WordPress vs custom-coded website

Why are we even comparing?

When a small business owner in Croatia decides to build a website, they usually hear two pieces of advice. Some say "use WordPress, it's free and everyone uses it." Others say "build the site from scratch, it'll be better." Both camps are partially right, but nobody explains the full story.

I build websites without WordPress, so you might think I'm biased. That's exactly why I'll be extra fair to WordPress. There are situations where WordPress is an excellent choice. But there are also situations where it's completely wrong, and someone is trying to sell you exactly that.

What is WordPress?

WordPress is a content management system (CMS) that was created in 2003 as a blogging platform. Over time it grew into the most widely used CMS in the world. Today it powers roughly 43% of all websites on the internet, from personal blogs to large corporate portals.

It's popular for several reasons:

• It's free - the WordPress core is open source software
• Massive ecosystem - there are over 60,000 plugins and thousands of themes
• Easy editing - content is changed through a visual editor, no coding required
• Large community - many developers know how to work with it, so it's easy to find help

Sounds great. But the very ecosystem that makes WordPress flexible also brings serious problems.

Problems with WordPress

Speed

For every visit, WordPress must launch the PHP interpreter, connect to the MySQL database, load the WordPress core, the active theme and all enabled plugins. The average WordPress site makes 30-50 HTTP requests and weighs 2-3 MB. The result? Load times of 3 to 5 seconds on an average connection.

This isn't just about user experience. Google openly uses page speed as a ranking factor. A site that takes 5 seconds to load loses visitors and search positions. According to research, 53% of mobile users abandon a site if it takes more than 3 seconds to load.

Security

WordPress is the most common hacking target precisely because it's so widespread. According to Patchstack reports, over 9,000 new vulnerabilities in the WordPress ecosystem were discovered in 2024. Of those, 96% come from plugins and themes, not the core itself.

The problem isn't just the number of vulnerabilities. Most WordPress owners don't update regularly. Outdated plugins with known vulnerabilities remain active for months. The consequences can be severe:

• Website hacking and malware injection
• Redirecting visitors to malicious sites
• Theft of data from contact forms
• Google blacklisting, after which your site disappears from search results

Maintenance

WordPress is not a "set it and forget it" system. It requires regular maintenance:

• Updating the WordPress core (several times a year)
• Updating plugins (some update weekly)
• Updating the theme
• Database backups
• Monitoring security patches
• Checking compatibility after updates

If you don't do this yourself, you pay someone €50-200 per month for website maintenance. Over a year that's €600-2,400 just for maintenance, without any new features.

Ecosystem dependency

Your WordPress site doesn't depend only on you. It depends on the WordPress team developing the core, on hundreds of plugin authors who must maintain their code, on the hosting provider who must support the right PHP version. If the author of one critical plugin stops development, you're left with unmaintained code on your website.

This happens more often than you'd think. Plugins get abandoned, become incompatible with new WordPress versions, or get acquired by shady companies that use them to inject ads.

What is a custom-coded website?

A custom-coded (or "static") website is a site written in pure HTML, CSS and JavaScript code, without WordPress or any other CMS. No database, no plugins, no admin panel. Just files that the browser reads and displays directly.

That doesn't mean it's primitive. In fact, some of the fastest-growing companies in the world use static sites for their business web presence. The reason is simple: maximum speed, minimal attack surface, zero unnecessary complexity.

Advantages of a custom-coded website

Measurable speed

A custom-coded site has no database to query, no WordPress core to launch, no plugins to process data. The result? Load times under one second, even on slower mobile networks.

My websites regularly score 90+ on Google PageSpeed Insights. That's not just a nice number. Google actively rewards fast websites with better search positions. You can read more about how speed affects SEO and sales in the article about boosting sales through your website.

Uncompromised security

No database = no SQL injection attacks. No admin panel = no brute force attacks. No plugins = no vulnerabilities. Static HTML pages are virtually impossible to hack because there's simply nothing to hack. They don't appear in hacked system statistics because they have no vulnerable components.

Full code ownership

When you receive a custom-coded website, you get the complete source code. It's entirely yours. You can host it anywhere, hand it to another developer for maintenance, or modify it however you want. You're not locked into anyone's ecosystem, and you don't pay a license fee to use your own website.

Zero third-party dependencies

Your site doesn't depend on the WordPress team, on plugin authors, or on a specific hosting environment. HTML and CSS work everywhere. If your hosting provider shuts down tomorrow, you copy the files to any other server and the site works identically.

SEO from the ground up

Every page I build has proper semantic structure, schema.org markup, optimized meta tags, clean URLs and a perfect content-to-code ratio. These aren't things that get "added later" as a WordPress plugin. They're part of the site's foundation. The result is better Google rankings and greater visibility for your business.

Drawbacks of a custom-coded website

I'll be fair. Custom-coded websites aren't perfect for every scenario.

Self-editing

Without a CMS, you can't change content yourself through a visual editor. For text changes you need basic HTML knowledge or to contact the developer. For clients who want full independence, the Premium package includes a simple CMS that solves this problem. And for everything else, one year of support is included in every package.

Limitations for large projects

If you need an online store with thousands of products, a complex user account system, or a platform where multiple authors publish daily, a custom-coded website may not be the right solution. For such projects, specialised tools like WooCommerce or Shopify exist.

Higher upfront cost for complex features

While in WordPress you can "freely" add a contact form, gallery or blog via plugins, with a custom-coded site those features need to be written from scratch or integrated with smart solutions. For simple business sites the price difference is minimal. For more complex projects, custom development can be more expensive upfront but cheaper in the long run because there are no maintenance costs.

Direct comparison

Here's an overview of the key differences. WordPress wins some categories, custom-coded wins others. What matters is understanding which is better for your specific case.

Cost comparison over 3 years

The initial development cost is only part of the story. The real costs become clear only when you look long-term. Here's a comparison for a typical business website (5 subpages, contact form, SEO):

A difference of over €5,000 in three years is nothing to ignore. And that's a conservative estimate because it doesn't include the cost of recovering from a hack or switching to a new developer when the old one no longer supports your WordPress project.

When does WordPress make sense?

It would be dishonest to say WordPress is never a good choice. Here are situations where WordPress is a reasonable option:

• Large online store - if you need 500+ products with filters, variants and different prices, WooCommerce is a proven solution
• Publication with a large team - if you have an editorial team of 5+ people publishing articles daily, the WordPress workflow is hard to beat
• Complex integrations - if you need to connect with an ERP system, CRM, invoicing system and five other tools, the WordPress ecosystem can solve that with plugins
• You have an internal IT team - if you have someone who will regularly update the system, monitor security and fix problems, the WordPress risks are lower

When to choose a custom-coded website?

For the majority of small business owners, a custom-coded website is the better choice. Especially if:

• You need a presentation website for your business
• You have up to 10 subpages
• You want maximum speed and Google rankings
• You don't want monthly maintenance costs
• You want full code ownership
• You don't plan to publish new content daily
• Security is a priority for you

Technical differences under the hood

If you're interested in the technical side, here's what happens when someone visits your website:

WordPress request

1. The browser sends a request to the server
2. The server launches the PHP interpreter
3. PHP loads the WordPress core (~200 files)
4. WordPress connects to the MySQL database
5. The active theme is loaded with its CSS, JS and PHP files
6. All active plugins are launched (10-30 of them)
7. WordPress generates HTML from the database
8. The HTML is sent to the browser
9. The browser loads all additional CSS and JS files (30-50 requests)

Custom-coded website

1. The browser sends a request to the server
2. The server serves the ready-made HTML file
3. The browser displays the page

The difference is obvious. Fewer steps means fewer things that can go wrong, less latency and fewer potential security holes. If you're interested in a deeper comparison of the technologies used to build websites, read the article on PHP vs React.