Vital Bulletin on Coronavirus Safety and Business Continuity Read More

9 min read

The Ultimate Guide to WordPress as an Enterprise-Level Solution

The Ultimate Guide to WordPress and an Enterprise-Level Solution

You’re an enterprise company. You need a new website. You’d better start shopping for the latest complicated CMS, right? Think again. There is absolutely no need to invest hundreds of thousands of dollars in a proprietary enterprise content management system. Their price tag may imply that they are superior to open-source software, but this just isn’t the case—especially when compared to WordPress.

WordPress is the number-one content management system on the web—and for good reason. Its ubiquity has strengthened it and made it one of today’s most secure options for enterprise web solutions. This isn’t new—just take a look at some WP VIPs who have been using the CMS for years.

So why is it that as of January 2015, 23.3% of the top 10 million websites (including many enterprise-level companies) use WordPress? And more importantly:

Why Should Your Enterprise Company Use WordPress?

WordPress is a robust, super customizable system that makes it easy for marketers to be effective and adapt quickly. In short, it’s awesome.

At Vital, we’ve used many content management systems throughout our growth as a company. And from our experience, we can conclusively recommend WordPress as the best of the best. Why? Let’s take a look at the three biggest questions we get asked about WordPress: Is it secure? Is it the best for content strategy? And can I really get a custom design?

Is WordPress Really Secure?

Two of Vital’s developers, Adam Walter (Director of Development) and Dave Currier (Developer & President of SEO), gave us the scoop from their perspective as seasoned developers. Here are their answers on why you should use WordPress for your enterprise website:

WordPress Is Open-Source

Open-source software is, like it sounds, open to all. Open-source software gets a bad reputation because it’s source code is publicly available. But major open-source projects like WordPress have so many developers working on it constantly that vulnerabilities are extremely rare. In closed, internal software products, this is not the case. Major open-source projects can close security holes in a matter of hours because it has a workforce of hundreds, whereas software corporations may take days or weeks.

Open-source powers most of the Internet. Some prominent examples include:

    • Apache: The world’s most widely used web server software
    • Linux: The most popular web server operating system
    • DNS (BIND): The most popular DNS server software (routes the internet’s traffic)
    • HTML, PHP, Ruby, Perl, Python: Programming languages
    • WebKit: Browser engine that powers Google Chrome and Safari
    • Mozilla: Browser engine that powers Firefox and Opera

WordPress Can Handle Constant Updates

All things aside, strictly looking at Google’s algorithm and webmaster guideline changes, you can expect that changes will need to made to your site almost constantly. “We’re talking 1–2 small algorithm tweaks per day and 1–2 major rollouts per month,” Dave told me. WordPress is also constantly updated, releasing optimizations and bug fixes and compatibility for new platforms and devices as quickly as they arise. According to WPMUDEV, WordPress releases significant core updates every 3 to 4 months, and promptly releases security updates in between.

WordPress releases significant core updates every 3 to 4 months, and promptly releases security updates in between.


So why can’t you keep up on your current system, or a brand new expensive proprietary platform?

First off, when using WordPress, most cases would not require a developer to make updates. There are a variety of built in settings and plugins that make it simple for a non-developer to go in and update whatever needs to be updated, whether it’s content, page structure, imagery, etc.

Another key WordPress feature that is quite helpful is automatic plugin updates (these automatic updates generally only happen for minor or security releases—you or your developer may need to manually upgrade major updates).The best SEO plugin for WordPress, WordPress SEO by Yoast, is constantly being updated, ensuring that it is always using the latest and greatest best practices. In a corporate environment that requires proposals and approvals for just about every scenario, the one approval you’ll need is to allow auto-updates on this plugin.

WordPress Was Made To Publish Content

WordPress started as a blogging platform, and while it has grown to a fully-fledged CMS powering some of the largest enterprise, ecommerce and corporate websites on the internet, its publishing edge is still miles ahead of any other content management system. Other enterprise software solutions were not made for publishing content—at least that’s not their main goal. Its almost a guarantee that if you have an expensive enterprise CMS, it won’t take long for current web best practices to leave it outdated. Your website should be constantly converting leads, and to do that, it needs to be generating traffic. And to generate traffic, your site needs to be publishing and delivering content, and meeting constantly evolving web standards, like a boss.

WordPress Is Secure

Because WordPress powers 23.3% of the top 10 million websites (as of Jan. 2015), it makes sense that it is a frequent security target. But this doesn’t make it “vulnerable” so much as “popular” with hackers—simply because it powers so many websites. And while statistics will show a lot of hacked sites, this is mainly due to average Joes managing their own personal sites or developers who just don’t know how to harden WordPress’s security.

So why does WordPress get a bad rap when it comes to security? “It’s important to note that most security issues with WordPress arise from using bad plugins and not following a good security protocol, and recent major security issues have related to a popular plugin, not to core WordPress code.”

Most security issues with WordPress arise from using plugins that contain security holes or are otherwise poorly developed.

—Adam Walter, Director of Development

So, a potential WordPress con on the pros and cons list is: you’ll get hacked in a second if you don’t optimize your site correctly, as we outline below.

How Do We Make WordPress Secure for Our Enterprise Clients? 

Now that you know that WordPress has the capability to be as secure as any other CMS out there, what can you or your developer do to make sure that your WordPress site is as secure as possible? Here’s the scoop on what Vital does to ensure the security of all of our websites.

Optimize Your Site From Day One

“When I’m optimizing a site,” said Dave, “I will generally spot check my work with Moz’s on-page grader, which looks at my page and gives it a grade based on how many of the points I’ve hit. Provided your theme has been coded using SEO best practices, without making any adjustments, WordPress nearly passes with flying colors. The only real changes that need to occur are the things that the marketers themselves would need to change, such as placement of keywords in the copy, titles, etc.” This is not the case at all when it comes to other platforms. When performing SEO audits on new sites before a redesign, Dave sees the opposite results for websites built on legacy systems such as Drupal, Joomla, PHP Nuke, etc.

Lock Down Site Access

In addition to using secure passwords, you can harden WordPress further by following Vital’s WordPress Best Practices:

    • Follow the Principle of Least Privileges and maintain only 1 administrator level user. Only give users enough permissions to get their jobs done.
    • Restrict admin access to a whitelist of IPs or ban IPs geographically
    • Add a firewall to block common code attacks
    • Add brute-force protection to block bots trying to guess your password
    • Add 2-factor authentication for logins
    • Run an automatic malware scanner to detect malicious code
    • Change the URL of common admin areas (wp-admin, wp-content)
    • Change the default database prefix to prevent injection of malware
    • Force SSL connections for the admin area or for the entire site
    • Disable the backend file editor, and plugin/theme installer
    • Disable user registration
    • Always keep WordPress and plugins up-to-date
    • Keep regular offsite backups for easy rollback if your site experiences problems

Don’t Neglect Server Security!

Even if your WordPress installation is secure, hackers can gain access to your site directly through your server if preventative measures aren’t taken. Adam suggests using a dedicated server with an enterprise-level host, and implementing the following protocols:

  • Block all external server access (cPanel, WHM, FTP, SSH, SQL, etc.) or allow via IP whitelist only
  • Use brute-force protection before traffic ever hits WordPress (Fail2Ban)
  • Block common attacks with a secure iptables configuration
  • Customize file permissions to prevent access to sensitive WordPress files
  • Add server-side password that must be entered before access is granted to WordPress’ login or admin pages
  • Backup the server regularly and store the files offsite
  • Use a service like CloudFlare to add a third layer of security, blocking cross site scripting, SQL injection, comment spam, excessive bot crawling, email harvesters, etc.
  • Configure PHP to restrict its access to the server and attackers’ ability to inject or use malicious code

Avoid the Weakest Link: User Error

As is true for most technical issues, the weakest link is always the user. Your developer can set up a secure site using all of the best practices described above, and you might still be vulnerable.

To avoid commonly overlooked points of access:

  • Don’t log into WordPress or the server using a computer that doesn’t have virus and malware protection running
  • Don’t log into your server or WordPress on unsecured public WiFi without a VPN connection. TunnelBear’s free VPN service is perfect.
  • If you must use WiFi without a VPN, create a low-level WordPress user that can write content, but has no permission to publish or edit existing content. Publish your work when you get back to the office.
  • Never email passwords. Use a service like NoteShred to send sensitive information like this.
  • Don’t store your passwords in unsecure places like Word files or jotted down in a notebook. Use software like 1Password to make password management a breeze.
  • Don’t allow software (like FTP clients) to remember passwords. Require entry with each login

If you’ve learned anything so far, it’s that on the World Wide Web, things are constantly changing. So for more information from the source itself, visit WordPress’ Security FAQ section, which is, of course, constantly being updated.

Does WordPress Offer the Best for Content Strategy & Digital Marketing?

As I mentioned earlier, I’m a content marketer that has been sold on WordPress for years, but it’s still a question we hear all the time: from a content strategy perspective, what platform should I be using? Let’s break this down by some of the main factors considered in content strategy: searchability (SEO), conversion (CTAs) and publishing ease (intuitiveness).

SEO Benefits of WordPress — How Does WordPress Rank in SERPs?

Much has been written on the SEO benefits of WordPress. The way it handles content and keywords, taxonomy (content hierarchy/tagging structure) and Google signals are second to none. Combine this with a robust SEO plugin like Yoast, which helps you optimize your posts and pages for Google and social sharing, and it is your most powerful tool in ranking high in search engine results pages (SERPs). For SEO and searchability, WordPress can’t be beat.

CTAs and Conversion Paths — How Well Does WordPress Convert?

The number one goal of the websites we build on a daily basis is conversion. We want your website to convert searchers into visitors, visitors into leads, leads into sales and sales into lifetime customers. WordPress is a digital marketer’s paradise of conversion tolls. Plugins like Advanced Custom Fields make it easy to build calls to action (CTAs) that are specific to each step in the conversion path. Shortcodes are another feature of WordPress that allows for easy CTA building, although Advanced Custom Fields is more customizable. Plugins like CrazyEgg will track conversion rates and click patterns with heatmapping software, so you can tell which parts of each page are the most effective.

Ease of Accessibility — Is WordPress Intuitive to Use/Edit?

The best website in the world can only be effective if your team is able to update it. Sadly, many CMSs are complicated to access, and even more daunting to edit and update. A common saying about WordPress is: “If you can use Microsoft Word, you can use WordPress.” Of course, I’ve always had a beef with this particular adage, because as a writer, I have a very tenuous relationship with Microsoft Word. That being said, it is a program that nearly everyone is familiar with, so it does stand as a useful comparison. I’d argue WordPress is even easier to use than Word. (I mean, have you ever tried a Mail Merge?!)

Can a WordPress Site REALLY be Custom Designed?

One of the biggest arguments against WordPress as a platform for a professional, robust website are focused on sites that use one of the many standard WordPress themes available. No one wants to simply slap their logo on a recycled generic theme that is available to anyone else for $30 – $100, right? Well, themes do what they are made for really well—they’re a great out-of-the-box solution for individual users or small businesses who just want a blog or website that is functional and looks decent. But for an enterprise-level company that needs to generate leads and sales, you need a strategic, custom solution.

Custom Designs Built into Custom Themes, Wrapped in an Easy CMS

We design all of our websites completely from scratch, customized to each client’s established goals. After extensive client interviews and research, we identify unique buyer personas that represent each type of potential customer, and map out their buyer’s journey. We start the website design with wireframing to think through functionality and conversion paths to make sure that the navigation and CTAs make sense for each user’s intent. We then incorporate design elements and imagery that fit the brand and effectively tells a story.

Once the design is approved, our developers use HTML, CSS, JavaScript and PHP to build what is essentially a custom theme, or a functional version of what our designers have created in Photoshop. We use WordPress as the content management system (CMS) that you can then use to, well, manage the content of the entire website once it’s launched. Using best-in-class plugins, we set up WordPress so that it’s easy to edit all content on the site, change any copy or images, add new posts, pages, menu items, etc.

Check out some of our recent websites—all custom-built in WordPress:

WordPress, for all the reasons above and more, is the best solution for your enterprise website—that is, if you want to create traffic, generate leads and convert your visitors. And that’s the name of the online game, right?

If you have any questions or thoughts regarding this article, or questions for our development or content marketing team, drop us a line.

Get your marketing fix. Get Leads.