A content management system (CMS) is a type of software-based technology, used to build and manage websites and other digital products. A CMS allows you to easily create, edit, and publish digital content across a range of online channels, such as the web and mobile. This is the most common technology platform used by businesses to build assets such as websites, with almost two thirds (63%) of all sites on the Internet now delivered via a CMS.
With that in mind, it’s clear why most businesses today are heavily reliant on this technology. Whether you’re developing something new from scratch or switching from an old platform to a new one, selecting your CMS is an extremely important decision with a lot riding on it. But with such a vast landscape of digital solutions to navigate, and so many different options available, finding the right CMS can be overwhelming.
To help you through the process of finding the right CMS, this article compares four of the most common options for large businesses. We’ve also listed their pros and cons, and provided some additional considerations that will be useful for you to think about along the way.
First, the Criteria
A CMS can be used to build various digital products and assets, from websites and mobile apps to bespoke systems like staff portals and internal training platforms. Particularly in large businesses, it’s common to need to create some bespoke features, functionality, or digital processes as well. Whatever it is you need, you should aim to find a platform that’s capable of delivering on your specific requirements.
Here are some points to include in your criteria when researching the options for your CMS:
- Bespoke development capabilities
- Easy integration with existing systems and legacy technology
- Scalability and performance in peak traffic
- Enterprise-grade security
- Quick and easy editing capabilities
Now we’ve covered what a CMS should be able to do when you start implementing it within your business, let’s look at the different platforms available to you.
Option 1 – Drupal
The Pros:
- Drupal is a highly secure platform, which is a crucial quality for a CMS to have.
- It’s very intuitive for users who have coding experience or advanced content management skills.
- It has a great community of users surrounding it, which contributes a lot of value and is able to provide support.
- It also has hundreds of unique thematic options to choose from when designing your site.
The Cons:
- Drupal can be hard to work with for non-technical users, as it lacks simplicity and provides limited customisation.
- It can take a long time to get up and running, which means your costs will be quite high if you work with an agency partner.
- It’s also worth noting that the version of Drupal most businesses use now (Drupal 7) will be reaching end-of-life soon.
Option 2 – Sitecore
The Pros:
- Sitecore is purpose-built for large businesses, guaranteeing an enterprise-grade experience.
- Sitecore is a robust CMS with a high level of in-built security.
- It actually provides a fully-managed ‘digital experience platform’ that comes with more capabilities than the average CMS.
- It also offers great personalisation and excellent pre-built features.
The Cons:
- Sitecore is an expensive option, even if you have a large budget to work with.
- It requires you to procure licenses to begin using it, and also restricts certain capabilities unless you progress to higher tiers of licenses.
- It typically runs with hierarchical, complex workflows that might be frustrating for small or agile teams.
Option 3 – Umbraco
The Pros:
- Umbraco’s scalability makes it very suitable for large businesses.
- It’s free to use and open-source, with an active community of users supporting it.
- It allows you to manage a high volume of pages easily and efficiently.
- It’s another platform that comes with a high level of in-built security.
The Cons:
- It can be difficult to work with for the average user. As with Drupal, Umbraco is mostly suitable for more technical users who have coding skills or some development experience.
- This complexity again increases the likelihood of higher costs with your agency partner (if you go that route).
- It’s common for sites built with Umbraco to be reported as slow, for both back-end editing and the front-end user experience.
Option 4 – WordPress
The Pros:
- WordPress is extremely scalable and dynamic. It can easily grow and evolve as your business grows, continuing to meet your changing needs.
- It’s renowned for its ease-of-use. Because of this, it enables you to deliver your projects quickly and efficiently.
- It’s highly customisable, making it ideal for bespoke development. With the right knowledge and skills, you can build almost anything with WordPress.
- It also typically comes with a very low total cost of ownership (TCO). You won’t need to add on new features or capabilities, nor pay for costly extra work to handle platform upgrades or updates.
The Cons:
- If you apply too many plug-ins, WordPress sites can slow down and experience dips in performance, but a good agency partner should encourage you to minimise the use of these.
- Some still see WordPress as an unprofessional platform used mostly for small blogs, but that old myth couldn’t be further from the truth today.
- WordPress is a secure platform, but plug-ins can create vulnerabilities if they’re not tested well or taken from untrusted sources. Again, a good agency partner should guide you with this to reduce the risk and prevent any issues.
Interested in learning more? Check out our related article here, where we explore the benefits of WordPress for large businesses in greater detail.
A Brief Word on Agency Partners
As touched on earlier, you’ll also need to consider whether you want to take the approach of working with an agency partner or not. For large businesses, most development projects tend to involve complex requirements that are almost impossible to manage without the support of an experienced agency.
An agency partner can provide you with strategic guidance, platform-specific skills and tools, and expertise to help you gain as much value from the technology as possible. While it’s perfectly valid to decide to implement a new CMS without an agency working alongside you, doing so will probably make things a lot more challenging, a lot more expensive, or possibly both.
All the platforms mentioned here have their benefits. But they’ll each be significantly easier to use, and will deliver far greater return on investment (ROI), if you have an experienced partner involved.
How to Choose the Best Option for Your Business
Keep in mind that every business is unique and every web development project is different. These platforms are all good options in their own way, but a solution that works well for the majority of organisations might not be the right choice for you.
Whether you’re building a bespoke website or migrating an existing site to a new platform, you have to be thorough in your assessment and make the right choice for your specific business.
To really understand the pros and cons of these options, you first have to be clear about exactly what you need and what you’re aiming to achieve. You’ll then need to determine which solution best aligns with your requirements, budget, and strategic objectives.
If you’re in the process of assessing solutions to help you deliver a bespoke development project, read our comprehensive guide to evaluating and selecting the right platform here.
Would you like these insights straight to your mailbox?
- A fully-managed service with 24/7 support
- Automated monitoring and alerts
- Back-up and disaster recovery
- 99.99% up-time
- 100% pass-rate for data centre audits.
Announcement
1 November, 2022
SoBold announce Cyber Essentials certification
SoBold announce their Cyber Essentials certification for the third consecutive year which demononstrates their commitment to delivering secure technical solutions to their new and existing clients.
Cyber Essentials is scheme which helps guard your organisation against a range of common cyber threats. SoBold’s resilience across a range of internet facing devices was tested and approved, ensuring there were not any major critical vulnerabilities discovered
SoBold Technical Director, Sam Phillips said:
With an ever growing cyber threat, Cyber Essentials certification is becoming more and more important to maintain. Protecting both our clients data and websites is of the upmost importance and successfully passing the more thorough Cyber Essentials guidelines new for 2022 shows our commitment to this.
Would you like these insights straight to your mailbox?
Announcement
24 September, 2022
SoBold is an accredited Living Wage employer
SoBold has continued to be an accredited Living Wage Employer and has formally made a commitment to ensure all new and existing staff contracts are renewed at the Living Wage rate as a minimum.
SoBold has been a Living Wage Employer since 2019 and they are committed to ensuring that all staff are treated fairly and remunerated fairly in line with the Living Wage Foundation.
The new Living Wage rates were announced on Thursday 22nd September 2022 and SoBold ensured that all staff pay is in line with this.
SoBold hope to see more agencies within the technology sector follow suit and become accredited.
SoBold Managing Director, Will Newland said:
We are proud of the people that work at SoBold and we truly care about them. Our staff have always been the life blood of our organisation and it is an absolute no brainer for SoBold to be a Living Wage employer.
Would you like these insights straight to your mailbox?
Digital Business
9 February, 2023
10 Tips to Improve WordPress Security and Minimise Risks
Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic.
As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.
When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs.
Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform.
On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?”
Is WordPress Secure?
The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.
In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.
Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else.
But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately.
That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.
Best Practices to Strengthen WordPress Security
1 – Secure Hosting
The hosting service you choose for your platform will determine how secure and well protected your data will be.
It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services.
Some things you should consider essential for a hosting provider include:
Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.
2 – Back-Up and Disaster Recovery
Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses.
3 – Be Careful with Plugins
Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.
It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.
4 – Always Keep Your Platform Updated
When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.
Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware.
This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.
5 – Never Auto-Update Your Plugins
You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience.
Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform.
6 – Use Security-Specific Plugins
Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro.
These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.
7 – Enable SSL
A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice.
8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard
Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.
9 – Encourage Your Users to be Mindful of Security
The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.
Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.
10 – Find a Trustworthy Agency Partner to Support You
We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.
That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.
It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.
Being Truly Secure is an Ongoing Process
When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice.
However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that.
Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise.
Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here.
Would you like these insights straight to your mailbox?
Industry News
14 January, 2025
Five Things We Learned at Brighton SEO
Back in early October, SoBold made our debut visit to Brighton SEO. Since then, we’ve been busy putting the invaluable lessons from the event’s talented speakers into action, all while navigating Google’s November and December Core Updates. Now the dust has (hopefully) settled on the update-front, and the with next iteration of Brighton SEO still a few months away, we’ve taken the opportunity to reflect on our key takeaways and their impact on our approach.
A functional relationship with your development team is critical for SEO success
During Brighton SEO, a recurring theme across different talks was the challenges SEOs face when working with development teams, particularly those that operate in silos. Whether in-house or outsourced to separate agencies, a lack of communication, deprioritised SEO tickets, and limited understanding of SEO best practices often lead to delays, errors, and missed opportunities. Many speakers and attendees expressed frustration at the need for excessive hand-holding to ensure even basic tasks were actioned correctly.
At SoBold, we avoid these risks with a collaborative effort between our development and SEO teams. As a WordPress-first agency, our integrated approach ensures SEO tickets are prioritised appropriately, and implemented to the highest standard. By removing barriers between teams, we’re more efficient and deliver results that drive SEO success.
Don’t discount the basics
It sounds very simple, but one of the biggest takeaways from Brighton SEO was how critical the fundamentals remain to SEO success. Numerous case studies and real-world examples shared by speakers reinforced that many websites fail to rank well simply because they lack a strong foundation. While advanced techniques and tools may sound exciting, the potential is often wasted on websites that haven’t addressed core issues.
Speakers emphasised that getting the basics right still yields some of the highest returns. Core Web Vitals, metadata optimisation, fixing 4xx and 3xx errors, a clear site hierarchy and URL structure, proper indexation, robots.txt configurations and ensuring basic analytics are in place all play a pivotal role. These essentials are often the difference between stagnation and significant ranking improvements. Ensure your fundamentals are sound before turning to more advanced methods and strategies.
AI can be a game-changer for audits, but nothing beats human written content
AI has been the buzzword of the industry in the past two years. Incorporating AI into everyday tasks to maximise efficiency was a key theme at Brighton SEO, specifically the use of AI to streamline time consuming tasks like audits and data analysis.
Audits are central to developing an SEO strategy and crafting roadmaps, and leveraging different AI and machine learning strategies to research, collate, and organise relevant data was a hot topic at the conference, with lots of very knowledgeable people offering extremely useful and actionable insights into how existing workflows can be enhanced through AI.
By leveraging AI tools and machine learning, SEOs can quickly identify technical errors, gather keyword insights and generate comprehensive reports, freeing up more time for the higher-impact strategic work. Speakers showcased actionable ways to integrate AI into workflows, potentially revolutionising the process of audits, roadmaps, and reporting.
However, there are clear limits to the use of AI. While it excels behind the scenes, it falls short when it comes to creating authentic, engaging content. Google’s guidelines, a number of algorithm updates, and leading voices within the SEO community on social media continue to emphasise that nothing beats human-written content based on real expertise and experience. The message was clear: AI can enhance efficiency, but content that resonates with users, builds trust and meets the intent of the searcher must remain in the hands of skilled human writers.
Google’s AI snippets are traffic thieves
Generative AI has been a hot topic across numerous industries since the launch of ChatGPT 3.5 in November 2022, especially in SEO. Google has released numerous updates (to mixed responses) to combat the large influx of AI generated content and the ability for anyone to churn out masses of content on subjects outside their areas of expertise.
There’s no doubt the rise of AI sent internal shockwaves at Google, who had to quickly innovate to withhold a potential threat to their dominance. As a consequence, they released the Google Generative AI Snippets, which generates AI answers at the top of the search results for a range of queries, based on information it’s gleaned from the top ranking pages for said query.
While the concept may seem beneficial to users, the reality is stark for website owners and their SEOs: visibility is drastically reduced. Data presented at Brighton SEO revealed that URLs in Position 1 under these snippets suffered traffic drops of 70%.
Many SEOs and site owners argue this practice borders on theft, as Google repurposes content with minimal credit or incentive for users to click through, and wouldn’t be able to surface any of this content without the websites creating it in the first place. This controversy isn’t going away anytime soon, and SEOs will need to strategise carefully to adapt to this new reality.
Test, test, and test again
Many of the talks were very insightful, offering new methods and solutions for a range of tasks. But each website is different, and what may have a profound impact on one website may not do the same on another.
There are very little one size fits all in SEO, and our testing of the new methods and techniques detailed at Brighton SEO has shown just that. We can take the direct learnings from these talks and apply them literally with minimal change, but with benchmarking the initial metrics, examining the difference once recommendations are applied, and tweaking these with our own insights, we can maximise the impact.
Whilst the wealth of talent and expertise of the speakers at Brighton SEO was at a very high standard, SEOs shouldn’t rest on the laurels and only go as far as these talks suggest, but leverage their own expertise and knowledge, pairing it with the expertise from these conferences to get the best results. Building upon some of the strategies outlined at Brighton SEO and putting our own SoBold-spin on these is already bearing fruit, and testing is at the heart of this.
Final Thoughts
From the importance of solid fundamentals to embracing AI’s potential while recognising its limitations, these takeaways are invaluable for SEOs and developers alike. By testing, adapting, and collaborating, we can turn these learnings into impactful strategies allowing us to navigate the uncertainty of Google Updates, as we look ahead to the next conference in April.
Would you like these insights straight to your mailbox?
Announcement
30 October, 2022
Transport for London renew Cookie Management Contract with SoBold
SoBold is pleased to announce that they have renewed their contract with Transport for London to manage and support a bespoke Cookie Consent Management Tool for use across TfL’s portfolio of websites which includes 30 domains.
SoBold recently became only the 3rd Platinum Certified Cookiebot Partner in the UK having been an authorised Reseller of Cookiebot since the new General Data Protection Regulation (GDPR) came into place on 24 May 2018.
Transport for London’s desire to extend its relationship with SoBold for a further year, highlights the importance of the work SoBold are doing to manage its bespoke Cookie Consent Management solution across its portfolio of website which have missions of visitors per month. The contract renewal cements SoBold’s position as one of the leading Cookiebot resellers.
For more information on SoBold’s work to date with Transport for London, see their case study.
SoBold Technical Director, Sam Phillips said:
It is great to see Transport for London renew its cookie management contract with SoBold for a fifth successive year. Over the last year we have continued to evolve their bespoke solution adding in full IAB TCF support as well updating the design to reflect TFL’s updated guidelines. We’re looking forward to continuing to support TfL over the next 12 months.