WordPress runs something like four in ten websites on the entire internet. That’s not an accident. It’s flexible, it’s familiar, half the developers you’ll ever meet know it, and you can make it do almost anything. We’ve built plenty of WordPress sites over the years, and this is not a hit piece. It’s a fair question, honestly answered: is it the right choice for a small business that just wants a fast, secure website that brings in work?
For a lot of them, the honest answer is no. Here’s why.
The flexibility has a bill attached
The thing that makes WordPress powerful is the same thing that makes it demanding. It can do anything because you bolt on plugins, and a typical site ends up running a dozen or more. Each one is a small piece of software written by someone else, updated on its own schedule, occasionally abandoned, and capable of breaking the others.
So someone has to manage all that. Update the plugins. Test that the updates didn’t break the contact form. Keep the core software current. Run the backups. When two plugins disagree at nine o’clock on a Sunday and the site goes white, someone has to notice and fix it. On most small business sites, that someone is either nobody, or you.
Security is a real and constant cost
Because WordPress is so widespread, it’s the most-attacked platform on the web. The attacks are automated and relentless, mostly aimed at out-of-date plugins and weak logins. A well-maintained WordPress site can be kept secure, absolutely. But "well-maintained" is doing a lot of work in that sentence, and it isn’t free. Neglect it for a few months and you’re a target with the door propped open.
Speed is an uphill fight
A stack built from a general-purpose system plus a pile of plugins carries a lot of weight. You can make WordPress fast with caching, optimisation, and good hosting, but you’re improving something that started heavy. Sites built lean, as static files served from a fast network, start light and stay light. And as we’ve written before, speed is not a nicety. It directly affects how many visitors stay and how well you rank.
So when is WordPress the right call?
To be fair, sometimes it genuinely is. If you need a complex, content-heavy site with many editors, intricate e-commerce, or a specific plugin ecosystem you depend on, WordPress earns its place. Plenty of large, well-run sites are on it, with the budgets and the people to maintain them properly.
The mismatch is the small business that doesn’t have those needs or those people. It wants a fast, secure, low-maintenance website that brings in work, and it ends up with a powerful, demanding system it has neither the time nor the inclination to look after.
The managed alternative
There’s a simpler shape for most small businesses. Build the site on a modern, statically generated stack, where there’s no database to attack and no plugins to patch, so it’s fast and secure by its nature. Host it on serious infrastructure. And rather than handing it over and walking away, have someone look after the whole thing every month, so the maintenance burden never lands on you at all.
That’s the model we build on now. Not because WordPress is bad, but because for the business that just wants its website handled, carrying all that flexibility you’re never going to use is a strange price to pay.
If you’re on WordPress and quietly tired of it, we can usually rebuild on a lighter stack and bring your content across. No lectures, and no judgement about how you got here.
Ready for something simpler?
We migrate WordPress sites to a faster, lighter stack regularly. If you’d like to talk through what that might look like for your business, half an hour is all it takes.
Start a conversationCommon questions
Is WordPress good for a small NZ business website?
WordPress can work well for small businesses, but it comes with ongoing maintenance demands that many owners aren’t prepared for. Plugins need regular updates, security vulnerabilities require monitoring, and performance needs active management. For businesses that simply want a fast, secure website that brings in work without the ongoing overhead, a managed alternative built on a lighter stack is often a better fit.
Why is WordPress a security risk?
WordPress’s popularity makes it the most-attacked platform on the web. Automated attacks constantly probe sites for out-of-date plugins and weak login credentials. A well-maintained WordPress site can be kept secure, but it requires regular attention. Neglect it for a few months and vulnerabilities accumulate. Sites built as static files on modern infrastructure don’t have the same attack surface — there’s no database to attack and no dynamic code to exploit.
What is a managed website alternative to WordPress?
A managed website built on a modern statically generated stack is one where the site is compiled as plain files — no database, no plugins to patch — and served from fast, reliable infrastructure. The business gets a site that is fast, secure by its nature, and fully looked after by someone else on an ongoing basis. Content can still be updated easily, but the technical overhead is removed entirely from the business owner.
Can I migrate my existing WordPress site to a lighter stack?
Yes, and it’s usually straightforward. Content, copy, images, and structure can all be moved across. The result is typically a faster, more secure site with significantly lower ongoing maintenance demands. The migration can be done without any downtime to your existing site.