Why We Don’t Build on WordPress
WordPress runs a huge share of the web, and it’s free to download. Neither of those facts means it’s cheap.
That’s the conversation we keep having with clients. WordPress isn’t a website, it’s a starting point. The moment you need it to actually rank, load fast, stay secure, and not break every time something updates, you’re no longer running “WordPress.” You’re running WordPress plus a stack of hosting decisions, plugins, and ongoing maintenance that somebody has to own.
That somebody is usually the client, and they didn’t sign up to be a systems administrator.
Here’s what that stack actually looks like, piece by piece.
The core problem: WordPress is an engine, not a car
Out of the box, WordPress core is intentionally minimal. Everything that makes a site functional such as forms, SEO tools, page building, caching, security, backups, and eCommerce.
These things are bolted on afterward, almost always through third-party plugins built by different teams, updated on different schedules, with no guarantee any of them play well together.
A “simple” WordPress site in practice often means:
A page builder (Elementor, Divi, etc.)
An SEO plugin (Yoast, RankMath, AIOSEO)
A caching plugin
A security plugin
A backup plugin
An image optimization plugin
A form plugin
Maybe a membership, booking, or e-commerce plugin on top.
That’s not a website. That’s eight-plus pieces of software from eight-plus vendors… all needing to stay compatible… and… forever.
Hosting isn’t one decision (it’s actually several)
“Just get hosting” undersells it. Cheap shared hosting will run WordPress, technically, but it also tends to be where sites slow down, staging environments don’t exist, and PHP versions lag behind. To do it properly you’re choosing:
Managed WordPress hosting (WP Engine, Kinsta, etc.) to get server-level caching and staging environments (usually $25–$100+/month once you’re past the entry tier)
PHP version management, since WordPress and its plugins each have their own compatibility requirements
Database maintenance, because WordPress stores everything, every revision, every transient… and bloated databases slow sites down over time
A CDN, because WordPress doesn’t serve assets efficiently on its own
None of this is optional if you actually care about site speed. And all of it is invisible until something breaks.
SEO: partially built in, mostly not
WordPress gets marketed as "SEO-friendly," and at the core-code level that's fair, clean URLs, decent semantic HTML, a basic XML sitemap since version 5.5.
But actual SEO encompasses a lot more: meta titles and descriptions, canonical tags, structured data/schema markup, Core Web Vitals, mobile performance, redirect management, avoiding duplicate content across archive and taxonomy pages. None of that is handled out of the box.
So almost every WordPress site ends up running a dedicated SEO plugin, Yoast being the default choice for most people. Yoast is a genuinely capable tool, and we're not saying otherwise. But it's worth being honest about what installing it actually costs you:
It's heavy. Yoast is one of the larger plugins in the WordPress ecosystem, and it's been repeatedly flagged by users and reviewers for adding real weight to admin dashboard load times, and front-end HTML output, the opposite of what you want from something whose whole job is tied to page speed, which is itself a ranking factor.
The "green light" system optimizes for the checklist, not the outcome. Yoast's traffic-light scoring rewards keyword density, sentence length, and passive-voice counts, inputs that are easy to game and don't reliably correlate with how content actually ranks. It's genuinely useful for beginners avoiding obvious mistakes, but teams often end up writing for the green light instead of for readers or search intent.
It layers schema and meta output on top of your theme's own, and the two don't always agree, which can produce duplicate or conflicting structured data if nobody catches it.
Uninstalling it doesn't fully clean up after itself. Plugin settings and SEO data are deliberately left behind in the database by design, which is reasonable if you're reinstalling later and less reasonable if you're trying to switch tools cleanly.
None of this makes Yoast a bad plugin, it's the market leader for real reasons. It's more that "install an SEO plugin" quietly becomes its own ongoing decision: which one, how configured, how it interacts with everything else installed, and what it costs every year to keep running.
That's the pattern with WordPress SEO generally, the fundamentals are reachable, but only by adding another dependency, not by the platform handling it natively.
Security becomes a full-time job
WordPress’s popularity is exactly why it’s the most-targeted CMS on the web, more market share means more attackers writing exploits against it.
And the attack surface isn’t just WordPress core, which the community patches quickly. It’s every plugin and theme installed, each maintained by a different developer, each a potential entry point.
In practice, “secure” means:
Keeping core, every plugin, and every theme updated constantly, because delaying updates is how sites get compromised
Running a security plugin (Wordfence, Sucuri) for firewalling and malware scanning
Maintaining automated, tested backups, not just backups that exist, but ones you’ve actually verified restore correctly
Watching for the moment an update to one plugin breaks another, which happens more often than anyone would like
Skip any of these and you’re one abandoned plugin away from a defaced site or a blocklist notice from Google.
Maintenance is the part nobody budgets for
This is really the heart of it. A WordPress site isn’t “done” at launch, it’s a living system that needs continuous attention:
Plugin updates that can silently break layout or functionality
Theme updates that conflict with page builder customizations
Compatibility checks every time WordPress core itself updates
Performance drift as more plugins and content accumulate over time
The very real risk of a plugin developer abandoning their plugin entirely, leaving an unpatched security hole in a site that otherwise works fine
Somebody has to own all of this on an ongoing basis. That’s either the client learning to babysit a stack of software they never chose, or an agency selling a monthly “maintenance retainer”, which is really just a fee for managing the complexity that WordPress introduced in the first place.
The real math
Add it up and a “free” WordPress site typically costs:
Managed hosting: $25–100+/month
Premium SEO plugin: ~$100+/year
Security plugin: ~$100+/year
Backup service: ~$50–100+/year
Page builder license: ~$50–200+/year
Ongoing maintenance (in-house time or an agency retainer): often the largest line item of all
None of that shows up when someone says “WordPress is free.” It shows up eighteen months later, spread across a dozen invoices and a growing sense that the site has become fragile.
What we do instead
We build exclusively on Squarespace, and that was a deliberate choice.
The first reason is practical. Squarespace treats hosting, security, and updates as part of the platform rather than as separate decisions someone has to make. There's no server to choose, no PHP version to track, no patch schedule to manage, updates and security fixes roll out at the platform level, automatically, across every site running on it.
The fundamentals we walked through above, sitemaps, clean markup, mobile responsiveness, SSL, image handling, are simply part of what you get, not a pile of plugins standing in for what the platform should have handled natively.
The second reason is us. We don't spread our attention across ten platforms trying to be everything to everyone. Every project we've built, every edge case we've hit, every workaround we've figured out has gone into getting deeper on one system instead of staying shallow across many.
In practice that means we usually know exactly how to build what a client wants, and just as importantly, we know early when something isn't a good fit for the platform, instead of finding out three weeks into a project.
That's the actual trade-off, and we're upfront about it: we gave up "there's a plugin for anything" in exchange for not having to re-solve the same fundamentals on every single project. For the kind of sites we build, that trade has been worth making every time.
It's not that WordPress is a bad tool, for a lot of use cases, it's a genuinely reasonable one.
It's that "free and easy" is only true until a site needs to actually perform, rank, and stay secure over time.
At that point, the real cost was always there. It was just hidden across a dozen different bills instead of one conversation up front. We'd rather have that conversation up front.