways to do it. A lot has changed over the last two decades, among them are the prevalence of various site-building tools for do-it-yourself types and those seeking, let's just say, a "shortcut."

Among the most common CMS platforms today are Wordpress, Joomla!, and Drupal, which together power millions of websites aroud the globe. The rise of CMS systems such as these can largely be attributed to the fact that they simply provide a quick and easy way to throw a website together without a lot of work, and they make it possible for "non-techie" types to do things that they otherwise would be unable to do.

As stated in the Securi™ Website Hacked Trend Report available for download, "This user adoption however brings about serious challenges to the Internet as a whole as it introduces a large influx of unskilled webmasters and service providers responsible for the deployment and administration of these sites." As the report goes on to say, "Out of the 11,000+ infected websites analyzed, 75% of them were on the Wordpress platform and over 50% of those websites were out of date. Compare that to other similar platforms that placed less emphasis on backwards compatibility, like Joomla!! and Drupal, the percentage of out-of-date software was above 80%."

Other highlights from the Securi™ report include, "As of March 2016, Google reports that over 50 million website users have been greeted with some form of warning that websites visited were either trying to steal information or install malicious software. In March 2015, that number was 17 million. Google currently blacklists close to ~20,000 websites a week for malware and another ~50,000 a week for phishing. PhishTank alone flags over 2,000 websites a week for phishing. These numbers reflect only those infections that have an immediate adverse effect on the visitor (i.e., Drive by Download, Phishing) and do not include websites infected with Spam SEO and other tactics not detected by these companies."

You see, today's Internet is a very complex beast. It has evolved to the point that technology has grown ever more complicated, and the devices we access the Internet with ever more diverse. We ask websites to not only look good on all of these devices, we expect them to do a whole lot more as well. Hackers have become not only more sophisticated, but equally as aggressive. Keeping on top of all that takes time and effort, and well, let's be honest, lots of folks just aren't interested in time and effort, because those things cost money.

So why not use a system like Wordpress, Joomla! or Drupal? You can get a free template, so you don't even need to be a designer. You can copy and paste text into these website builders, so you don't even need to know HTML or how to write a line of code. And you can get free extensions or modules, so you don't even need to know a good programmer. Sounds too good to be true, right? Well, unfortunately it is. But if that old adage is so acceptable in other industries, or indeed life in general, what puzzles me is why do so many people think that web development would be any different, especially considering the very nature of technology?

And the result is that lots and lots of folks have jumped into the website-building gold rush, seeking easy money and claiming to be an expert on the subject, when in fact all they know how to do is put together a half-hearted Wordpress template that they got for free, upload your logo, copy and paste in some text, send you your login so you can "manage it yourself," and then you never hear from them again. Thousands of dollars later, you find out you have been hacked, your website is impossibly broken, you can't manage the site yourself because it doesn't make any sense, and the person or company who sold it to you is not answering their phone, has closed up shop or skipped town altogether.

This article was written to avoid that scenario for you, and hopefully save you some time, money and frustration, and to shed some light on what is so often misunderstood.

Stratatomic Web Design Greenville SC
An Easy Target

While the size and scope of Wordpress, Joomla! and Drupal platforms would typically be a bragging right and perhaps a statement proving their merits, what it really translates to is that the sheer size of their reach makes them an attractive, and very vulnerable, target to malicious hacks, security breaches, and headaches. While it is certainly true that most any website or device that connects to the Internet can be hacked if the will is present, what makes these platforms so enticing to hackers is the size and scope of these systems. A hacker is much, much less likely to focus their attention on infiltrating one, solitary website that flies under the radar or that they don't even know exists in the first place, when they can easily deploy a botnet (a network of compromised computer systems) to automatically scan the entire Internet for vulnerable CMS platforms such as Wordpress, Joomla! and Drupal, and at the same time infect tens of thousands or even millions of websites at once. And making matters worse, usually these CMS platforms can be infected without anyone even knowing about it, until it's too late.

These security breaches can sometimes be innocuos, or they can be downright devastating. The nature of CMS platforms such as these require a host of various components, or "modules" that extend the functionality of these websites. These modules are really just substitutes for proper coding technique, and they can be things like a contact form, an animated image slider, eCommerce shopping cart, and so forth. The problem is that each of these modules are written and provided by different "companies" who are largely unknown, and therefore their skills and competence are largely unknown as well. And because all of these CMS platforms - Wordpress, Joomla!, and Drupal - are completely open-source, meaning they are free to use and in the public domain, that means there is not a typical gatekeeper to police the creators of these modules, and really little to no profit incentive for these companies either, since they are essentially giving away their products to the end user. And if something is free or given away, then just what exactly is it really worth?

Some of these modules could be written by a 13-year-old living at home with his parents, who likes to tinker with coding in his spare time. Maybe that module he provided has a few bugs in it at best, or at worst perhaps serious security holes that are ripe for exploitation by the Russian mafia or Chinese government. Perhaps he'll get around to writing an update when he has the time, or perhaps not. Since he's not making any real money at it, what's the rush? But even if there is an update provided, someone still has to manage the CMS platform and remember to constantly check and upgrade all of the various modules, components, templates, and basic software as well. This is a constant, recurring issue with these platforms, and will be so until the end of time. However, even the best managed CMS systems can be vulnerable, because typically patches and updates don't get released until AFTER a breach or security issue has been discovered, exploited and made public. By that time, it is often too late.

According to the Securi™ report, "The impacts to the WordPress platform stems from vulnerability exploitation attempts against vulnerable software, specifically in plugins."

As for my own personal experience with the likes of Wordpress, Joomla! and Drupal, I can only attest to what I have seen first-hand or read about through various reputable sources, such as those referenced in this article. Or a quick Google search for "Wordpress hacked" or "Wordpress hacking tools" will return over a million results. In my own experience, I have never found it necessary or even worthwhile to explore the possibility of utilizing one of these platforms to build a website, for a few simple reasons:
Stratatomic Web Design Greenville SC

Stratatomic Web Design Greenville SC
Lessons Learned

Over the course of my career, I have had no need or interest in using either of these platforms to build a website. However, I have had a few experiences with them that I think are worth sharing with you. Please note the names have been changed in order to protect the innocent.

Let's start with "ST" - the CEO of a large company that prides itself on innovation, leadership and Quality with a capital "Q". ST came to me one day and wanted me to take a look at his website, built with Wordpress, which he thought "looked pretty good." What troubled him were the constant messages he was getting from Wordpress, telling him that "the website will be down for maintenance" and that "critical security updates were needed immediately" and so on. So I took a look at his website, and it didn't take me longer than 5 minutes to find some very serious usability issues, to say nothing of any security vulnerabilities. Notably, the main navigation buttons wrapped to two lines when viewing on Mobile devices, and perhaps worse yet, all of the website text wrapped in all the wrong places and for no apparent reason. That meant that the website was basically impossible to use or read on a smartphone, because the navigation was broken and the text split words apart (without hyphenation) on every line, making for a bunch of indecipherable words that was nothing short of embarrasing for the client. So here you had a website that could not be navigated on a smartphone, or even read. It looked ok on a desktop browser, but most views are coming from smartphones these days, so essentially this website was hopelessly broken. Making matters worse, there was nothing that could be done to fix it, because the template that had been used was not being updated, or the updates didn't fix the issue, and the company that built the site was unable to find out what was wrong with it. Basically, they had reached a dead-end. At that point, the only thing left to do was start over from scratch, and build him a completely custom, 100% perfect website designed to his exact specifications, which is what we did. He had lost some good money to learn a hard lesson, but at least in the end he finally got what he deserved and paid for, and we got a new client.

Then there was the phone call I received from "JP" - a person who previously worked for a client of mine but had since gone out on his own. He called because he knew me from our previous business relationship, and he valued and trusted my opinion. JP explained to me that he was "happy" with his current Wordpress site, but inexplicably had been unable to send email for several weeks. I asked him to forward me one of his emails that had been bounced back from another account, and he sent one to me. I looked at the error contained in the email, and instantly realized that his email had bounced because his ISP had blacklisted his domain. Basically that meant that his emails were no longer being relayed, because spam had been coming from his domain. I then explained to him that apparently his Wordpress website had been hacked, without his knowledge, and they were using his domain (and the security hole in his site) to send spam that looked as if it were orginating from his company. His ISP had in turn blacklisted his entire domain, again without notice given to JP, and he had no one to offer any support or help with this matter. As is typical in these Wordpress cases, the "developer" who sold him on the website was AWOL and was either unwilling or unable to answer the phone or provide any assistance to his customer. JP ended up having to solve this problem for himself, and undoubtedly spent a great deal of time on the phone with his ISP trying to straighten this mess out, and a lot more time trying to catch up on his missed emails and lost business.

In conclusion, the Securi™ Website Hacked Trend Report offers the following outlook, "The argument that website owners should simply update, isn't going to be enough. Most of these websites are but one piece of a much larger, complex, environment in which website owners integrate everything they have access too. It's not that a website owner needs to focus on the single instance of WordPress, Joomla!, Magento or Drupal, but rather all the websites within the same environment to avoid things like cross-site contamination. This is complicated by the different deployment and configuration options available, and the general lack of knowledge by the website owner. These challenges are not only affecting small website owners, but can be seen in large organizations as well. Unfortunately the knowledge and education distribution is not as fast as the user adoption."

Different x Design™

I founded Stratatomic in 2000 because I am passionate about harnessing the power of Design + Technology to help my valued clients grow their business and reach their goals for success. To that end, I promise to never, ever take a shortcut or give you less than my best effort in anything I endeavor to do. If it is worth doing, it is worth doing right. It has never been and never will be only about the technology, it is mostly about the talent, integrity and character of the person pushing the buttons. That simple philosophy has served me, and my clients, very well indeed throughout the course of my career. I hope you will allow me the opportunity to put my creativity and attention to detail to work for you.

Stratatomic is a creative firm specializing in web, multimedia, advertising, and graphic communications. Stratatomic also offers complete solutions for web site hosting, WebAdmin™ site management software and Google Analytics™ site analysis tools, providing clients with a singular resource for top-to-bottom implementation of their internet marketing strategies.

Stratatomic’s proprietary WebAdmin™ eCommerce and site-management technology recently surpassed $15 million in online sales transactions and order processing. Today, WebAdmin™ enables clients of all sizes to effectively manage their own site content or storefront and is the power behind websites that receive more than 2 million page requests per month and average hundreds of orders per day. Founded in 2000 by Ryan Owens, Stratatomic LLC is a privately held company based in Greenville, SC.

If you're ready to see the difference that Stratatomic can make in your business, contact us at 864.271.7021 or click here to send us a message.