WordPress is a free and open-source CMS based on PHP and MySQL. It was released in 2003 and was originally developed as a blogging platform, not a CMS. It’s now one of the most popular CMS platforms, with around 27% of the entire internet being powered by it. It is often considered one of the easiest to use CMS platforms with vast amounts of tutorials and documentation available online.
Craft CMS brags that it is a “content-first CMS that aims to make life enjoyable for developers and content managers alike”. It’s entire codebase is viewable on Github and is built on the high performance PHP framework Yii. Craft’s strength lies in its ability to display and relate almost any kind of content you can throw at it, its platform is incredibly versatile and perfect for developing a unique system that is completely tailored to each individual client’s needs.
Although not as popular as WordPress, Craft has seen a huge rise in popularity over the past year and in our opinion stacks up very well against the industry leaders.
Website security is a vital consideration for any reputable business’s online presence and is something that is often overlooked. CMS platforms rely on being constantly updated, often leaving them prone to security flaws.
WordPress still currently supports PHP 5.2.4+ which has officially reached End Of Life status, sites built on this kind of legacy environment will be exposed to a broad range of security vulnerabilities. This combined with its heavy reliance on plugins, means it is often a target for hackers through inherent vulnerabilities in out-of-date codebase. The combination of need for plugins (to expand WordPress's core functionality) and a community largely made up of hobbyists and do-it-yourself website owners mean plugins need regularly updating due to out-of-date or poor code.
Core WordPress updates are released on average once a month and are always free. If you’re using plugins they will need regularly, individually updating, this can become cumbersome but regular maintenance is necessary due to the aforementioned security issues.
Sucuri released a hacked website report for the first 2 quarters of 2016 which showed that out of 9,771 infected websites, WordPress was the platform of choice for 74% of them, highlighting just how targeted and insecure WordPress is as a platform.
WordPress continues to lead the infected websites we worked on (at 74%)
Craft is built on the fast, secure and professional PHP framework Yii. Yii embraces the best practises and protocols commonly found in modern web application development meaning you’ll be much more secure and your web developer will love you.
All version updates are included in your license fee and are released regularly. Updates for the core product and plugins alike are installed by the click of a single button.
This is the part where I’d put the percentage of infected Craft driven websites from the Sucuri report above, unfortunately, there weren’t any… :)
A content model is essentially an easy way to document all the different types of content you will have for your project and the criteria associated with them. If you’re looking into a CMS, you’re likely going to be handling a multitude of different content, scoping this out will help figure out your CMS needs and likely help an agency give you a more accurate quote for your website.
WordPress has quite a confusing core model which consists of 2 content types by default, posts and pages. These content types are, in turn, limited to just 2 fields, title and content. Manipulation of this core model is required to add any other types of content, such as products, events or reviews. This makes it quite hacky when creating mid to large scale websites with a variety of content types.
Craft has absolutely no assumed core model out-of-the box. Developers are free to create a bespoke content model based exactly on client needs without the use of third party plugins or manipulation of core files.
Ease of Use & Features
If you’re looking into a CMS you’re likely planning on either editing your website yourself or handing it to a webmaster / content team to manage, with this in mind, ease of use is quite an important factor to consider.
WordPress at its core is straight-forward to pick up and has a very simple WYSIWIG based editor for page editing. At its simplest form this is quite neat and intuitive but can become very frustrating and cluttered in more complex builds.
Craft’s backend, much like WordPress, is fully customisable by the developer, meaning it can be as easy as is necessary. The big difference is that this customisability is available to a developer out of the box without the need for third party plugins, meaning the end-user experience is clean, intuitive, and built purposefully for the specific user.
Craft also introduces a bunch of super useful features like live preview of your content, a fully responsive backend, built in localisation, one-click updating and much more which Tom explains further in his post: Why we love Craft.
With Content Management Systems being so regularly updated, it’s hard for developers to stay permanently on top of everything, meaning sometimes you’ll likely have to go directly to the core platform developers. Luckily both platforms have some solutions in place to help.
For clients and admins, WordPress has an easy to use online support hub, unfortunately, although WordPress is free to use, for any live support it’s going to set you back $1,250 a month. For developers, WordPress has a pretty vast documentation codex available online - it also has seemingly infinite tutorials and third party documentation freely available online.
A Craft Pro license will cost you $299 (one-off fee), which also includes free, fast response support which is delivered directly by Pixel & Tonic, the full-time developers of the product itself. It’s also backed up by a very active community of over 3000 accounts on Slack and StackOverflow.
If you're looking for a modern, easy-to-use and secure CMS, steer well clear of WordPress. Can I have a demo of Craft? to see what all the fuss is about.