* The Business of Software

A former community discussing the business of software, from the smallest shareware operation to Microsoft. A part of Joel on Software.

We're closed, folks!


» Business of Software FAQ
» The Business of Software Conference (held every fall, usually in Boston)
» Forum guidelines (Please read before posting!)


Andy Brice
Successful Software

Doug Nebeker ("Doug")

Jonathan Matthews
Creator of DeepTrawl, CloudTrawl, and LeapDoc

Nicholas Hebb
BreezeTree Software

Bob Walsh
host, Startup Success Podcast author of The Web Startup Success Guide and Micro-ISV: From Vision To Reality

Patrick McKenzie
Bingo Card Creator

Do you use Wordpress for your commercial website?


I have an old website which is difficult to maintain. I want to change the design and easily add new content. Website should be ready for mobile screens to please Google.

The only idea I have switch to Wordpress.

If you had any experience with Wordpress to run a website where you sell software products, please tell me.
Igor Kokarev Send private email
Friday, August 21, 2015
Hi Igor,

I'm going through the same process myself (setting up a WP based website to sell my own software products) and have had a very positive experience with WP so far.

I would suggest a couple of things:

Buy (or subscribe) to a theme library rather than rolling your own design.
I use Thrive Themes* which I'm happy with. Their Content Builder is also much better than the standard WP editor (which is fairly rudimentary)
However there's many theme providers out there some of whom focus on performance and/or display options (mobile et al) as their USP so investigate a few.

Before you feel the urge to cut some code, research what plug-ins are available for the functionality you're trying to achieve. I was (pleasantly) overwhelmed by the breadth and depth of the WP plug-in market.
Admittedly like the iPad app market there's a lot of crap out there, but there's also quite a few gems - so you may need to dig through a little dirt to hit the diamonds.

*I have no affiliation - just a satisfied customer

All the best -
Marcus from London Send private email
Friday, August 21, 2015
Hello Marcus,

Many thanks for your response!

I'm starting to learn a test installation of Wordpress and I must to say that I'm very impressed how to easy use it.

You're right, I'm thinking to buy a ready theme. It's also safe - because author of a theme doesn't know how you will use his theme.

I was concerned about 3 things:

1. Possible vulnerabilities. But millions of websites use Wordpress and updated version will be realised quickly in case of serious problems.

2. Event tracking for Google Analytics when user clicks links (Download, Buy now, etc).

3. For the Upgrade usr must enter his old license key and I perform a simple check. I have no idea how to implement it on Wordpress.
Igor Kokarev Send private email
Friday, August 21, 2015
Also one important task. My existing website is multilingual. As I understood in Wordpress I should use plug-ins like qTranslate, Polylang or commercial WPML.
Igor Kokarev Send private email
Friday, August 21, 2015
First you need to differentiate between wordpress.org and an installation of Wordpress on your own (or shared) server.

You cannot use the .org site for commercial stuff anyway, so presumably you are installing Wordpress as a CMS on your own site?

Reluctantlyregistered Send private email
Friday, August 21, 2015
Of course, it's Wordpress installation on my own VPS server.
Igor Kokarev Send private email
Saturday, August 22, 2015
In that case it is a simple matter to add your own HTML to a page, which can call an external script to check or issue licenses.

It's been a surprisingly long time since I've even looked at the back-end of any of my WP installs. I have about 20 of them on a shared hosting plan. Every now and then I get an email telling me they've been updated, which never seems to cause any problems.

Go for it and learn as you go; WP is around for a loooong time :)

Reluctantlyregistered Send private email
Tuesday, August 25, 2015
Hi Igor,

I have been using Wordpress for my website for around 10 years now and have been happy with it. There are many Good analytic plugins for click tracking. I use "Google Analyticator" but there may be better ones that have come up recently.

While there are plenty of plugins that enable many common functionality, it is when you need custom functions (like the license key requirement that you have) that we face difficulties. In these cases you may have to write custom plugins which is a bit of a learning curve.

I have not had to do much custom programming as such but did try out a programmer on elance once. The programmer did not work out but creating custom function did not seem very hard though I did not venture more due to paucity of time.

Hope this helps and good luck.

Kind Regards.
Nandan Send private email
Wednesday, August 26, 2015
Thanks for your comments! I'm testing Wordpress now.
Igor Kokarev Send private email
Friday, August 28, 2015
I run several WP sites. Despite applying the frequent updates, about once a year some script kiddie finds a way in through a zero day exploit. WP has tons of bugs, compounded by easy access and install of lots of "free" buggy add-ons.

Sadly, I don't know if there's anything better than WP. Just keep it on it's own server, keep addons to the absolute minimum, and backup the db frequently. You'll probably need it.
Darren Send private email
Wednesday, September 16, 2015
+1 for Darrens comment. I would never consider a CMS like Wordpress for a commercial software website. There are too many security issues and unknowns when running those giant applications.

Do you host your business email and software licensing on the same server? If so and an attacker owns your server via some simple wordpress/php bug then its game over for your mISV. And you better not host your source code on your webserver, that's just insane. Do you digitally sign your installers and verify them client side with cert pinning if you do auto updates? If not an attacker can push down malicious updates to your customers. Thats a lawsuit waiting to happen, regardless of loss of business/customer confidence.

Static HTML/JS on all public facing websites with a minimal amount of scripting (php/...) to handle your licensing/... which has been reviewed for all common classes of vulnerabilities is the only way to go IMHO.

If you need a knowledge base, forum, and so on, you are better having them hosted by a third party service in order to isolate your core business infrastructure.

A little bit of a rant, but in my opinion its insane using wordpress and the like for commercial business websites. You have too much to loose!!
maxr Send private email
Wednesday, September 16, 2015

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics
Powered by FogBugz