Craft vs Wordpress

23 Dec 2019

The first content management system (CMS) I learned to build websites with is Wordpress. I chose this platform because it is the most popular of all the content management systems. About 60 million websites use Wordpress. If you have basic knowledge about html, css, javascript and some php, you can easily start building websites with Wordpress. You can even create a website by just downloading a pre-made theme and installing it.

I was always creating my own custom "themes" for every website because I wanted to control the look and feel of my websites without the struggle of making changes to other people their themes.

Then I discovered Craft CMS and quickly made the change to develop websites with Craft instead of with Wordpress.


One major difference between Craft CMS and Wordpress are the pre-made templates. Craft CMS doesn’t use themes, nor would you want to. While most shops start out with a Wordpress template that they feel most reflects the goals of their business, they all tend to look alike. Craft CMS is a content first approach that should always be designed from the ground up. We still tend to leverage our design units from build to build, but never a website’s personal design.

Wordpress was originally developed as a blogging platform, and it still stands on that same blogging foundation. It was the developer community that built Wordpress into the website goliath that it is today. Most Wordpress websites are licensed themes that are slightly modified or not changed at all. Of those themes, most use the same plugins. On the other end of the spectrum, it can be cost effective if budgets are tight and development resources are null.


Wordpress is an extremely SEO friendly platform. There are plenty of well-reviewed and effective SEO plugins that will easily guide you when it comes to things like filling in metadata correctly and managing your basic SEO requirements.

Whilst Craft also offers a basic but equally effective SEO plugin (one which is actually used by SEO experts MOZ on their own site!) the build flexibility means there’s also a greater opportunity to simplify and streamline your SEO efforts, particularly through things like a metadata auto generator. This is especially useful for larger sites that regularly add new pages.


When it comes to the choice of off-the-shelf templates and plugin options available, Wordpress CMS takes the lead, especially since it has a larger development community. This makes the platform a reasonably flexible option for providing businesses with all the required functionality they need, in order to achieve their basic goals. The downside is that many Wordpress sites end up looking very alike, meaning businesses lose out on the opportunity to stand out from the crowd!

There’s also the issue of quantity over quality. Despite the vast choice of plugins available on Wordpress, a frustratingly high volume of these are actually extremely buggy and unusable, creating a potential minefield of issues.

In comparison, Craft CMS takes a much more content-first approach, with sites built completely bespoke and customised to the business needs rather than using pre-defined templates.

The way in which Craft is built also allows users to have much more flexibility when it comes to adding new elements or rearranging existing elements on a web page - something which is often lacking from the wordpress experience.


One of WordPress’s biggest downfalls is how susceptible it is to security breaches.

For starters, it’s often a target of cyber attacks simply because it is the most popular CMS. If someone wants to infect as many sites as possible with a piece of malware, WordPress is a goldmine.

To make matters worse, many WordPress sites are poorly maintained and are running outdated software and plugins, leaving a door wide open for attackers to gain access.

This type of security threat made international headlines in 2016 when an unprecedented 11.5 million files — about 2.6 terabytes worth of data — was leaked from the Panama-based law firm Mossack Fonseca in what is now referred to as the Panama Papers Breach. In the aftermath of the leak, it was discovered that the Mossack Fonseca website, which used WordPress, was running an outdated version of Revolution Slider (now renamed Slider Revolution).

Mossack Fonseca was the fourth-largest offshore law firm in the world at the time and was likely targeted due to its dealings with some of the most powerful figures in the world — 143 politicians, including 12national leaders, plus their families and close associates.

But Revolution Slider is also the most popular slider plugin on WordPress, with more than 2.3 million users worldwide. That breach could have happened to any one of them.

The Panama Papers Breach may be an extreme example, but it’s far from the only one. In September 2018, thousands of WordPress-based websites were compromised when hackers gained access through outdated plugins. Just a few months later in November, a bug in one of the most popular GDPR plugins WP GDPR Compliance was exploited, allowing hackers to gain almost complete control over vulnerable sites. And in January 2019, the popular WPML (or WP MultiLingual) plugin came under fire after a disgruntled former employee exploited a vulnerability in the product, obtaining users’ contact information and defacing the company website.

And while you might be able to avoid security breaches for a while by installing updates promptly, there’s still a bigger, underlying issue at hand.

Craft takes a proactive approach to preventing security threats to ensure that this doesn’t happen on their platform. The development team routinely checks lines of code and tests for vulnerabilities using third-party automated auditing software.

In fact, since launching in 2012, Craft has experienced only 8 minor security issues, and none on the scale of those listed above. WordPress, on the other hand, has had more than 1,500 documented exploits ranging from minor to very, very major.

That kind of security is invaluable to any industry where you regularly deal with sensitive customer information. According to a 2016 survey, 92% of online customers say they’re concerned about the privacy and security of their data, while 57% of consumers don’t trust brands to use their data responsibly (most don’t even trust brands with a password).

And considering the many privacy scandals that have come to light since that survey — Cambridge Analytica, anyone? — we can’t imagine those numbers are any more favorable now.

However unlikely a breach may be in Craft, it’s still a good idea to be prepared for the worst. To that end, the Craft team designed their CMS to quickly back up your site whenever needed. In the event of a breach, you can easily deploy a backup version of your site on a new server in just minutes.

All of this, plus Craft’s ongoing preventative updates, make it far and above the most secure CMS available at this time.