WordPress powers roughly 40% of all websites on the internet. That's an astonishing number, and whenever we tell someone we don't use it, the first question is always: "Why not?" After all, if it's good enough for nearly half the web, surely it's good enough for a local business site?
Not necessarily. And we say that not as WordPress haters, but as developers who've built dozens of WordPress sites and know exactly where it falls short. You wouldn't use a sledgehammer to hang a picture frame, and for most small to medium business websites, WordPress is that sledgehammer.
The Plugin Problem
WordPress's greatest strength is also its biggest weakness: plugins. Need a contact form? Install a plugin. Need SEO tools? Plugin. Security? Plugin. Image optimisation? Plugin. Before you know it, your site has 20-30 plugins, each one adding its own CSS, JavaScript, and database queries.
The result? A site that should load in under a second takes 4-6 seconds. Google PageSpeed scores of 30 to 50 out of 100 are depressingly common on WordPress. We've audited WordPress sites for prospective clients that score in the teens. That's not just a bad user experience — it's actively hurting their Google rankings.
And then there's the update treadmill. Every plugin needs regular updates. One outdated plugin can break your entire site. One poorly coded plugin can create a security vulnerability that gets your site hacked. It's a maintenance burden that most small business owners neither want nor understand.
The Security Nightmare
Because WordPress is so popular, it's the number one target for hackers. Over 90% of hacked CMS-based websites run WordPress. That's not because WordPress core is inherently insecure — it's because the ecosystem of themes and plugins creates an enormous attack surface.
We've seen small business WordPress sites get injected with malware, turned into spam relay servers, or simply defaced. The fix usually costs hundreds of pounds, plus the damage to your reputation if a customer visits your site and gets a malware warning from their browser. For a business that relies on trust, that can be devastating.
The Hidden 'WordPress Tax'
One of WordPress's selling points is that it's "free." The software itself is, yes. But running a WordPress site properly isn't free at all. Here's what you're actually paying:
- Hosting: Decent WordPress hosting costs £10-30/month. Cheap hosting makes the speed problem even worse.
- Premium plugins: The good ones aren't free. Yoast SEO Premium, WPForms Pro, Elementor Pro — easily £100-200/year in plugin licences.
- Premium themes: £40-80 for a decent theme, plus annual renewal fees for updates and support.
- Security and maintenance: If you're paying someone to handle updates and backups, that's another £30-50/month.
Add it up and you're looking at £200-400 per year in hidden costs — on top of whatever you paid to have the site built in the first place. That's the WordPress tax, and most people don't realise they're paying it until they start adding up the invoices.
WordPress is a powerful tool — for the right job. But for most small business websites, it's like hiring a removal van to pick up a takeaway. It'll get the job done, but there are far better options.
What We Use Instead (And Why)
We build with Next.js — a modern React framework used by companies like Netflix, Nike, and Notion. It's the same technology powering some of the fastest websites in the world, and we've brought it to small business web design.
Here's what that means for you in practical terms:
- PageSpeed scores of 95-100 — Not as a best case, but as the baseline. Every site we build scores in the green across all Core Web Vitals metrics.
- Deploys in milliseconds — Our sites are deployed to a global edge network (Vercel). That means your site is served from the server closest to your visitor, whether they're in Nuneaton or New Zealand.
- No plugins needed — Everything is built into the codebase. No bloat, no compatibility issues, no update anxiety.
- Virtually unhackable — Because there's no server-side CMS to exploit, no database to inject, and no admin panel to brute-force, the attack surface is essentially zero.
- SEO and AI-search optimised by default — Semantic HTML, proper heading structure, schema markup, and fast load times are all baked into the framework.
"But What About Editing My Content?"
This is the question we get most often, and it's a fair one. WordPress's admin panel is familiar, and people like being able to log in and change things. We get that.
That's why we use a headless CMS (Sanity) that gives you a clean, modern content editing interface — without any of the WordPress baggage. You can update text, swap images, publish blog posts, and manage your content from any device. It's simpler than WordPress, not harder.
The Right Tool for the Job
We're not saying WordPress is bad. For complex e-commerce stores, membership sites, or platforms that need 50+ plugins' worth of functionality, it can still be the right choice. But for a business that needs a fast, secure, professional website that actually gets found on Google and AI search? There are better tools now.
The web has moved on since WordPress was created in 2003. We think your website should move on too. Your customers deserve a site that loads instantly, looks stunning on every device, and is built for how people actually find businesses today.