Penetration testing, often abbreviated as pen testing, is an essential process to ensure you maintain a safe and secure website. But what exactly does pen testing involve, and how can you rest assured your agency partner is covering all potential vulnerabilities for you?
This article will provide a detailed guide to penetration testing, helping you minimise your security risks and ensure your website is fully protected.
In a recent series of articles published in our resource library, we provided an in-depth explanation of the end-to-end process of building a high-performance, enterprise-grade website. (If you’d like to read that series first before learning about pen testing, you can start here).
After you’ve worked with your agency partner to successfully build your website, you’ll also need to ensure your site is protected from cyber security threats. With that in mind, you should understand the important role that pen testing plays in effective website security and maintenance.
What is Penetration Testing?
Penetration testing is a form of website testing that’s used to identify security vulnerabilities When conducting pen testing on your site, your agency will simulate a range of cyber attacks that could be used by cyber criminals or malicious software (malware).
The purpose of this is to identify security weaknesses within your site and take action to prevent them from being exploited in the real world. This approach goes beyond basic tests, as it doesn’t just list the vulnerabilities, it examines how they could be exploited and helps to prevent that from happening.
Why is it Crucial for an Agency to Conduct Penetration Testing?
Website security is critical in today’s digital business landscape. Cyber security threats have become highly intelligent and sophisticated, now capable of penetrating even the strongest security networks.
For instance, global technology giant Acer was the victim of a cyber security attack that demanded a ransom of $50 million USD in recent years.
The outcomes of a cyber attack on your website could be catastrophic, either through sensitive data being stolen, lengthy losses of business continuity, or even reputational damage.
Remember, your site’s security isn’t just vital to you as a business, it’s also something your clients need assurance with when they agree to work with you. You should be taking as many proactive steps as possible to ensure your security measures are rigorous enough to match high levels of risk.
Covering All Bases for Robust Security (in WordPress)
It’s useful to be conscious of the common security weaknesses and pitfalls cyber criminals typically aim to take advantage of.
Security vulnerabilities can be created when your website is running on outdated versions of your platform, or if something hasn’t been configured or integrated properly. Other common pitfalls include weak authentication measures and insufficient protection from the perspective of your users.
With platforms like WordPress, there are some areas in which less experienced agencies could allow security vulnerabilities to creep in as well. For instance:
- Auto-updates – When your platform’s software is automatically updated, changes in the code can cause new security weaknesses to arise.
- Plugins – Using WordPress plugins from untrustworthy sources, or neglecting to update and maintain your plugins properly, can also cause security issues.
This is one of many reasons why it’s important to work with an experienced agency partner who has proven platform-specific knowledge and expertise. Your agency should know your CMS of choice inside out, and should therefore be well aware of all the most common security pitfalls and targets for cyber attacks.
What Does Effective Penetration Testing Involve?
To conduct pen testing, your agency’s security experts will run through a process that attempts to penetrate your site’s security measures.
This is usually done in stages, as follows:
1 – Planning and Preparation
- Review the results and analysis of any previous tests (if there are any)
- Define the scope of the testing, including which tests will be performed
- Gather all necessary data and information on the system to conduct the testing
- Determine the criteria of success or failure for the tests.
2 – Running the Tests
- Use automated tools to scan for vulnerabilities and identify weaknesses
- Attempt to exploit the identified weaknesses
- Repeat the tests with different types of user roles and permissions
- Measure the outcomes against criteria for success or failure
- Create a report on the outcomes and results of the tests.
3 – Post-Testing
- Review the reports and analyse the results
- Remediate and resolve the vulnerabilities that were able to be exploited
- Re-test the vulnerabilities to ensure remediation was successful.
The Benefits of Thorough Penetration Testing
Working with an agency partner who can support you with ongoing pen testing is a necessary step towards gaining enterprise-grade security for your website.
Technology changes so quickly today. Your platform receives updates regularly, your site is always growing, and cyber criminals are constantly finding new ways to breach your defences and gain access to your data. Penetration testing allows you to keep the pace with new emerging vulnerabilities.
Conducting regular pen testing can also help improve client relationships and create competitive advantages as well. In certain industries, a demonstrable commitment to security will be greatly appreciated by your target audience. This can help to differentiate you from the competition and provide the trust required to attract more prospective clients to work with you.
Website Security is a Never-Ending Battle
While every business with a website faces tremendous security risks today, this is a proven process that can help to minimise that risk and give you the confidence you need in your site’s security.
Any agency partner you work with should have the knowledge and expertise to understand the importance of pen testing, and should insist on making this an integral, ongoing part of your site’s maintenance.
Would you like these insights straight to your mailbox?
- Read our comparison between Sitecore and WordPress here.
- Read our comparison between Umbraco and WordPress here.
Digital Business
8 March, 2023
5 Women To Shape the Design and Tech Worlds
March 8th is still an important date to remind us of the brilliance of being a woman in our society. Even though it can be a struggle every day, we know that women are capable of anything and we are very proud to celebrate the achievements of these creative and intelligent women.
Hedy Lamarr
Who can live without Wi-Fi nowadays? In 1942, Hedy invented the technology that later helped the creation of wireless signals.
Rear Admiral Grace Hopper
If you’re not in the programming world, you may not have heard of COBOL. This programming language created in 1952 is still used on business applications to this day. Grace was one of the first ever compilers and her work led to the creation of COBOL.
Margaret Calvert
Even in the age of Sat Nav, you’ve probably relied on a road sign at some point, right? Either driving or walking down the street, the reliable signs are a source of comfort when technology fails. Margaret was part of the team that redesigned the whole UK road sign system. It all started in the late 1950s and her work still guides us even to this day.
Carolyn Davidson
‘Just do it’ – the famous tagline from a brand you might have heard of, called Nike. The tick logo was first developed by Carolyn when she was just starting design and the idea behind it to represent speed and motion. Even though the Nike tick is now one of the top 10 most recognised logos worldwide, Carolyn has only made $35 from her design.
Susan Kare
We all know Apple. We all know that they’ve conquered the world of technology by consistently presenting unique designs with both their hardware and software. What you probably didn’t know was that Susan was the designer responsible for developing all the typefaces, icons and other elements that serve as the core for what we now know as the Apple brand.
Would you like these insights straight to your mailbox?
Digital Business
5 January, 2023
WordPress vs Sitecore – Comparing Both Content Management Systems
Large businesses and enterprises in need of a content management system (CMS) today are spoilt for choice, because there are plenty of excellent platforms available. From WordPress to Sitecore to Drupal, the technology currently on offer is highly intelligent and intuitive.
But so much choice can make the task of finding the right CMS for your own specific business complicated and time-consuming.
Selecting a CMS is an important decision that requires a lot of research, followed by careful evaluation of all the various options. Of course, those processes can be very time-consuming. When you’re already extremely busy juggling dozens of other priorities, it’s challenging to give this the attention and effort it deserves.
To solve that challenge, we’ve done the bulk of the hard work for you. In a new series of articles, we’ll provide you with direct, objective comparisons between some of the leading options for CMSs, helping you relieve the headache of researching and evaluating them yourself.
In the first article of this series, we’ll be looking at the comparison between Sitecore and WordPress.
How Does the Security Compare for Both Platforms?
As we face ever-increasing concerns with cyber security, data protection, and various other digital challenges, finding a platform with robust security should be a top priority.
Sitecore Security
Sitecore has a reputation of being the leading CMS for large businesses, guaranteeing an enterprise-grade experience that includes a high level of security.
Sitecore’s security is also strengthened by the vast range of in-built features within the platform, which we’ll discuss in more detail later. There’s no need to purchase more third-party software or plug-ins to enhance its functionality, which means you won’t be creating any additional vulnerabilities or risks. The platform also receives frequent security updates which bolster your protection even further.
If security is a concern for your business, Sitecore should be high on your list of potential candidates for a CMS.
WordPress Security
For a long time, many people believed the misconception that WordPress isn’t secure enough for large businesses. However, industry leaders such as global investment firm Blackstone, the NHS in England, global research and advisory leader Forrester, and multinational bank Standard Chartered now use WordPress for their CMS. This goes a long way to proving that wrong.

In fact, WordPress is already a secure, stable platform out-of-the-box. So, where did this myth come from?
Well, vulnerabilities can arise in certain scenarios. Firstly, strong security with any technology is dependent on a well-managed hosting environment. If you have WordPress hosted in a secure environment from an experienced provider, with proactive security measures in place, your risk will be extremely low.
Secondly, plugins are something to be cautious of when it comes to security, both in terms of where they come from and keeping them properly maintained. Security threats will be minimised if you only use plugins from trusted sources. You should also ensure you always keep them tested and updated, ideally working alongside security-specific plugins like WordFence.
We appreciate this may sound like a lot of work. That’s why all the examples of the businesses succeeding with WordPress have the support of an agency partner who ensures all these things are taken care of during the development stage. It’s worth noting, though, that this will also be the case when adopting any CMS in a business setting.
Which Platform is More Scalable?
One of the most important aspects of a CMS is its scalability. A CMS is a long-term investment, and this is one of the most influential factors in determining whether that investment will be successful or not.
You’ll need to ensure your site can evolve as your business grows and your needs change over time. This will require an infrastructure that can quickly and easily scale with more pages, additional functionality, and perhaps even more sites, without the burden of hefty costs for more development work.
How Scalable is Sitecore?
Sitecore is designed specifically for large businesses, so its scalability is up there with the very best. Sitecore is a robust platform that allows your digital presence to grow seamlessly as your business grows, even if you need to build multiple sites to serve different groups of users in different languages.
How Scalable is WordPress?
WordPress is another highly scalable platform. Despite some still mistakenly believing that WordPress is suited to smaller businesses, you can use the CMS to build sophisticated, industry-leading sites. Like Sitecore, WordPress is agile and scalable enough to grow alongside your business and adapt to your changing requirements.
How Capable are these Content Management Systems?
The main purpose of a CMS is to provide a software-based infrastructure upon which you can build and manage websites and applications. While most CMSs are similar on the surface, with the same fundamental functionality, they each have unique features and capabilities that differentiate them
For example, one critical indication of quality for a CMS is how easy it is to use. Once you’ve adopted a platform, you and your colleagues will need to feel immediately comfortable using it on a daily basis. If a CMS can’t provide good usability, it’s probably one you should avoid.
Sitecore as a Content Management System
Sitecore is actually considered a fully managed ‘digital experience platform’ that comes with more capabilities than the average CMS.
Most of its best features are readily available as soon as you begin using Sitecore. That allows you to get a high quality site live very quickly without additional work within the platform.
However, Sitecore typically provides quite hierarchical, complex workflows that might be frustrating for small or agile teams. This can also create longer development cycles than usual, giving you a slower time-to-market than more intuitive systems like WordPress.
WordPress as a Content Management System
WordPress is easily the most popular CMS in the world right now, with around 45% of all websites built on the platform. One of the main reasons for that is its ease-of-use, with simple and efficient content management
This usability allows you to get up-to-speed quickly and share responsibilities across several members of your team, even if they have no previous content management experience.
WordPress also makes it convenient to edit content on a page-by-page basis, saving you valuable time, with its block-based design an ideal method for customisation and site management.
How Much Personalisation do they Provide?
The ability to customise and tailor your site’s content to your target audiences is more important today than ever before, with so much of modern business now taking place online. Therefore, this is another important point to consider when choosing between your various CMS options.
Personalisation in Sitecore
When compared with other platforms, Sitecore’s personalisation is excellent. Sitecore will provide you with a great deal of control over the structure and design of your pages, allowing you to tailor your user experience and drive greater performance for your site.
This is particularly useful for larger businesses with high volumes of potential site visitors, delivering competitive differentiation and driving increased conversion rates.
Personalisation in WordPress
WordPress is also highly customisable. You can use its flexibility to get creative with your design, and build bespoke features and functionality to better engage with your audience.
There’s not much to separate Sitecore and WordPress in this area. The gap in personalisation becomes even smaller if you find an experienced agency with WordPress-specific expertise to help develop your site and improve your customer experience.
Integrating with Other Systems
Before your business invests in any digital platform, it’s important to ensure that technology can integrate easily with your existing software. Whether it’s your customer relationship management (CRM) or any other marketing systems, any digital tools you currently have should ideally be compatible with your new CMS.
How Sitecore Integrates with Other Systems
Sitecore integrates well with other systems. It allows you to achieve out-of-the-box integration with most of the leading CRM software, and plenty of other digital tools and platforms.
How WordPress Integrates with Other Systems
WordPress tends to be the easiest platform to integrate with your existing systems, because most brands and other SaaS products have already made themselves compatible.
This means you can deploy WordPress with minimal disruption, regardless of whether you’re building a new site from scratch or migrating your current site from a different CMS.
Total Cost of Ownership (TCO)
Of course, you’ll also want to ensure you’re getting a solution that will deliver good value for money. With a CMS, the total cost of ownership (TCO) can vary greatly from one platform to another, due to factors like licensing fees and update-driven maintenance.
Sitecore Initial Investment and Ongoing Costs
Sitecore is an expensive option, even if you have a large budget to work with. You’ll be required to purchase licences for the platform with an ongoing renewal fee each year. These licenses come in tiers, so if you want to access the full range of benefits from Sitecore you’ll have to opt for the most expensive offering.
On top of that, you’ll also need to account for development costs with an agency, hosting costs, maintenance and support fees, and various other expenses that give Sitecore a very hefty total cost of ownership (TCO).
Furthermore, Sitecore requires ongoing management and maintenance to handle regular large-scale updates to the platform. When updates occur, new versions of the software come with a big price tag and may cause you to pay for additional development work to get your site up-to-speed.
However, this could be a worthwhile investment if Sitecore’s features and capabilities are necessary for your specific requirements. If you’re looking for a quality, trustworthy enterprise-grade platform, Sitecore can justify the cost.
WordPress TCO and Value
Conversely, WordPress is a much more cost-effective solution with a drastically lower TCO. Licenses for WordPress come at no cost and the software is entirely open-source. That means your implementation costs would be limited to just hosting, agency fees, and post-deployment support.
If you decide to use any plugins or extensions of the platform, these will be licensed and paid for separately. However, businesses rarely need to bolt on many new tools or capabilities because WordPress is such a feature-rich platform already.
When WordPress is updated, unlike Sitecore, managing and testing your site can be done in just a few hours at a much lower cost.

A Word on Agency Partners
One thing both Sitecore and WordPress have in common is the small selection of platform-specific agencies who can build high performance sites for large businesses using this technology.
A CMS becomes far easier to use, and easier to drive strong return on investment (ROI), if you have a specialist partner supporting you.
Finding an agency with the necessary experience and expertise to help you leverage these platforms to their full potential should be another important influence on your choice. From integration, to development, to maintenance, all the benefits and advantages of the platforms will require an agency to help you fully unlock them.
How to Make Your Decision
So, with all that information, how can you decide between the two?
Both of these platforms are excellent options that would serve most businesses extremely well. After all, there’s plenty of good reasons why some of the biggest companies in the world use Sitecore and WordPress.
Ultimately, when looking for a CMS that’s the right fit for your specific business, you should make a detailed assessment of your strategic objectives, unique requirements, budget, users, and other important factors. Use that to determine which solution is most capable of meeting those needs.
If you still need more help working through this process, read our comprehensive guide to understanding and evaluating the enterprise options for large businesses here.
Would you like these insights straight to your mailbox?
Development
9 June, 2023
Craft vs WordPress: Which Platform is the Best Option for Your Business?
When you’re responsible for managing a new website development process, you’ll have some difficult decisions to make. Two of the most difficult decisions will be finding an agency that you can trust, and finding a content management system (CMS) that will give you the flexibility and performance to drive your business forward online.
Your CMS will play a significant role in helping you meet your specific website requirements and enabling you to achieve your strategic goals.
We’ve compared lots of different CMSs in our recent series of articles, and each of them have their own strengths and weaknesses. In this article, we’ll compare WordPress and Craft.
Ease-of-Use
It’s vitally important to ensure that the platform you choose is straightforward to manage. You’ll want a platform that’s approachable, with a low barrier for entry, to avoid any challenges in the daily running of your website.
Craft’s Ease-of-Use
Whilst Craft is an open-source CMS, it requires technical development expertise in order to manage the platform once built. Management for non-technical teams will likely be difficult, thus limiting you in your ability to build out content and new features over time.
If you do have expertise in-house, that will allow you to manage your website more easily, as the CMS itself is efficient for publishing and managing content.
Craft also makes it easy to collaborate and share responsibilities across teams without any interference or complications. For example, you can save draft versions of pages and share them with colleagues – with private links that don’t even require you to be signed in – before publishing live on your site.
WordPress’s Ease-of-Use
Conversely, WordPress is specifically built so that content can be managed in-house. WordPress provides you with a convenient, intuitive user interface (UI) that allows quick and easy publishing, management, and editing of content on your sites.
Put simply, WordPress is a more traditional CMS that’s suitable for a wider range of users and teams. It allows you to easily manage the content on the front-end, whilst also facilitating a quick time-to-market for the development of your website.
This ease-of-use also helps to share responsibilities throughout your team.
Flexibility
Flexibility will always be high on your list of priorities when looking for a CMS. Tailoring your platform to fit your own unique requirements is a crucial capability in today’s digital business landscape.
How Flexible is Craft?
Craft is all code-based, which allows you to build virtually any type of website you want, with great flexibility. The only limitations, really, will be with the platform-specific development capabilities of your agency.
How Flexible is WordPress?
WordPress also offers a great deal of flexibility and customisation, but the difference here is that it’s unlikely you’ll need to alter much about WordPress’s pre-existing tools and features to be able to build a website you’re happy with.
With WordPress, you have everything you need to build a high-performance website. But that’s complemented by the flexibility to make enhancements and seamlessly scale the platform with new bespoke features if you wish to.
Integrations
Before you select a CMS, you’ll need to ensure it can easily integrate with any existing systems your business has in place. Whilst most CMSs will be able to integrate well with a variety of third party systems, it’s important to be aware of any limiting capabilities of the platforms.
Craft’s Integrations
Integrations with the most popular third-party platforms are typically supported in Craft through plugins. However, you may need to integrate manually with platforms using API’s.
While this gives you more control over your CMS’s functionality and security, it’s another area in which you’ll likely have to spend more time and money on agency development work. Those integrations will also need to be maintained and updated manually as well, which may be a financial and time burden on your agency.
WordPress’s Integrations
WordPress’s global popularity means that it’s readily compatible with most of the third-party systems you’ll already have within your business.
You’ll have a wide range of native plugins available that will integrate your WordPress site with virtually any other tool. Even if you have more advanced requirements, it’s usually easier for your agency partner to do this bespoke development work in WordPress than it is with other CMSs.
Developer Communities
Investing in a platform that’s supported by a community of developers will provide you with additional benefits and advantages. It’s always helpful to have other users working to continuously create additions and updates to help the CMS grow and improve.
Craft’s Community
Craft has a passionate community working hard to help enhance the platform, but it’s only a fraction of the size when compared to more mainstream CMSs like WordPress.
Still, size isn’t all that counts here. Craft’s community is very supportive and highly active on channels like Slack and Discord. Craft also has a StackExchange, which is a Q&A forum that many developers use to share learnings as they work through projects.
The WordPress Community
At 20 years old now, WordPress’s popularity and global market share means it has an enormous community supporting it.
WordPress’s community consists of millions of users who work tirelessly to offer support, collaboration, knowledge sharing, events, and much more.
Any questions, problems, or requirements you have are often answered very quickly by members of the WordPress community. This also results in exciting new enhancements and features being released on a near-constant basis to drive the platform forward.
Being part of the WordPress community will also give you access to free events that help users learn to get as much value as possible from the platform.
Cost and TCO
Cost is a key factor when choosing a CMS. It’s also important to remember the up-front costs aren’t the only thing you need to consider here. Since your CMS is a long-term investment, you should be looking for a low total cost of ownership (TCO) for all your related costs over time.
Craft’s Initial Investment and Ongoing Costs
With Craft, you’ll need to purchase either the pro or enterprise plan. Pro comes with a one-time payment of £250 per project, and an additional annual payment to continue receiving updates. The cost of the enterprise plan will vary depending on your requirements and usage.
As mentioned earlier, the costs associated with the platform may also be high. This is due to the need for agency support across many aspects of your project, from setting up your website, to integrations, to ongoing maintenance.
The actual costs of development with Craft may also be higher than with other CMSs because of the smaller scale and more specialist nature of the platform.
It’s also worth mentioning that Craft CMS hosting services are more limited than those of WordPress, again likely making them more expensive.
WordPress Cost and TCO
On the most part, WordPress is a more cost-effective platform than Craft, with a lower TCO.
WordPress is free-to-use, limiting your initial costs to just hosting, development agency fees, and post-deployment support.
As touched on earlier, achieving a much faster time-to-market will allow you to launch a quality website quickly so you can begin gaining strong ROI right away.
Another cost-related benefit of WordPress’s ease-of-use is that if there’s bespoke development work you need your agency to complete, it will usually come at a reasonable cost. Because Craft is such a niche and technical platform, bespoke development work often comes at a premium in comparison to the more widely-used WordPress.
When the WordPress platform receives updates, it’s often fairly quick and straightforward for your agency partner to test and maintain your site.
These advantages add up to create a lower TCO for WordPress than you’ll have with other enterprise CMSs.
Conclusion
Both Craft and WordPress are both great CMSs in their own right, and would serve most businesses. Although, it’s difficult to deny that WordPress is a much more approachable platform than Craft for the average user.
If you’re a team with a great selection of existing development skills, Craft can provide you with some innovative capabilities and could be the right platform for you.
The key thing to remember when making this evaluation is that you should select the platform that directly aligns with your own specific circumstances and requirements.
Every business, and every web development project, is different. Carefully consider your objectives, budget, users, in-house skills, and any other factors that may come into play. That should allow you to determine which CMS is the right one to deliver what you need.
If you need more help finding a CMS for your new website project, read our comprehensive guide to understanding and evaluating the options for large businesses here.
Would you like these insights straight to your mailbox?
Announcement
1 November, 2022
SoBold announce Cyber Essentials certification
SoBold announce their Cyber Essentials certification for the third consecutive year which demononstrates their commitment to delivering secure technical solutions to their new and existing clients.
Cyber Essentials is scheme which helps guard your organisation against a range of common cyber threats. SoBold’s resilience across a range of internet facing devices was tested and approved, ensuring there were not any major critical vulnerabilities discovered
SoBold Technical Director, Sam Phillips said:
With an ever growing cyber threat, Cyber Essentials certification is becoming more and more important to maintain. Protecting both our clients data and websites is of the upmost importance and successfully passing the more thorough Cyber Essentials guidelines new for 2022 shows our commitment to this.
Would you like these insights straight to your mailbox?
Industry News
12 January, 2023
WordPress vs Drupal – Comparing Both Content Management Systems
There are plenty of similarities between WordPress and Drupal. That can make it particularly hard to choose between the two if you’re tasked with finding a new content management system (CMS) for your business. But when you’re about to invest in a new CMS, it’s an important decision that needs careful consideration.
After all, your CMS will be the platform upon which your website is built, and the influence that will have on your business growth and success today shouldn’t be underestimated. With that in mind, it’s crucial to find a platform that aligns with your specific requirements and enables you to achieve your strategic objectives.
To help you gain a clear understanding of the differences between WordPress and Drupal, and decide which one is better suited to your business, we’ve provided this helpful side-by-side assessment.
This article is part of a new series where we’ve explored direct, objective comparisons between some of the leading options for CMSs. In the third article of this series, we’re looking at Drupal and WordPress. You can find links to the other articles in this series at the bottom of the page.
Approachability and Ease-of-Use
A CMS is a big investment, and so you’ll want to begin getting good use and value from your platform of choice as quickly as possible. Like any type of software, though, some platforms are more approachable for the average user, while others will require you to have some previous experience to get going.
How Approachable is Drupal?
Drupal is aimed at users with some prior coding skills or content management experience. If you have technical skills at your disposal, Drupal can provide great functionality once you’ve put some time and effort into setting everything up.
For non-technical users, however, working with the platform and getting comfortable using it can be a long-term process. It’s an advanced CMS that doesn’t offer much in the way of straightforward usability “out-of-the-box” unfortunately. If your team is made up of non-technical users and beginners, this might not be the best platform for you.
Even if you work with a web development agency to help you get everything set up and tailored to your preferences, the complexity of the code will make their project timelines and costs higher than the average CMS.
How Approachable is WordPress?
WordPress is very approachable for anyone, even beginners without any previous experience using a CMS.
Simplicity is one of WordPress’s greatest strengths, and many would argue that elevates it above all its peers.
This usability allows you to get up-to-speed immediately with a very fast time-to-market for your site. That means you’ll begin to achieve a positive return on investment (ROI) much quicker than most other platforms. Almost everything you need to build and manage your website will be readily available when you first begin using WordPress, making it more approachable for the average user than Drupal.
As it’s such an intuitive platform, pretty much anyone in your team will be able to use WordPress. That will make it easier to handle the daily management and running of your site as a shared responsibility.
Functionality and Customisation
As touched on above, you should be looking for a platform that you and your colleagues will be comfortable using on a daily basis. If you don’t like the way a CMS functions, you should remove it from your shortlist of options.
While Drupal and WordPress are similar at first glance, with the same fundamental functionality of a CMS, there are some unique features and capabilities that differentiate them. There’s also a wide range of ways to customise them to your own liking.
Working with Drupal
While the complexity mentioned in the previous section does require considerable time, effort, and money to get past, once you’ve got there you’ll likely find Drupal is a good CMS to use for building and editing your website.
Drupal’s user interface (UI) is fairly easy to get used to. You can publish, edit, manage, and organise content with flexibility, adjusting your page structure and site navigation. You can also lean on a large library of website themes and modules, which are additions similar to WordPress’s plugins, to tailor your CMS to your own unique specifications.
Working with WordPress
As a CMS, WordPress’s simple, intuitive functionality allows you to seamlessly launch and manage your site. It’s very convenient editing content on a page-by-page basis with WordPress with its block-based design. This allows you to create quality content from day one, with the freedom and flexibility to make adjustments to the platform as and when you require.
WordPress also allows you to customise it as well with a vast selection of plugins and themes. The difference between WordPress and other CMSs, though, is that there’s not much you’ll need to change about it out-of-the-box before you can begin using it comfortably.
Because it has a lower cost and faster time-to-market, it will free up more time for you (or your agency) to focus on higher value work, like differentiating your site from competitors or developing personalised content for your customers.
Platform Security
When writing down the criteria that you’ll use to select your CMS, security should be one of the first things on that list. Threats to cyber security and data protection are increasing by the day, for businesses of all sizes across all sectors, so it’s crucial to ensure you select a secure, trustworthy platform.
How Secure is Drupal?
One of the major advantages of a CMS that’s aimed at those with web development skills is that the users of Drupal work hard to ensure the platform is highly secure. Drupal regularly receives security updates and additional reinforcements to protect the platform.
Of course, you still need to test thoroughly and continuously double-check there are no vulnerabilities in your system. This is usually the responsibility of your agency, and a good partner should always prioritise security at the core of any development project.
How Secure is WordPress?
WordPress is a secure platform, but some still carry the misconception that it isn’t suitable for large businesses. To find evidence of its enterprise-grade security, though, you only need to look at the number of organisations using WordPress as their CMS of choice today.
Still, there are some potential vulnerabilities that are important to be aware of. For instance, be careful when adding plugins to your WordPress platform. As WordPress runs on open-source software, some developers will inevitably release plugins that aren’t secure, so you should only use plugins from reputable sources.
When you do use plugins, you’ll also need to test them thoroughly and keep them updated, and ideally have them working alongside security-specific plugins such as WordFence. These are issues that a good agency partner should be well aware of and handle for you.
Security is also influenced by the hosting environment of your platform. You can reduce your security risks further with WordPress if you find a trustworthy, well-managed hosting partner to look after your system.
The Global Communities
An active community of developers is a valuable asset for a CMS to have. This is a selection of dedicated users who work hard to contribute to growing and improving the platform, either by releasing new updates and plugins or fixing bugs in the software’s code.
For businesses like yours, the community could make the difference between having a small issue resolved quickly or growing into a big problem. Communities also provide resources to learn more about the technology, to further develop the digital offering you provide to your customers.
Drupal’s Community
Drupal has a fairly niche, but very passionate developer community supporting it. The size of Drupal’s community is considerably smaller than more popular platforms like WordPress, mainly because of that higher degree of coding skill required to use the CMS easily.
However, that doesn’t detract from the level of support or added value you’ll receive if you do opt for Drupal. New themes, modules, and updates are often released to contribute to the quality of websites that can be built on the platform.
WordPress’s Community
Most of what’s been discussed as strengths of WordPress in this article can be put down to the hard work of the community adding to the software.
WordPress’s community is truly global, with millions of users regularly producing innovative new themes and plugins that your business can pick up and begin using with ease.
No matter what issues you run into with your WordPress site, there will always be help readily available from the community.
WordPress users are renowned for their events as well, with free meet-ups and conferences often held to help users learn more about the technology. WordCamp, for example, is a non-profit event that has been run by the WordPress community since 2006 across several continents. WordPress also hosts an annual event called WordPress accessibility day, designed to help increase awareness of the importance of accessibility in modern technology.
The Cost and TCO
Another important aspect of your evaluation will be the cost of your CMS, and its long-term total cost of ownership (TCO).
The platform you choose will need to deliver good value for money and a strong ROI. How easily you can achieve these will vary depending on the CMS and how well it aligns with your business’s requirements.
Drupal’s Up-Front Investment and Ongoing Costs
Drupal is an open-source platform, which means it’s free to use. In most cases, Drupal is a good option in terms of value when compared to other CMSs.
You’ll only need to worry about costs like agency fees for development, your platform hosting, and post-deployment testing and maintenance.
However, the aforementioned complexity of Drupal often causes agency work to be more costly and time-consuming than it would be when working with platforms like WordPress. From basic set up and development to customisation, it’s possible your TCO will continue to grow over the years the longer you’re working with Drupal.
WordPress’s Low Cost and TCO
WordPress, on the other hand, is a very cost-effective solution with a much lower TCO than with Drupal.
It’s another open-source platform with no license fees, and you’ll rarely need to add on new features or capabilities because it comes with so much “out-of-the-box” already.
WordPress development is more simple and affordable, as are its maintenance and support. As mentioned earlier, the fast time-to-market helps you get a high quality website launched quickly so you can begin seeing ROI almost immediately.
Understanding the Role of an Agency
The role of an agency has been mentioned several times throughout this article. That’s because most businesses with a great website will have worked with an agency partner with platform-specific skills to help them bring their vision to life.
An agency can support you with hosting, design, development, maintenance, security, and updates, each of which can be highly complex and challenging to handle alone.
Therefore, it becomes even more important to consider how easy your CMS is to work with, not just for you and your team but for your development agency as well.
With a platform like Drupal, that has a reputation for being difficult and time-consuming to work with, agency projects are likely to be quite a big investment, and an ongoing one at that. WordPress is a platform that’s far easier to work with, meaning that the cost of releasing a quality, secure website will be much more affordable.
A CMS becomes far easier to use when you find an agency with the experience and expertise to help you gain as much value from the technology as possible. Whichever platform you choose, you’ll find it easier to achieve positive ROI if you have a specialist partner supporting you.
Deciding Between Drupal and WordPress
Both WordPress and Drupal are perfectly good options for most businesses looking for a new CMS. While there are strengths and weaknesses to consider, the most important thing is to keep your business’s specific needs in mind.
Make sure you’re clear on your strategic objectives, unique requirements, users, budget, and other factors to inform your decision. Once you’ve done that, use the comparisons in this article to see how each CMS lines up against what you’re looking for. It should then become evident which platform is more suitable for you.
If you need more help in your evaluation of the various CMS options: