Recently, I was speaking with a potential client who is planning to re-launch their Learning Management System (LMS) with a platform that is more user friendly and that has increased flexibility over their current system. This client is not a small company – it is a very large, Fortune 500 household brand. The project would be a big lift no matter what platform they chose to, eventually, launch on. They are in the process of choosing between launching their LMS on WordPress, but they are also talking with a proprietary SaSS service who wants to charge them a healthy six figures to launch the site, plus tens of thousands per month to license, host, and maintain it – costs that will incrementally increase as new users are added to the platform. Naturally, we discussed pros and cons of each system.
What struck me during this conversation is the perception of WordPress, and that of Open Source Software (OSS), to people who are not used to working within an OSS environment. Here are two very large assumptions I needed to correct by having a frank and honest discussion with this client:
- Open Source means it’s insecure.
This is a much bigger topic than I get into in the next few paragraphs. However, to this particular person, the fact that the WordPress source code is available for anyone to browse through and look at must mean that it is penetrable and insecure.
In fact, it is BECAUSE its open source means that all eyes are on it – anyone can look at it and discover any potential security vulnerabilities. WordPress has the largest OSS developer community of any Content Management System (CMS) available today. Companies like Microsoft have fully vetted WordPress to run a good number of their own websites. Some of the largest companies in the world have turned to WordPress as their preferred platform, and host them on managed WordPress hosting companies, like WP Engine and WordPress VIP – and those hosting platforms also have a very vested interest in the security and performance of the WordPress code.
I did have to explain that open source code is not the same as user data. While anyone can view and browse through the WordPress code base, the user data is not included – rather, that data is stored in a database separate from the code, and as long the developers for your website are interacting with the current & default WordPress code base in a way that is in keeping with best practices, following WordPress coding standards and making sure they are maintaining secure code, user data is safe. That is why it is important to hire a development agency who knows what they are doing and has deep experience with the platform.
In a proprietary system, on the other hand, typically the only eyes on the code base are the developers who work for the company hosting the code. No one else is able to view the code base that runs your very valuable platform. The only thing you have in regards to security assurances is their word. I know there are some very reputable, proprietary systems out there, so I don’t want to disparage any one – however, to say that OSS is insecure just by nature of its ‘openness’ is wholly incorrect.
I would argue that you’d WANT as many eyes on the code base as possible – constantly auditing, constantly scanning and checking and updating. To me, that is a preferred scenario over a closed system that is not open to critique and due diligence. - Data Portability means data is vulnerable.
There are different reasons to discuss data portability – this particular conversation was around how ‘portable’ your website data is, in the event you ever want to move to a different platform or hosting provider.
This was a biggie to get through in this conversation. The proprietary system they were considering told them that their data, including courses, pages, lessons, quizzes, user data, profiles, etc – could not be exported from their system under any circumstances. This client understood that to mean that the data, including (most importantly) user data, is very very secure. If it can’t get exported or moved anywhere, that means the data must be secured behind an impenetrable door that no one can access. What that means is that YOU cannot access your own data.
Here is the real reason that some proprietary systems refuse to allow you to export your data: to lock you into their service and with their exorbitant licensing fees.
It sounds cynical, but it is absolutely true. There is no reason to lock a customer into your service if they don’t want to be there. If you make it difficult – and in some cases, near impossible, to export YOUR OWN DATA, the easy answer is to just stay with the proprietary service until the end of time, even if you’re miserable there. They can raise their licensing fees, charge you more hidden costs, and you’re still stuck with the impossible headache of even thinking about moving to a different system.
If they own your data, they own YOU, it’s that simple. Please, please do not let this happen – even if you don’t turn to WordPress as your preferred platform. Do not allow a company to own your data under any circumstances. Always check the terms of service, and if you’re speaking to a salesperson from the company, ask these simple questions: What about data portability? If I want to migrate to a different platform in the future, for any reason – does your system make it easy for me to do that? Do you have documentation on how data is exported from your system?
Your data, your code, your progress belongs to you – you have worked too hard, and, in a lot of cases, paid too much money to allow a company to own your hard earned progress. Don’t get locked in by a company who does not have your best interests at heart.
When it comes to exporting and moving your data to a different platform and/or host – WordPress offers complete flexibility.
Recently, controversy has arisen in the web publishing industry when an Israeli software company named Wix, who provides cloud-based web development services, came after WordPress with an advertising campaign that did not speak to the value of their own product, but rather disparaged WordPress in a pretty tasteless manner with attack ads and videos. You can host websites at Wix, just like you can build websites on WordPress – so they are competitors in that sense. However, Wix is one of those proprietary services who, according to their terms, do not allow you to export your content from their platform.
Real talk: this is shady business practice.
It is not a lot to ask for your service provider to operate with integrity and ethics. If you are seeking out a system for your platform, make sure that you own the data you have worked hard to create and curate. Also, give WordPress a very serious look and consideration as your platform of choice – it is a robust system that can handle websites at scale, and as a platform, it cares about your hard work – because it allows you to take it with you wherever you may go.
I leave you with the Mission, from WordPress.Org: