A client of mine bought a “custom CMS” from another company. It was based on WordPress, so I didn’t worry too much about it. I thought that it being based on WordPress would mean I could fix whatever problems might remain when they turned it over to me. Boy was I wrong!
Sure it was based on WordPress, but because it had been outfitted with software intended to help add custom database entries that don’t conform to WP standards, it was stuck frozen in time. I couldn’t update the wordpress core or any of the plugins. Sure, I expected a custom theme that couldn’t be updated, but I was expecting to be able to add new plugins and update old ones. Without that capability, they’ve removed everything that makes WordPress awesome. Everything that makes a WP site last much longer than sites based on other CMS’s. So basically, my client got a great looking, outdated, broken WP site. And since I was told it was WordPress, I didn’t think to tell the client that he should insist on a security plugin and a SEO plugin. Once it was delivered, and launched, I set about to add precisely those plugins, which caused the whole site to crash. I had to remove those plugins immediately and break the news to the client. We couldn’t add those basic plugins, or any others. The site was stuck as it was; based on a year old version of WP.
A year and a half later, we have been lucky with some simple IP blocking to prevent access to the backend. This is the entirety of the security that keeps the site from being hacked. Thankfully, the site is not interactive enough to require users to login or create accounts.
When Google announced their requirement for mobile compatibility, we couldn’t use any simple plugins (Yes, I tried them.), so I had to hand code the CSS files to make the site work and look good on mobile devices.
I also managed to hack a couple of simple plugins to that add some minor functionality improvements. (One for social sharing and another to toggle some content on the home page.) Now I live in fear that Google will come out with new rules or the client will discover some other new gizmo that would be easy to add, if it were a real WordPress site, but require serious hacking on this site. Or worse, the site might get hacked and crash and burn.
I worry that 3-5 years down the road, barring any unforeseen website tragedies, that the client will need a new site and we won’t be able to transfer the data correctly to a new WordPress (or whatever) site.
The worst part was learning how much the client paid for the “Custom CMS” and realizing I could have done better for less than half that price.
The lesson here, is to trust your web guy. If he’s not delivering, Ok, then look elsewhere, but beware of the really high priced “custom” alternatives. In this day and age, if it can’t be updated and if you can’t add new plugins, or modules, or whatever, then eventually you will have to replace the entire site all over again. Unless your business is to push the envelope of the Internet, stick with the tried and true and easily updated. It’ll last a whole lot longer. It’s much easier and cheaper to buy a new theme every few years than to replace your whole site.