Is Wordpress Dead? Alternatives?

[Vipernet]

So, I'm a jack of all trades Marketing Manager of a small removals company in Scotland. I re-designed the current website back in 2017 working with the existing web design company.

It's a wordpress site, based off a popular theme that we bought and customised. I've got full control over the website and have added several plug-ins over the years to improve the website functionality. I use Yoast SEO regularly, and I've seen measurable success with it. I won't get into too much detail here, but I've got several googlesheets that link up with my analytics so I can track website usage, conversions, sources etc. When I started we had 1k visitors a month and we're now up to 5k a month. With just last week having 100 online enquries, and having to turn away work as we're fully booked.

Anyway, the web design company phoned me today and informed me they're moving away from all wordpress sites due to continued attacks on these types of sites. They said they're going to rebuild the site with their own code, but I will no longer have full access to the site, and will need to submit any changes to them.

So I guess I'm looking for options and opinions.

1) Should I let them redo the site in their code and hope the SEO doesn't get screwed up and waste my hard work over the past 3 years? They said they can't embed images in news post?

2) Move the site to another server we rent from someone like 1&1, but then if it falls over it's my fault, I can't fall back to the website company and blame them.

3) Or make a new site in another langauge that doesn't have the security flaws that wordpress does?

 

[Dup]

Well first of all, sack off that company backing you into a corner and ask for the site and it's database so you can migrate it to your own host. That way you don't lose any of the SEO you've put in and you're not pressured into making changes without proper consideration.

While old WordPress has a reputation, if in this case it isn't broke, don't fix it. You can still use and maintain it and it's still well supported for the time being.

If you want a new design and new features on the site then that's when you look at whether Wordpress is still the platform for you and have the site rewritten. Until then though I'd find a decent host and see if they will help you migrate the site. If it's CPanel hosting it should be very simple. Do they host your email services too? Also look at alternatives to 1and1 such as Stablepoint (by a member on our forums who previously ran/owned TSOhost/Vidahost) or Krystal.

 

[daz]

WordPress is definitely not dead and I'd question anyone who advised you it is - it powers something like 30% of the sites on the Internet!

The biggest issue we see with WordPress vulnerabilities is in 3rd party code - plugins and themes poorly coded, or, old ones just simply left installed even though they're not used any more. It is very rare to see core WordPress vulnerabilities that can be exploited publicly (e.g. without any kind of access, whether contributor or editor or so on...) but keeping up to date with updates is quite trivial these days and WordPress can even do it automatically for you. However, there are hardening things you can do to improve, such as using mod_security on the web server, and there are security plugins out there that will attempt to intercept malicious crafted requests as well.

Anyway, the web design company phoned me today and informed me they're moving away from all wordpress sites due to continued attacks on these types of sites. They said they're going to rebuild the site with their own code, but I will no longer have full access to the site, and will need to submit any changes to them.

Being cynical, this sounds like a way to tie you in to using their services indefinitely or at least add significant friction to moving away from them. If they were to suggest moving to anything, i'd want them to suggest another open source CMS that you will have full access to; not a proprietary system.

With regards to your comments on hosting, if you're with a decent company they will help you if the site falls over. Even if it's not strictly within the web hosting/server remit, generally speaking they'll point you in the right direction to solving an issue, e.g. disabling plugins to find the cause, resetting themes or even if it's just restoring a backup to when it was last working to get it back up again (check the backup frequency of any provider you're thinking of moving to). I don't think you'll get that from the conglomerate that is 1&1 but some of the smaller more personal hosts will.

 

[Vipernet]

Well first of all, sack off that company backing you into a corner and ask for the site and it's database so you can migrate it to your own host. That way you don't lose any of the SEO you've put in and you're not pressured into making changes without proper consideration.

While old WordPress has a reputation, if in this case it isn't broke, don't fix it. You can still use and maintain it and it's still well supported for the time being.

If you want a new design and new features on the site then that's when you look at whether Wordpress is still the platform for you and have the site rewritten. Until then though I'd find a decent host and see if they will help you migrate the site. If it's CPanel hosting it should be very simple. Do they host your email services too? Also look at alternatives to 1and1 such as Stablepoint (by a member on our forums who previously ran/owned TSOhost/Vidahost) or Krystal.

No, we use outlook for email. I swapped that over when I started. Will defo look at Stablepoint, I had been using TSOhosrt for my personal sites, but they had a lot of downtime.

 

[Hyburnate]

Move over to Krystal. They haven't got a clue do not make any massive changes as it'll ruin all your SEO work

 

[Vipernet]

Being cynical, this sounds like a way to tie you in to using their services indefinitely or at least add significant friction to moving away from them. If they were to suggest moving to anything, i'd want them to suggest another open source CMS that you will have full access to; not a proprietary system.

With regards to your comments on hosting, if you're with a decent company they will help you if the site falls over. Even if it's not strictly within the web hosting/server remit, generally speaking they'll point you in the right direction to solving an issue, e.g. disabling plugins to find the cause, resetting themes or even if it's just restoring a backup to when it was last working to get it back up again (check the backup frequency of any provider you're thinking of moving to). I don't think you'll get that from the conglomerate that is 1&1 but some of the smaller more personal hosts will.

Thanks for the help. Part of me does think they are changing their model as they're not making any money out of us as I do all the changes myself, and we literally just pay them for the hosting.

 

[Vipernet]

Move over to Krystal. They haven't got a clue do not make any massive changes as it'll ruin all your SEO work

Krystal does look good. Cheers.

 

[Vipernet]

I've voiced all my concerns and got a reply with phrase "the current website is posing a security threat and is liable to being exploited and hacked"

If I'm on top of every update, rated plugins and got ssl enabled am I really liable to being hacked?

 

[PaulB]

As others have said, WordPress deffo isn't dead.

Sounds like a ploy to get more money out of you. They aren't surely going to develop the site in their own code for free and no doubt every change you have to submit to them would be chargable.

I'd be asking for a copy of the site and database and looking to move to Krystal.

 

[Hyburnate]

I've voiced all my concerns and got a reply with phrase "the current website is posing a security threat and is liable to being exploited and hacked"

If I'm on top of every update, rated plugins and got ssl enabled am I really liable to being hacked?

No, not really at all - This is just a plot to get more money out of you.

I'd use UpdraftPlus or similar right away because these guys sound like cowboys.

 

[Vince]

Wordpess on the right host is anything but dead. You don't need to look further than the likes of wpengine and others like them. Get rid of all the aggravation that hosting for wordpress can be and just find somebody to manage it.

 

[Energize]

I've voiced all my concerns and got a reply with phrase "the current website is posing a security threat and is liable to being exploited and hacked"

If I'm on top of every update, rated plugins and got ssl enabled am I really liable to being hacked?

You need to run away from that company as fast as you can!

Move your site to a better host!

 

[AHarvey]

I've voiced all my concerns and got a reply with phrase "the current website is posing a security threat and is liable to being exploited and hacked"

If I'm on top of every update, rated plugins and got ssl enabled am I really liable to being hacked?

Wordpress does attract hackers because of how common it is.

Firstly, make sure you take regular backups of the site and database just in case.
Secondly, make sure any updates are added as they come out.

I've a website that sends out emails with the latest WP security flaws but can't remember the name off the top of my head, I'll have to dig through my emails for it.
Also, check out https://www.wpbeginner.com/wordpress-security/

Move it all over to Krystal, they want to charge you fee's per change, it's how they make constant money. When you move it, check out the users and remove any that may belong to the web dev company.

 

[touch]

WordPress attracts a lot of hack attempt because it's so popular and so many sites are using it. The opposite of dying.
It's likely to be much more secure than any custom made version that your current developer builds. There's nearly half a billion sites running on WordPress and with all of these being constantly under attack, there's a good chance that any security holes will be discovered (and patched) quickly. If you're one of a handful of their customers using their own CMS then there will be a lot less attempts against your site but also likely to be a lot more undiscovered security holes.

I've voiced all my concerns and got a reply with phrase "the current website is posing a security threat and is liable to being exploited and hacked"

If I'm on top of every update, rated plugins and got ssl enabled am I really liable to being hacked?

Have you checked that your theme and all plugins are still being actively maintained? You may have all the latest versions of these but if the original author is no longer supporting them and releasing new versions then they could post a threat.

 

[Vipernet]

Have you checked that your theme and all plugins are still being actively maintained? You may have all the latest versions of these but if the original author is no longer supporting them and releasing new versions then they could post a threat.

The only plugin I don't know much about is a Sage plugin for woocommerce that they installed years ago that doesn't have any support anymore. Have found a newer alternative though.

 

[Bluecube]

Do not, under any circumstances, allow your current web design company to do anything with your website. They want you to move to their proprietary system which will lock you in to them. They will then proceed to charge a fortune for any updates you wish to make to the website. I’ve heard of this happening before and it was a nightmare trying to get back control of the websites.

I use Krystal myself and they’re great. Krystal will also help you move your website over to them. You’ll need to pay for that service but it’s worth it.

 

[Vipernet]

Thanks for all the feedback guys. I've been using this forum for years and can always come and get a solid response. Going to move it to Krystal. Just awaiting boss to sign it off (saves us money per month too!) and Krystal will do the site transfer for free!

 

[Danthus]

I use WordPress and host it myself, I have a VPS with Vultr.

I also use Centminmod for the LEMP stack, that is free is looks a bit daunting bit is quite simple to use even if it does mean it editing the odd config file.

I use the l least amount of plugins I can and then, I have 2FA enabled and also use Wordfence. The admin directory is also password protected and the admin username has been changed.

I don't think my site is hackproof but it is all about making it as difficult as you can.

As others have said Wordfence gets attacked because of how popular it is.

 

[Simpampum]

1) Should I let them redo the site in their code and hope the SEO doesn't get screwed up and waste my hard work over the past 3 years? They said they can't embed images in news post?

2) Move the site to another server we rent from someone like 1&1, but then if it falls over it's my fault, I can't fall back to the website company and blame them.

3) Or make a new site in another langauge that doesn't have the security flaws that wordpress does?

If you have a good result in website promotion, SEO is set up, then it is not in your best interest to make drastic changes on the site. You must leave complete control over your site! If you have a need to change hosting, then you can easily do it. For the first time, I advise you to connect site monitoring to be aware of the problems that may arise. WordPress is not a dead engine, don't listen to people who say that. I think that the figure of 30% of the sites in the world that are made on WordPress should be saying something. If you have any doubts about the security of a site or engine, then you can hire a specialist to fix this problem.

 

[ChroniC]

WordPress dead. Your joking right. It's the most use cms in the world.

Don't let them remake it. They just want your money and if you walk away from them, no one will be able to work on your site easily, neither will you.

I step up a lot of my sites on Stable point the other day after recommendation from users here and so far it's been solid and easy to use. If you don't go Krystal use Stable point