Being Enterprise Grade: Say Goodbye To WordPress Alumni Themesby Community Admin in Corporate Alumni | Last Edited: 22nd March 2019
Our opinion to customers who need to deliver an enterprise grade solution to their users and their organization, is to consider a SaaS solution where the code, integrations and process are owned and operated by the vendor who carry the burden of compliance and can represent to you exactly how your data is handled, managed, stored and accessed.
Over the past few years, we have started moving customers who at one time, limited by choice, selected a website vendor for their Alumni platform who use WordPress or built a homegrown WordPress site to manage their community.
WordPress is a brilliant choice for bloggers or organizations needing a simple site with simple features, leveraging the host of impressive one click plugins. It is also a great choice for large organizations such as CNN, who have vast teams and engineering capacity to support it. Our corporate website runs on WordPress for example because it’s the right technology for the role!
The appeal is clear. With WordPress anyone can dream up an idea, search the plugins center and magically bring to life almost any vision. And as a customer, the speed of which ideas and changes can be brought to life make it quite appealing. For many organizations at the start of their Alumni journey, WordPress also meets all basic requirements of a version one, such as building a basic website where people can join and exchange some content, see events and access an address book.
WordPress is known as a ‘beginners playground’ because of how easy it is it to create a site with amazing features which is why so often under skilled teams build their applications on top of it, not only because it’s free, open source and has a wealth of tutorials but also because it seems so simple to move from “idea” to “live”….. But there is a dark side. It is also classed as the most attacked CMS (Content Management System) on the market, and without a large scale team managing the infrastructure, no company can afford to place Alumni, employee or any other protected data on a WordPress site. Public blogs = perfect – Employee data = not so much.
Despite a massive community deploying regular security patches, for the enterprise to take advantage of WordPress it requires a considerable team of experts, and without it, it is unfortunately not enterprise grade as it does not have the code and life-cycle controls required of a modern vendor.
Organizations cannot look to or rely on vendors who in turn rely on WordPress for one simple reason. WordPress at its core may be secure – but the majority of the sites that have been hacked or compromised are as a result of the vulnerabilities of WordPress plugins.
Think of it like the apps on your iPhone, do you know who made all of them, what access they have into your iPhone data, what type of support they offer in the event of a problem or their up time and escalation scenarios? How do they manage your data, your system data and how do they manage GDPR compliance? That’s basically the WordPress issue, it is the wild west of apps that don’t go through even the basic scrutiny that your iPhone apps do and therefore you really have no idea of the access these app have to your data and the potential impact of a breach.
Enterprise Grade is about owning and developing the entire application that can be audited, scanned and meet both GDPR compliance and ISO 27001 compliance.
Many customers who started their alumni journey on WordPress are now looking to dedicated SaaS vendors who provide enterprise grade platforms. As their Alumni community expands and matures and the functionality they require outgrows customers who built their Alumni platform on a vendor relying on WordPress, our customers reach a major inflection point.
Our opinion to customers who are recognizing the need to deliver an enterprise grade solution to their Alumni and their organization, is to consider a SaaS solution where the code, integrations and process are owned and operated by the vendor who carry the burden of compliance and can represent to you exactly how your data is handled, managed, stored and accessed.