Opinion: Why WordPress Should Never Be Used As Membership Management System
This might sound strange coming from me, considering that I make my online living taking full advantage of the capabilities offered by WordPress and yet, here is my statement:
You Should NEVER Use WordPress For Membership Management!
On last webinar for Expert WordPress members I have shared this opinion and received quite a feedback, which is greatly appreciated. I know that my statement goes against what many other people are currently teaching but I have very good reasons!
Reasons I will share in this blog post and let you decide if my opinion makes sense or not, it is YOUR ONLINE BUSINESS after all!
First allow me to repeat the obvious…
I love WordPress and I think as Content Management System it simply has no equals when it comes to functionality, simplicity, extendability and customization options!
WordPress, thanks to its modular design and huge support by community, developers and designers has a solution that can be applied to pretty much any kind of need to present content!
WordPress is constantly developing and enhanced in functionality, new plugins to extend its ability are introduced, mostly free and some are with a price tag and this is one of the reasons I will recommend to anyone reading this post
Do Not Use WordPress For Paid Memberships
Anytime we use paid membership, we build business. Business that we rely on to provide us with a steady flow of income we can depend on and build upon. But as part of running a membership business model we commit to our customers to provide them with secure access to our site and to ensure their private information stored within our membership system doesn’t get into hands of hackers!
We Are Obligated To Do All In Our Power To Protect Our Customers!
And here is why I think WordPress is a bad fit for this model…
Membership Management functionality currently provided to WordPress via several plugins. Some are commercial and some are free but it doesn’t matter which one you will choose to use as they all share one big flaw – their dependency on the core of WordPress!
- By themselves they will not function and same goes the WordPress core – without one of these plugins you can’t have paid membership! This is fact #1!
- WordPress is constantly evolving and new versions are released that sometimes make plugins incompatible with latest version and you either have to wait upgrading to latest WordPress core version until plugin is updated to be fully operational with it or you have to look for new plugin to replace functionality, especially true with free plugins. This is fact #2.
- WordPress is Open Source and its code is constantly under scrutiny not only by the good guys but also by people who are looking for a way to compromise your site. If you have been blogging for a while I’m sure you have seen those WordPress security releases that simply HAVE TO BE doneASAP in order to avoid being hacked, as exploit is in the wild and actively used by bad guys. This is fact #3
Now imagine this scenario:
You have a WordPress blog used to manage membership system. You have several hundred customers paying on monthly bases (or whatever schedule you use). As any WordPress blog you have several plugins to add functionality for SEO at the very least and obviously at least one plugin that is responsible for turning your blog into membership system.
Now imagine that WordPress core team just released a security upgrade that have to be applied ASAP or your blog can be compromised and hacker can take control over every aspect of it, including FULL ACCESS to your customers information.
You quickly contact support of the developer who created the plugin you use for Membership Management before jumping into upgrade, as you have to ensure that it will continue to work with new version only to learn that he is taking romantic vacation on secluded island somewhere in Fiji and will not be back for next couple weeks…
What Do You Do?
Do you upgrade the WordPress core, as you should, to protect your blog and your customer data and risk that your membership management portion stops working and no support for it will be available for a while?
Or do you continue using insecure version of the blog praying that it doesn’t become a target for attack until plugin is compatible with it, as you simply can’t afford loosing income?
What if you actually did what you should and have upgraded and your membership plugin is now broken, your customer support swamped with complains from customers and you know that you will not be able to fix the problem for next 2 weeks, while developer enjoying the vacation?
Which scenario fits you better?
I know those are some extreme scenarios but not uncommon! I know there are always solution to any problem and you can actually outsource fixing the plugin in scenario above but I personally prefer that my membership script is separate and with dedicated support!
If you are planning to start membership site I highly recommend you avoid doing it with WordPress! There are plenty of scripts that will provide you with all the functionality you need – securely and safely!
I personally use and recommend either Launch Formula Marketing or Easy Member Pro. Each one is great at what it does and comes at different price points. EMP is actually one that would be great fit for many!
More Options Print This Page! Subscribe With RSS Reader Subscribe by EmailFiled under Internet Marketing, WordPress | Related posts: |
42 Responses to “Opinion: Why WordPress Should Never Be Used As Membership Management System”
Trackbacks/Pingbacks
[...] after you’ve read Alex’s argument for why you should not use WordPress for your membership site, read my (well-rounded, well-educated [...]
Hi Alex,
Thank you for bringing to our attention about the flaws of using WordPress for Paid Membership sites.
Sometimes it’s the most obvious questions to ask ourselves before taking action that we miss. Just downloaded the webinar from EWP & look forward to, I’m sure as usual, detailed content.
Would you still not recommend using WordPress as a membership site if… it was only a one off payment or a closed section for member only benefits? You can make the pages secure with a password for members to gain access. It’s possible this answer is already in the webinar I’m yet to listen to…
Gaida´s last blog ..15 Minutes Improves Your Self Confidence
Well, it really is up to you. I just wanted to outline the huge minus I see to this approach but you make the decision as it affects your business. Just think worst possible scenario and if you can live with it or not…
Hi Alex,
Firstly. Great to see you back! I was wondering when you were coming back on line was popping past regularly.
Secondly! Thank you so much for sharing this information. I really do value your knowledge on wordpress. It was your information that encouraged me to secure my blog and thank you as it was only a couple of weeks later, someone did attempt to hack it a couple of times!!
Thirdly! I will be looking at learning about membership development later on in the year (I just want to learn some more things first
) so I will keep these programs in mind.
Hope all is going well.
Kind Regards
Jacinta
Jacinta Dean´s last blog ..My Master Class Training Bonuses
Thanks Jacinta,
Look up “micro continuity” membership site model. It might help you with your future goals.
But wordpress has made thing so easy. Gone are the days when you had to have a computer programmer setup your membership site. You may be correct in your views but wordpress is definitely growing as content management platform.
I agree on using WordPress as CMS – please read my post! This is about WordPress as membership management.
I have to agree from the depths of my heart. I’ve used Joomla, Drupal, and WordPress for my content management needs and enjoyed all of them. At the moment, though, I much prefer WordPress for its ease of use, easily manageable content, and extendability.
In addition, I agree with your comments about the inherent vulnerabilities of a WordPress site when used to handle sensitive information, be it members real names, credit card information, or anything else of a personal matter.
In addition, handling that kind of information in an improper manner (ie. not properly secured) can and usually means that you are violating one or more laws regarding the storage of personal information online.
If you want, I can look up the relevant laws to storing payment information and how it has to be done specifically, just email me if you’d like me to do that to reference them here.
Timely Alex, thanks. Why do you use both, is one better then the other for certain things?
Perhaps a comparison/review post?
Dennis Edell´s last blog ..The Time Has Come. The Deal Is Done. It’s Time To Move!!
Dennis,
It just so happened
LFM I use is being custom modified to do what we need. EMP new version was just released in December and we are using it in our new project because it does what we need and gives us flexibility we need to custom code additions without the need to worry about core modifications. Mainly EMP has full ClickBank subscription support with all features – LFM has only basic CB support, at least version 2 that we choose to use.
I’m wondering which to purchase since I really only want one if possible; not sure if that helps me though. lol
Having never used CB, I don’t know the difference between full and basic..
Dennis Edell´s last blog ..The Time Has Come. The Deal Is Done. It’s Time To Move!!
All very good points, Alex, and as one with numerous blogs to update I can attest to the ever-evolving WP as a CMS that needs to constantly be updated to avoid hackers – and even then, the updates only work if WP releases it BEFORE they break into your sites!
Even for free membership sites, the worry isn’t that someone will access your content – it’s that they’ll access your members’ info, including their e-mail addresses, and start spamming them. And if your membership plugin includes any way to contact members, count on them using that to send their messages!
Thanks again for always looking out for us, Alex – it IS appreciated!
Doug Champigny´s last blog ..7 Powerful Ways To Build Targeted Traffic And Build Opt-In Lists For Internet Marketing
Thanks Doug!
Glad to see that you agree with my point. And yes, members info should be one thing we all consider and avoid going for simplicity over security. I guess for me security is such a big issue – I’m willing to overlook functionality if I feel it could lead to privacy of the people who trusted me could be compromised.
I really appreciate your comments. Howtospoter seems to be human as well as informed.
Whether we use WordPress or something else, I didn’t think it was possible to make money online, AFTER building a community or during the process, and I was always fascinated when someone was trying to build one because I just hadn’t seen anyone make any money AFTER implementing suggestions of that kind.
However, that changed this year, not for me, but for my sis. She got a position as an online recruiter for Linda Christas College, an online college/academy. It’s an especially good opportunity because for each enrolled student, the affiliate (They don’t call them affiliates. My sis is a recruiter) receives approximately a $500 stipend. For each student who returns the following year for a full curriculum, the recruiter receives $1,000. It’s a great program, and is replacing a lot of the advertising and recruiting budgets of traditional colleges. And, as online degrees become more accepted than traditional beer and football degrees (that’s happening already with employers, since online degree holders are maturer and proven self starters), online colleges can only increase in terms of enrollments, and therefore the college recruiting end of things will improve also. It’s one of those things whereby today online recruiters are hard to find. In five years, people will be begging for the positions, and those who have already proven themselves to be reliable (like my sister), will have secured the jobs.
My sister made just over $61,000 this year working totally online as a recruiter for Linda Christas, so if I were anyone needing or wanting an online job, I would check into that. As it is, I am married to a computer genius, so I spend my day doing other things. The trick is to find a guy like this that you can actually love. Good luck with that. I found a rare fellow who knows computers, but also knows how to share a bottle of wine at dusk in a mountain cabin.
All she did to get the job with Linda Christas was contact them. They provided the training free of charge.
So, what Sherry did, I suppose can be duplicated. That is, she listened and followed the advice here and then uses the blog to recruit students for LC.
She can stay at home and actually make more money blogging than if she were making $100,000 at an office with all the expense that entails, not to mention being away from her children during that time.
Beth
ToysPeriod is a leading online shop specializing in lego sets and model railroad equipment.
Beth Charette´s last blog ..New Article: An Environmentally Aware Toy Business: One Customer’s Take
Beth,
Thanks for sharing this great story! It is incredible how seeing results boost our confidence and that is exactly why the very first blogging product I had (now discontinued) made one simple promise – you make your first dollar online in 30 days or less, guaranteed.
I think seeing what is possible is the most important part to push people to success followed by consistent action.
Thanks again for taking the time to write such a long and thought through comment!
Alex,
That was very good information and made me think. Thank you for your insight to using a wp as a membership. You are totally correct u should use something else for a membership.
Keep it coming my friend
Thanks William!
I have to agree with some of what you say but in my opinion the choice of host for your WordPress sites is one of the most careful decisions that you have to make.
I have approximately 80 blogs, mainly niche information sites, all based on WordPress.
Over the past three years I have had a total of 7 successful hack attempts over all of these blogs.
ALL of the affected sites were on one server which was supplied by a well known marketer who promoted the service as ‘dedicated to providing superb service’
The attacks actually came through other users on the server that had blatantly uploaded hack scripts, apparently with no checking by the server techs!
All of these WP installations had been kept completely up to date, with very strong security, but as the attack came in from within as it were it was easy to do.
Even after I pointed out their poor security they did little to correct things, it was so bad that two of the sites were hacked twice within a month!
The rest of my blogs are hosted with two leading companies who I have been with for years.
One of these blogs had an attempted hijack and within minutes the server techs had caught it, removed it, and made sure my blog installation was cleaned. They even phoned me to let me know what they had done and was there anything else they could help me with!
Over the past years some of the blogs on these sites haven’t been updated once, are still running early versions of WP, and have pretty poor security, yet have never been compromised.
So my advice, get GOOD hosting, it goes a long way towards keeping you secure….
Phil
It would be nice if you would reveal the host in question, both good and bad. It would help a lot of people make better informed choices.
June´s last blog ..Google Pays Affiliate Internet Marketers | Guaranteed Payment
Hey Alex,
Great stuff as always.
I do a lot of set up with blogs, having to maintain some of them. I have been fortunate to be able to work with the membership plugin developers to keep things up to date. Thankfully, they are very responsive and have excellent support and service.
Bottom line is to do your due diligence, like you said. WP membership sites can work, but you need to know what you are getting into before you start. If it can happen, then it will.
Also, I just got back into blogging at the beginning of the year, so expect to see me around more often. Love what you do.
Thanks,
John
Thanks Phil and John. You brought some good additional points to consider!
what do you think about this one Alex?
http://www.digitalaccesspass.com/features.php
Mtn Jim Fisher´s last blog ..Into Thin Air
Honestly, I have no clue. Never used it and not planning to. Sorry, please see my reasons in post.
Jim,
I think I misspoke on DAP and after taking a second look and communicating with Ravi, it appears this script might work quite nicely. I obviously haven’t used it and can’t speak much on it but description sounds promising
Alex
thanks Alex. you obviously can’t know about EVERYTHING that’s out there! LOL
Mtn Jim
Mtn Jim Fisher´s last blog ..Into Thin Air
Hi Alex,
Nice post with very good rationalizations. I agree that WordPress as a membership platform may not be the best way to go.
I’ve yet to start another membership site (I closed my traffic site a while ago) but I’m thinking that since I own the RAP system, I’ll probably go with that, as they now have a membership add-on available.
But I will use a WordPress blog to drive traffic to my new membership site! You just can’t beat a blog for getting great results from the search engines!
Thanks for another great post.
-Mark
Mark Krusch´s last blog ..Basic Freshwater Fishing Tackle: Basic Knot Tying
RAP is great script if you can stay in tune with very frequent upgrades
Thanks for including the suggestions for solutions to try besides WordPress based membership programs. As I was reading the article I was worried you might not include it.
But don’t you think as long as you keep WordPress up to date you should be fine?
Chris Guthrie´s last blog ..Top 7 tips I used to make $41,438.42 in 2009 with Amazon Associates
Alex,
Great post.
I actually tried to comment earlier, but got blocked (I suspected it was some filter, and you have confirmed it).
I responded with a rather long comment, and that could also be why my comment got blocked.
Anyway, here’s the link to my comment about your post, one that is slightly contradictory to yours
…
http://ravisrants.com/2010/01/.....ship-site/
And thanks for commenting at my blog. You’re a good sport
- Ravi Jayagopal
Founder & Developer, DigitalAccessPass.com
Ravi,
Thanks. I replied to your post and you made some great points but overall – your product still falls in exact category I recommended here – separate script. You just created a tie with WP from what I understood of it
Nicely done.
Hi Alex,
Interesting post. What are your thoughts on a separate membership software, like Amember, that integrates with WordPress via a module?
Bina´s last blog ..Add Interactivity to your Website with the New Meebo Bar
Alex
Having been on the brink of purchasing WishList I am most grateful for you most candid opinion and optional recommendations.
Many Thanks
Lorrette
Lorrette@DailyScrew-Ups´s last blog ..Cliche’ Wedding Traditions
Lorrette,
Please bve advised – my opinion is just that – OPINION. Please use your discretion when making decision
This is very useful Alex…:) I am almost tempted to try membership program in my blog.:) But at least I know where to go now.:) Thank you very much.
Vince´s last blog ..How Are We Going To Be Resurrected
This has been an invaluable and timely discussion for me. Thanks to all of you, especially Alex(?) and Ravi. I currently use SubHub, and I love them, but want to create some smaller WP membersites for small programs. (micro or mini-sites) I was concerned about WP as a membership site and this has helped solve many of my problems. I look forward to reading Ravi’s site and exploring both for more useful info. Thanks again!
Some excellent points made and definitely food for thought when contemplating the setup of a membership site. I cringe with every WP update, because while I know they are necessary, I don’t want to spend the time having to recover if a plugin doesn’t handle the upgrade well. Phil makes an excellent point as well. It all starts with a good foundation, which in this case is a good hosting company.
Sherry´s last blog ..Setting Up Google Apps For Your Domain
I love WordPress and remain faithful to the platform that started it all for me. The one thing that drives me nuts about WP is exactly what you said; the constant updates. With everything else we Internet marketers have to do to keep our business running smoothly, those of us who use WP have to work that much harder just to stay current and on top of things.
Justin´s last blog ..Printable Subway Coupons To Save You Money
Wow, what a great discussion. I feel that the WP forum format is lacking, and I have been involved with MMP usage as group blogging, but am not sure about the membership site. I am not at that level yet, but I appreciate everyone sharing what works and does not work for them.
Rocque´s last blog ..Business Outlook 2010
I think reason #2 sums it up for me. I am an ex-Drupal guy who made the move to WordPress. The biggest issue I have ad are the updates within WordPress that throws off core functionality. Even though the updates are a benefit to overall functionality, I have personally witnessed (and lost customers) to people going to my website and seeing a degradation in performance/appearance.
I agree, and I think that’s also valid when you’re dealing with credit card payments. If there are WP plugins out there that process credit card payments, I would think twice before using them, because I know the sensitivity of the data is very important. It all comes down to the fact that people need to realize that open source software can be very good and still free, but it never, ever comes with any warranty and if something goes wrong, you have no one else to blame but yourself.
The upgrade to get secure versus broken functionality is always a difficult problem. Upgrading WP is always a little bit scary.
To minimise the risk I always have a local version of my sites running that is identical to the live ones. That way I can do the upgrades to WP core and all plugins and check that everything still works. If something doesn’t then I can contact someone to hopefully get it sorted.
That still leaves me with a potential security problem if I don’t upgrade straight away. To be honest, you are going to have security issues with any website, regardless of whether it’s open or closed source.
If you ran a bespoke closed source application that you bought from a smaller company then you still have problems: They might not respond to security issues, they might not tell you about existing ones, you might not notice the problems until it’s too late.
At least with the WP model errors and security issues are flagged up quickly and fixed quickly. For me, this is better than relying on a closed-source product.
Unless you have your own development team working on your website then you are always going to have potential security problems that may have to wait some time for a fix.
I love WordPress and use it all the time. Its hard to keep up with all the updates though. Its time well spent for a good quality product for the people who we serve though. I will keep using till something better comes out.