I originally intended “HubSpot vs WordPress” to be a single post, but once I began to break it down, I realized that what has become a simple evaluation process for me has a bunch of moving parts that someone with less experience working on one or both platforms might not be familiar with. So rather than frying your brain (and mine) with everything at once, I’m going to cover one or two areas per week. All of the posts in the series will be available on the HubSpot vs WordPress page.
It’s worth noting that the topics topics won’t be presented in order of priority (or any other criteria, that matter), the reason being that one organization’s top priority is negligible to another – and it’s where those priorities net out that will ultimately drive your platform choices.
HubSpot vs WordPress: Choosing a Solution
Their position at the top of the SMB digital marketing space makes HubSpot vs WordPress comparisons a common occurrence. As an agency that works extensively with both, we generally have a good idea of which one is right for a particular client as soon as we understand their needs and priorities.
While each product’s capabilities, attributes, strengths and weaknesses have become second nature to us, those of you arriving here after searching “HubSpot vs WordPress,” are probably looking for answers. And though I can’t provide you with a definitive recommendation without a full understanding of your particular situation, I can outline the framework that Mindtap uses to to evaluate HubSpot vs WordPress.
Before I dive in to the details, though, let me point out that there are four; rather than two, potential outcomes of considering HubSpot vs WordPress. You may end up choosing:
- HubSpot alone
- WordPress alone
It might seem like more options mean more complexity, but it’s really just a matter of understanding your own needs (or those of your stakeholders) and weighing them against the strengths and weaknesses of the two platforms.
HubSpot vs WordPress: Overall Security
Security wasn’t something I considered when evaluating HubSpot vs WordPress until about a year ago when a client’s WordPress site got hit with a malware attack.
Up until then I thought that as long as I kept WordPress, Genesis (our framework of choice), child themes and plugins up-to-date, my sites were safe. Needless to say, I learned otherwise – and the three days it took to get everything back to normal convinced me that security should become a permanent part of the evaluation.
If you’ve got a good managed hosting provider or have the expertise to configure and manage your own hosting environment, and you keep your themes, plugins, etc. up-to-date, you’re unlikely to experience problems. In the case mentioned above, our client wanted to stay with their old web host who, it turns out, had some vulnerabilities.
That said, many attributes that are commonly counted among WordPress’ strengths can be liabilities when it comes to security, namely:
- it’s open source, meaning that hackers can easily become familiar with and exploit, all aspects of the platform.
- thousands of third party developers have released nearly 50,000 plugins, many of them outdated and with little or no developer support.
- out-of-date WordPress core, theme and plugin files are the primary vulnerability of WordPress sites, and keeping them current requires regular manual updates.
- With nearly 18 million websites – a full 60% of the global CMS market – running WordPress it’s attractive to hackers seeking the greatest effort-to-impact ratio.
Put simply, WordPress is a big, soft target.
HubSpot, on the other hand, is used on only around 75,000 sites, all of which are running commercial, java-based software hosted on HubSpot’s fully managed servers.
Given all that, it doesn’t take a diabolical super-hacker to spot the more desirable target.
HubSpot vs WordPress: the SSL Problem
It used to be that SSL encryption was mostly confined to sites that transmit and receive financial information. But that all changed in the summer of 2014 when Google announced that all sites who use it get a boost in search rankings.
Not surprisingly, HubSpot customers began to ask about adding SSL to their sites only to be informed that they couldn’t support it due to the way the software handles DNS. HubSpot did, however, say they were working on a solution. But when that solution finally rolled out, it was; and remains, far less than ideal.
Rather than simply allowing clients to use their own SSL certificates, HubSpot instituted a complicated, expensive and all-around subpar framework for SSL support.
Essentially, HubSpot customers can use a shared certificate for free if they buy the $200/mo website add-on (which extends the HubSpot CMS to an entire website, rather than just the blog) or they can pay $100/mo to use the shared certificate without the website add-on, and that’s in addition to the $800/mo pro plan that we use and generally recommend.
There are, however, two additional options: custom SSL service, in which they set up a private Symantec certificate for you or custom with your own third-party certificate, both of which will set you back $600/mo in addition to your base plan (e.g. Pro mentioned above) and any add-ons.
Of those four options, the only one we have attempted was the first one, and we encountered considerable implementation challenges, and neither our client nor our team were very pleased with HubSpot’s customer support regarding the problem.
While the extra $100, $200 or even $600/mo may not be prohibitive for some, it’s difficult to justify the (at least) $1,200/yr expense when one can get a free, private letsencrypt certificate (from the same issuer as HubSpot’s non-custom cert) and install it on my WordPress site for free (or the few dollars it would cost to have someone else install it).
HubSpot vs WordPress: The bottom line
HubSpot is more secure than WordPress, but HubSpot’s SSL support is problematic, so which one wins the security battle in the HubSpot vs WordPress war comes down to:
- how important overall security is to you
- whether you or the entity managing your site can commit to keeping up with platform and plugin updates
- the quality / level of trust you have in your hosting company
- whether SSL is a priority (if you care about SEO or data security it should be)
For our own purposes, Mindtap went with both the site and blog on WordPress with HubSpot integrated on the back-end via HubSpot’s WordPress plugin and embedded forms. We did that because SSL is important to us, we have internal resources that keep our everything up-to-date and we have been with our hosting company since 2014 with no security breaches (knock on wood).
While I tried to be as detailed as possible in this post, it’s the nature of digital that there are a thousand situations I’ve never considered, so if you have questions or comments, please feel free to drop it into our comments section below, or if you would prefer, send us a message.
…And check back next week for the next entry in the series “HubSpot vs WordPress: Support”.