Why You Shouldn't Build Your Bank's Website on WordPress

Posted by Allison Gibbs on Feb 12, 2018 7:50:00 AM

security image red lock on a computer screen

Just about every modern website is built on a content management system. This allows website managers to edit content, embed images and video, publish articles, and manage data without the need to learn web programming.

There are literally hundreds of content management systems (or CMS for short) available today. Some are designed for small businesses, some for mid-sized organizations, and some for large enterprises.

It's important to understand how to choose the right CMS for your financial institution based on your specific needs. Smaller businesses or individuals with simple needs are often a good match for WordPress, which is one of the most popular CMS platforms in the world. There are even large websites built on WordPress, when companies have in-house development support and expertise to maintain it.

At Capital Point Marketing, we have more than twenty years experience creating bank and credit union websites. We don't use WordPress. In our opinion, it's not the right tool for the job. Instead, we recommend secure cloud CMS platforms like Zephyr, HubSpot and Coredna.

Read the Guide: Banking Website Design Best Practices

Over the years, we've had clients come to us asking for help with their WordPress sites after security scares and issues with getting hacked (or even suffering multiple hacks). Our advice is usually to move them off WordPress and onto a platform that is more secure and professionally maintained.

That said, we recognize that there are indeed some advantages of an open-source CMS like WordPress. Some nice things about going open-source include:

  • Low initial cost
  • Lots of peer support from other users
  • Freedom to customize if something doesn’t work the way you want it to
  • Lots of add-ons and plugins to extend functionality

For example, if you want to add a membership database, advanced events calendar, or e-commerce system to your website using an open-source CMS, you can most likely find a plugin to add this functionality or you can write the code yourself.

While this may sound dreamy, it’s not all kittens and rainbows when you go the open-source route. There is a dark side and it’s important that you know about it. Some of the downsides of WordPress can include:

  • Questionable support
  • Reliance on your own developers to maintain and customize
  • Security issues if not maintained properly
  • Lots of time invested in choosing/testing plugins
  • Upates, making sure your CMS and all plugins are running on the latest version
  • Plugins are often unfinished and in “beta”

Security is one of the biggest concerns for most people when you talk about WordPress. While no CMS can offer immunity or impenetrability to attack, there are particular security concerns here. This article points out some of the foundational issues with WordPress, in particular that the CMS was not built with security as a top priority. 

Updates & Plugins

If your bank's website is built on WordPress, you'll need to budget time and money to perform your due diligence on any plugins you need, and to update them when new versions come out. Plugins are a prime source for hackers to exploit vulnerabilities, or even for you to accidentally install a piece of malware yourself. By choosing a cloud CMS like Zephyr, we ensure that your CMS is maintained and updated for you, and you will never worry about upgrading or making sure you’re on the latest version. Plugins aren't a concern either, because of third-party integrations and custom development for whatever functionality you need.

Password Hacks

Brute force password hacking is another way that your WP site is vulnerable. If your users do not use sufficiently strong passwords, you could be vulnerable. We also advise that you always use two-factor authentication (which is something that our preferred CMS, Zephyr, requires by default).

With all that said, you may think we are WordPress haters. Not true. We just don't think it's a good platform for high security industries like banks and credit unions, particularly those who have a one-person IT team or single web developer on staff. Your reputation and security is just too important to risk it.

Millions of websites do run on WordPress very successfully, so it certainly has it’s place. Here are some indications that it may be right for you:

  • Your organization has simple website needs
  • You have a developer or agency that you trust to support and maintain your website
  • You are able to budget for customizations and fixing plugins
  • You can spend the time to test and research third-party apps
  • You truly need to do complex custom integrations with other systems
  • Someone with technical experience will be managing the website

If most or all of these things are true, then you might have no problems with a WordPress website, and it might serve your needs very well.

But don't just use WordPress because a consultant told you to or because you think it's "free." If your needs go beyond what WordPress can (or should) safely and securely handle, we can point you to good options. After viewing the comparison above, we feel that you'll understand why we choose a cloud CMS for our clients and why they are happier as a result.

Read the Guide: Banking Website Design Best Practices

Tags: cms, banking website design, credit union website design

Subscribe to Email Updates


  • Allison Gibbs
  • Michael Reynolds
  • Stephanie Fisher