Opinion: Why WordPress Should Never Be Used As Membership Management System
This might sound strange coming from me, considering that I make my online living taking full advantage of the capabilities offered by WordPress and yet, here is my statement:
You Should NEVER Use WordPress For Membership Management!
On last webinar for Expert WordPress members I have shared this opinion and received quite a feedback, which is greatly appreciated. I know that my statement goes against what many other people are currently teaching but I have very good reasons!
Reasons I will share in this blog post and let you decide if my opinion makes sense or not, it is YOUR ONLINE BUSINESS after all!
First allow me to repeat the obvious…
I love WordPress and I think as Content Management System it simply has no equals when it comes to functionality, simplicity, extendability and customization options!
WordPress, thanks to its modular design and huge support by community, developers and designers has a solution that can be applied to pretty much any kind of need to present content!
WordPress is constantly developing and enhanced in functionality, new plugins to extend its ability are introduced, mostly free and some are with a price tag and this is one of the reasons I will recommend to anyone reading this post
Do Not Use WordPress For Paid Memberships
Anytime we use paid membership, we build business. Business that we rely on to provide us with a steady flow of income we can depend on and build upon. But as part of running a membership business model we commit to our customers to provide them with secure access to our site and to ensure their private information stored within our membership system doesn’t get into hands of hackers!
We Are Obligated To Do All In Our Power To Protect Our Customers!
And here is why I think WordPress is a bad fit for this model…
Membership Management functionality currently provided to WordPress via several plugins. Some are commercial and some are free but it doesn’t matter which one you will choose to use as they all share one big flaw – their dependency on the core of WordPress!
- By themselves they will not function and same goes the WordPress core – without one of these plugins you can’t have paid membership! This is fact #1!
- WordPress is constantly evolving and new versions are released that sometimes make plugins incompatible with latest version and you either have to wait upgrading to latest WordPress core version until plugin is updated to be fully operational with it or you have to look for new plugin to replace functionality, especially true with free plugins. This is fact #2.
- WordPress is Open Source and its code is constantly under scrutiny not only by the good guys but also by people who are looking for a way to compromise your site. If you have been blogging for a while I’m sure you have seen those WordPress security releases that simply HAVE TO BE done ASAP in order to avoid being hacked, as exploit is in the wild and actively used by bad guys. This is fact #3
Now imagine this scenario:
You have a WordPress blog used to manage membership system. You have several hundred customers paying on monthly bases (or whatever schedule you use). As any WordPress blog you have several plugins to add functionality for SEO at the very least and obviously at least one plugin that is responsible for turning your blog into membership system.
Now imagine that WordPress core team just released a security upgrade that have to be applied ASAP or your blog can be compromised and hacker can take control over every aspect of it, including FULL ACCESS to your customers information.
You quickly contact support of the developer who created the plugin you use for Membership Management before jumping into upgrade, as you have to ensure that it will continue to work with new version only to learn that he is taking romantic vacation on secluded island somewhere in Fiji and will not be back for next couple weeks…
What Do You Do?
Do you upgrade the WordPress core, as you should, to protect your blog and your customer data and risk that your membership management portion stops working and no support for it will be available for a while?
Or do you continue using insecure version of the blog praying that it doesn’t become a target for attack until plugin is compatible with it, as you simply can’t afford loosing income?
What if you actually did what you should and have upgraded and your membership plugin is now broken, your customer support swamped with complains from customers and you know that you will not be able to fix the problem for next 2 weeks, while developer enjoying the vacation?
Which scenario fits you better?
I know those are some extreme scenarios but not uncommon! I know there are always solution to any problem and you can actually outsource fixing the plugin in scenario above but I personally prefer that my membership script is separate and with dedicated support!
If you are planning to start membership site I highly recommend you avoid doing it with WordPress! There are plenty of scripts that will provide you with all the functionality you need – securely and safely!
I personally recommend Easy Member Pro. It’s extremely easy to use and full of powerful features. The price is just $197 for unlimited licenses, but if you click the banner below you can get it for $157 – a steal with 20% Off!
More Options Print This Page! Subscribe With RSS Reader Subscribe by EmailFiled under Internet Marketing, WordPress |
Related posts: |
About The Blog Author
Alex Sysoef is an IT Consultant, Internet Marketer and ProBlogger who shares his passion and knowledge of WordPress, SEO, Social Media and traffic strategies on his blog WordPress Howto Spotter. Connect on Twitter or Facebook
Alex
Having been on the brink of purchasing WishList I am most grateful for you most candid opinion and optional recommendations.
Many Thanks
Lorrette
.-= Lorrette@DailyScrew-Ups´s last blog ..Cliche’ Wedding Traditions =-.
Lorrette,
Please bve advised – my opinion is just that – OPINION. Please use your discretion when making decision
Twitter: volaer
says:
This is very useful Alex…:) I am almost tempted to try membership program in my blog.:) But at least I know where to go now.:) Thank you very much.
.-= Vince´s last blog ..How Are We Going To Be Resurrected =-.
This has been an invaluable and timely discussion for me. Thanks to all of you, especially Alex(?) and Ravi. I currently use SubHub, and I love them, but want to create some smaller WP membersites for small programs. (micro or mini-sites) I was concerned about WP as a membership site and this has helped solve many of my problems. I look forward to reading Ravi’s site and exploring both for more useful info. Thanks again!
Some excellent points made and definitely food for thought when contemplating the setup of a membership site. I cringe with every WP update, because while I know they are necessary, I don’t want to spend the time having to recover if a plugin doesn’t handle the upgrade well. Phil makes an excellent point as well. It all starts with a good foundation, which in this case is a good hosting company.
.-= Sherry´s last blog ..Setting Up Google Apps For Your Domain =-.
I love WordPress and remain faithful to the platform that started it all for me. The one thing that drives me nuts about WP is exactly what you said; the constant updates. With everything else we Internet marketers have to do to keep our business running smoothly, those of us who use WP have to work that much harder just to stay current and on top of things.
.-= Justin´s last blog ..Printable Subway Coupons To Save You Money =-.
Wow, what a great discussion. I feel that the WP forum format is lacking, and I have been involved with MMP usage as group blogging, but am not sure about the membership site. I am not at that level yet, but I appreciate everyone sharing what works and does not work for them.
.-= Rocque´s last blog ..Business Outlook 2010 =-.
I think reason #2 sums it up for me. I am an ex-Drupal guy who made the move to WordPress. The biggest issue I have ad are the updates within WordPress that throws off core functionality. Even though the updates are a benefit to overall functionality, I have personally witnessed (and lost customers) to people going to my website and seeing a degradation in performance/appearance.
I agree, and I think that’s also valid when you’re dealing with credit card payments. If there are WP plugins out there that process credit card payments, I would think twice before using them, because I know the sensitivity of the data is very important. It all comes down to the fact that people need to realize that open source software can be very good and still free, but it never, ever comes with any warranty and if something goes wrong, you have no one else to blame but yourself.
The upgrade to get secure versus broken functionality is always a difficult problem. Upgrading WP is always a little bit scary.
To minimise the risk I always have a local version of my sites running that is identical to the live ones. That way I can do the upgrades to WP core and all plugins and check that everything still works. If something doesn’t then I can contact someone to hopefully get it sorted.
That still leaves me with a potential security problem if I don’t upgrade straight away. To be honest, you are going to have security issues with any website, regardless of whether it’s open or closed source.
If you ran a bespoke closed source application that you bought from a smaller company then you still have problems: They might not respond to security issues, they might not tell you about existing ones, you might not notice the problems until it’s too late.
At least with the WP model errors and security issues are flagged up quickly and fixed quickly. For me, this is better than relying on a closed-source product.
Unless you have your own development team working on your website then you are always going to have potential security problems that may have to wait some time for a fix.
I love WordPress and use it all the time. Its hard to keep up with all the updates though. Its time well spent for a good quality product for the people who we serve though. I will keep using till something better comes out.
A while back I was approached by a client about creating a membership-type website using wordpress. I told him I didn’t know how but that I would research it. I ended up explaining to him that I didn’t know how. I’m glad you pointed out the cons for this topic. Now if I’m ever asked, I can plain and simply tell the client “NO”, so I don’t have to deal with those hassles. Thanks for this informative article.
Shennan,
There are exceptions!
1. Is an excellent script mentioned here: “DAP” – it works besides WP and doesn’t depend on its code- superb plugin as I have discovered myself
2. You are a technical person who can handle the complexity
3. You have someone on your team to deal with technical complexity
If any of the exceptions above fit your profile – WordPress can be used as membership site quite successfully. Although for a pure membership site I still think separate script might be simpler choice. I guess it depends on your needs.
Great post and I want to go off topic a bit so I understand if you will delete this comment. Like many readers I get a LOT of span and your comment plugin is exactly what I need; Some way of stating “Comment guidelines: No keywords in name, comments must contribute to the discussion, no links to inappropriate or offensive sites. ALL SPAM DELETED!”. Could you please point me in the right direction? Trying to find out what plugin to use/ how to do this. I’m sure other readers would appreciate the info too, it’s not easy to find the answer on Google.
Bryan,
First of all, I almost deleted your comment as it got int spam folder automatically. To answer your question – I use manual text insertion into theme file, I have described it in this post: http://www.howtospoter.com/web-20/wordpress/create-clear-comment-policy-to-avoid-spam
Thanks for this info, everyone’s told me to use wordpress for everything, and we’re even switching over to wordpress from our current cms at work. Nice to know that it is good tool and not a magical online heal-all.
I respectfully disagree with your assessment against WordPress as a Membership Management System because I've been offering customized themes and customized plugins to associations for a few years now and there has never been a hacking incident. My clients typically use PayPal as their shopping cart and payment system, and that has proved to be quite secure against hacking attempts.
I’m sorry, but I still don’t understand.
Where would you be storing your member’s data? And if you *are* storing your members’ data on your server (in your database) I would hope you are not using a shared host. Personal information and credit card information HAS to be stored on a private server. If not, you, as a seller that managed that information, are legally responsible for anyone who obtains that information (as I recall, US law states the cost of whatever damage is done to each person + $10,000 fine. Per person.) Being in a shared host *alone* is a BIG risk for your members – your server is only as strong as the security levels that people on that server take – the weakest link is your downfall. All it takes is one teenage blogger talking about school, or gramma talking about her quilts on your server who knows nothing about security to use the wrong kind of form, and BAM – everyone on the server is toast.
That’s not a WordPress issue, that’s a hosting issue (and a legal issue).
If you *are* on a private server, then you still have to take extra steps to protect your member’s personal information. (Such as passing the PCI compliance rules of your credit card companies, using SSL encryption, etc.) Again, not WordPress issues.
If you’re using a WordPress plugin to manage *passing information to logged in users*, then all WordPress will do is pass that information based on your code. IT can do that, no problem. It’s up to *you* to make it work however you want to. That’s the beauty of WordPress – it’s flexible enough to be anything from a simple blogging tool to a huge, complex cms – and powerful enough to bend in all kinds of directions. If you want to use a plugin to handle complex tasks, then you need to be sure the plugin author is up to par for it. As with *any* important purchase, do your research. (and if you’re storing personal information, FREE plugins are NOT the way to go for this.)
To single out WordPress as being wrong to manage a membership site is…well… wrong. It can, and it does it effectively. You, as a site owner, have the responsibility of ensuring your own security, and thus those of the people that trust you with their information. As far as ANY software goes – not just WordPress – the only data you should be storing on your sever is name, email and password. Maybe a quick bio or something. Anything else (like address, social security number (God forbid), phone number, credit card number…) is too much – unless you’re on a secure private server and pass PCI compliance rules.
Every bit of software has it’s downfalls. Singling out WordPress as the problem is just wrong. There’s tons of other software out there that does the same thing, and has the same issues. It’s not just the *software* you use that’s the problem, it’s what you install the software on, and how you choose to secure it on your own.
Shelly,
You have some excellent points and I would never store financial data on my servers. I use VPS servers but all of my payment processing goes through PayPal. I have opted NOT to deal with all the legal implications you mentioned above.
Now – on WordPress as membership site.
This post was written a while back and at the time I didn’t see any plugin that could sufficiently manage it. Obviously situation have changed but I personally still prefer to use stand alone membership management scripts for the same reasons I have outlined in this post.
When you income depends on reliability of the script that manages income generation – last thing I want is extra complexity. I like to keep things stable and secure, individually.
People obviously have a lot more options now when it comes to membership script and each is entitled and in fact encouraged to investigate their options.
Thank you for the feedback.
Alex Sysoef