Is WordPress Becoming an Enterprise CMS Contender?

We put the enterprise CMS qualities of WordPress to the test.

Mark Rodseth
July 6, 2015

Selecting the right content management system is an important decision in any global digital transformation project or major re-platforming. Often, an enterprise-scale content management system is key to success. Here, "enterprise" is defined as a platform's ability to deliver at scale, provide redundancy and support modern software engineering best practices, such as continuous delivery. Enterprise platforms should support the needs of global and local digital marketing teams, such as managing multiple sites, multiple languages and allowing editors to easily create engaging content and experiences for their users. 

As a CMS, WordPress is new to this conversation. However, the platform has evolved from a blogging tool to a more powerful content management system. These developments have gotten people talking about where the CMS stands, and if it can compete with enterprise-scale systems. 

We recently had the opportunity to put WordPress to the test. We chose it for a project building a multi-language microsite platform, and observed how WordPress performed in the key areas of: continuous delivery, development best practice, enterprise marketing needs, scale, redundancy, and security. Here's what we found.

Continuous delivery.

A complete continuous delivery pipeline can provide the ability to push code from development to production with a click of a button, causing no disruption to business continuity, and with the guarantee that the new version of the solution works perfectly and delivers value to the business. 

For the initial technical setup, we were able to put in place the following building blocks for continuous delivery fairly quickly: infrastructure automation using Chef, continuous integration and automated deployment with Jenkins, unit testing with PHPUnit, acceptance testing with Selenium, security testing with OWASP Zed Attack Proxy, and source control using Git

Much of this configuration didn’t directly depend on WordPress. But one area in which WordPress did present some challenges was with managing database changes across environments. WordPress does not support the ability to codify its content types and push changes via a code deployment into an environment’s WordPress database. Database synchronisation was too manual with changes being made via the WordPress interface, exporting the database (schema and content) and re-importing it into each environment. 

Regardless, we managed to create a solid build and deploy pipeline and supporting test framework using WordPress. 

Development best practice.

The most widely adopted, and arguably the best, development pattern for building web applications is the model-view-controller (MVC) pattern. MVC allows for a separation of concerns—data, logic, presentation—a clean and more testable code and a somewhat faster development process, as it is widely understood by the web development community. 

Model View Controller

We used the Themosis framework, which is a MVC framework for WordPress. With a MVC framework and Scout templating engine in place, we were able to build and test the solution much more effectively. There were some installation glitches and a small learning curve getting to grips with Scout, but—once those were ironed out—development workflow was pretty streamlined. 

In our workflow, once the IA was defined and we knew what templates and modules needed to be created, the back-end team created all the views, partial views and controllers for the front-end devs to work on. This allowed front-end developers to work on views while back-end developers could build the content schema, create view models and wire up the controllers. The views, developed on a separate branch, could then easily be merged into the development branch via a pull request. There was a lot of collaboration and tweaking along the way with UX and Design, but the project didn't suffer the pains of handing off stand-alone HTML templates to the back-end integration team. 

Enterprise marketing needs.

The site we built required best-in-class SEO and analytics, multilingual support and editor flexibility to create engaging pages in a modular fashion. To meet these requirements, we had to delve into the almost limitless world of WordPress plugins. Our approach was to use common plugins and pay a small licensing fee for them where necessary. 

For multilingual support we used the WordPress Multilingual plugin. For SEO, social and analytics we used the Yoast SEO plugin, the Yoast Social plugin and the Yoast Google Analytics plugin

To allow for a more modular implementation of content blocks that editors can use to build up the site, we opted for the Advanced Custom Fields plugin. 

The combination of these plugins allowed the solution to deliver on most of the marketing requirements. This, coupled with WordPress’ intuitive interface, made for a great editor experience. 

Though we didn’t deal with this directly, a lack of in-page editing tools and multi-site management showed that WordPress still has room to grow. 

Scale.

To ensure that the solution could deliver at scale, we relied on load balancing a pair of web servers, server side caching and a content delivery network (CDN). 

We used the W3 Total Cache Plugin, which allowed for easy configuration of server caching and cache headers used by the CDN. 

Redundancy.

Our project didn’t require a fully redundant solution, but if this were a requirement we would have explored architectures such as having a master editing server replicating content (one-way sync) out to slave nodes—all connected to a fault-tolerant MySQL cluster. We could have also explored replication and geo-redundancy services offered by public cloud providers. 

Security.

The security of WordPress is often called into question. According to online security reports, WordPress is among the most successfully hacked CMS platforms in the market. To address this, we used OWASP ZAP to perform automated penetration testing, and ran the site through a third party penetration testing company. Penetration testing will also be mandatory with any new major release. 

Assessing Risk

The takeaway.

WordPress’ reputation as a platform glued together with sticky tack has some truth to it, but with the right combination of extensions it can deliver on a lot of enterprise needs. Go too far with plugins, however, and you can end up with a fragile, insecure and brittle web site.

WordPress still isn't mature in many areas, including personalization, multi-site support, workflow, editor tools, digital asset management, content tree support, content staging and publishing architectures. 

Some of these areas—such as personalization and editor extensions—do have plugin options, and WordPress can integrate with third-party tools. 

The other areas of weakness, however, continue to stand in the way of WordPress being classed as a true enterprise-class platform. 

In cases where the solution does not depend on these requirements, WordPress—along with the curation of best-in-class extensions and engineering best practice—can deliver a platform that ticks many enterprise boxes. 

Since WordPress continues to support more enterprise use cases we wouldn't be surprised to see this scrappy contender in future Gartner and Forrester reports.