Should Your Business Use WordPress or a Custom Build in 2024?
WordPress powers 43% of the web. It's also responsible for a disproportionate share of security incidents and performance failures. Here's how to think about the choice in 2024.
WordPress is the most popular web platform in the world. It's also the most frequently hacked, the most performance-challenged, and the platform most likely to generate a panicked call to a developer two years after launch.
Neither of these facts fully tells the story. Here's how to actually think about the choice.
Where WordPress Still Makes Sense
WordPress has genuine advantages in specific scenarios:
Content-heavy sites — blogs, news publications, and websites with hundreds of pages benefit from WordPress's mature content management workflows. The editor is familiar to non-technical users. The media library handles volume well.
Budget-constrained builds — for a very simple informational site where the owner just needs a presence, a well-configured WordPress install on decent hosting is fast to set up and costs less than a custom build.
Existing ecosystem — if a business already has content, integrations, or a team trained on WordPress, the switching cost may not be justified.
E-commerce with WooCommerce — for a standalone product shop with standard requirements, WooCommerce on WordPress is a mature and extensively supported option.
Where WordPress Creates Problems
The problems aren't hypothetical. They show up predictably in certain scenarios:
Security — WordPress's market share makes it the primary target for automated attacks. Outdated plugins, themes, and core installations are exploited daily. A WordPress site requires active maintenance — plugin updates, security audits, regular backups — to stay secure. Many SA small business owners don't do this maintenance. The result is eventual compromise.
Performance — a standard WordPress install with a page builder (Elementor, WPBakery, Divi) and a dozen plugins generates substantial page weight and JavaScript overhead. Getting a WordPress site to pass Core Web Vitals without expert optimisation is genuinely difficult.
Developer dependency — most WordPress themes and page builders lock content into proprietary formats. Moving to a different theme, developer, or platform involves rebuilding content that should be portable.
Update fragility — WordPress plugin updates can conflict with each other or with the theme. A standard update has a non-trivial chance of breaking something, which is why many site owners stop updating — which creates the security problem described above.
What a Custom Build Offers
A custom Next.js + Supabase build trades WordPress's ecosystem breadth for:
- No plugin dependency — only code that's actually needed
- Performance by default — images optimised, code split, edge-delivered
- Security by architecture — RLS at the database level, no attack surface from third-party plugins
- Complete portability — the code is yours, the data is yours, move it anywhere
- No maintenance overhead — no plugins to update, no version conflicts
The trade-off is cost and timeline. A custom build requires a developer who knows what they're doing. The flexibility comes with a higher upfront investment.
The Decision Framework
Ask two questions:
Does this site need significant ongoing content management by a non-technical person? If yes, and the content volume is high, WordPress's editorial workflow may be worth its limitations.
Is this site the primary operational tool of the business — with booking systems, client portals, payment integration, and admin dashboards? If yes, a custom build will consistently outperform WordPress in security, performance, and flexibility.
Most South African service businesses fall into the second category. They don't need a publishing platform — they need operational infrastructure. WordPress wasn't built for that, and it shows.