WordPress’ domination of the web, particularly in regard to websites with a content management system (CMS), continues.

Here are stats I pulled from a piece in Torque Magazine by German entrepreneur and marketer, Nick Schäferhoff and a web technology survey from Q-Success.

  • WordPress is used by 28.4% of all the websites, that is more than a billion sites.
  • WordPress is used by 59.2% of all the websites with a CMS. Its closest competitor, Joomla is used by only 6.3 percent.
  • WordPress sites around the world publish over 24 posts per second. This is measured by sites that are part of the WordPress network (meaning sites hosted either on WordPress.com or externally-hosted WordPress sites that have the Jetpack plugin installed).
  • WordPress sites receive 22.17 billion monthly page views (just within WordPress network). That’s three times as many as people on Earth.
  • There are 2.7 million global monthly Google searches for “WordPress.” This does not take into account people looking for “WordPress templates,” “WordPress plugins,” and other WordPress-centric information or under the abbreviation WP. Google Trends sees WordPress 5.5 times more popular than Joomla and almost nine times more in demand than Drupal.
  • WordPress 4.6, its latest version as of the end of 2016, has been downloaded 21.7 million times.
  • There are 72 translations of WordPress. In 2014, non-English downloads already surpassed English downloads. You can set your WordPress dashboard to (almost) any language you like.
  • There are more than 47,000 WordPress plugins. One of the main reasons WordPress is ahead of many other web platforms is its extendability. Plugins are available for all means and purposes.
  • The WordPress development community is steadily growing. There were 89 WordCamps, locally organized events for developers and users, in 34 countries with more than 21,000 participants in 2015.
  • WordPress is most popular with businesses versus news sites. Among the top one million websites in the world, the lion’s share of those powered by WordPress are related to business.

We’re closing in on one big giant when it comes to websites and CMS’s, something law firms and legal marketers will want to consider in their long term planning.

A couple months ago, a marketing consultant to a major law firm pooh-poohed my suggestion on Facebook that he consider WordPress for the law firm’s digital publishing needs.

He called WordPress simplistic publishing software used only for blogs that’s inherently insecure and innapropriate for a major law firm.

Well, according to Nelio Software, 62 percent of the 100 fast growing companies in the United States (@inc5000) are using WordPress to power their sites. This is up more than 20 percent from just a year ago.

We’re talking well beyond do it yourself here. Whether blog, website or application we’re talking about sites developed by experienced WordPress developers versus something set up with WordPress off the shelf.

From Marie Dodson (@Mdodson12) of Torque Magazine, my source:

From ecommerce and apps to business websites, personal blogs and beyond, WordPress powers online experiences for startups and enterprise companies alike.


It’s quite clear that WordPress has in many ways broken free of the “just for blogging” stereotype, which can be seen by the fact that 27 percent of all websites use the CMS to power their websites.

While WordPress is still a leading choice for bloggers, it’s also become the solution of choice for brands like Mercedes Benz, Samsung, Nikon, NASA, and more.In recent years, open source has taken the internet by storm. In fact, companies like Microsoft, Google, Tesla, and even the US government have embraced open source as part of their digital practices.

Perhaps the biggest reason for WordPress’s growth is the fact that it’s open-source software. Per Dodson:

[O]pen-source foundation has positioned it at the cutting-edge when it comes to innovation. For example, when Google Glass launched in 2014, the very next day there were plugins already available, which enabled users to leverage and integrate the new technology with their sites.

Compare this to proprietary or closed solutions, where this process is often long and grueling. Open source software is more customizable, scalable and agile, which is invaluable in today’s era where businesses need to move faster to stay competitive.

Open-source software benefits from the collective knowledge and collaborative work of over a hundred thousand developers worldwide, in the case if WordPress. Proprietary software can simply not keep up with the speed of improvements being done of open-source.

Law firms often turn to proprietary software for their websites, blogs, micro-sites and other digital publishing. Doing so they could be vendor-locking themselves into often outdated/expansive software and limited and expensive future upgrades.

LexBlog moved to WordPress years ago. I am glad we did.

We’ve been able to develop a software as a service business empowered by a custom WordPress solution that provides law firms with a better, faster and cheaper product. A product on which we can push regular upgrades and feature enhancements.

This would have been impossible without open-source and WordPress.

After talking with Matt Mullenweg, co-founder of WordPress, a summer ago, I walked away thinking this guy sees WordPress dominating website development in the years ahead – growing from today’s 27% market share to 90%. It’s not that crazy — and we’re all likely to benefit as a result.

Are your law firm’s blogs running on a proprietary CMS (Content Management System), or for that matter matter, any CMS other than WordPress? If so, you may want to think again.

Marie Dodson (@Mdodson12) reports for Torque that Microsoft just migrated 20,000 blogs with more than 1 million posts and 1.2 million comments off its own proprietary content management system to WordPress. Most of the blogs were running on the same proprietary ASP.NET and SQL Server based CMS.

The result?

  • Sites have experienced an uptick in speed
  • Major SEO improvements
  • Improved site navigation on desktop and mobile browsers

Brian Messenlehner (@bmess), head of WebDevStudios, which worked with Microsoft on the blog migration, told Dodson that as part of Microsoft’s push into Open Source Software, versus proprietary/closed systems, they researched the best CMS to use and decided on WordPress.

You’d think that the largest software company in the world use their own publishing technology to run all of their websites, but like a lot of other companies they wanted to save time and money by going Open Source.

The adoption of Open Source software for publishing, with WordPress leading the way, isn’t going to slow down any time soon, per Dodson.

It’s free, flexible, and easy to use, maintain, and update. It provides companies with the agility to move faster without breaking the bank.

Per Messenlehner, it makes little sense for a company to continue to publish on proprietary software.

Lots of enterprise companies still pay a lot of money with licensing fees and maintenance on outdated proprietary software. These companies could dramatically cut their costs by switching to an open-source solution like WordPress.

Law firms do continue to publish on outmoded publishing software for blogs and other content, all of which could — and probably should be published on WordPress.

In addition, website development companies and consultants are advising law firms to use an underperforming and expensive proprietary CMS. In many cases, a CMS that the website development company built and that is exclusively maintained by the company — things which increase short and long term costs and limit innovation.

Look at Microsoft. An Open Source CMS, probably WordPress, is likely the best publishing software for your law firm.

In an ABA Benchmark Study on Law Firm Website Costs, Legal marketer, Conrad Saam reports that “WordPress has become the de facto website platform for most commercial websites.”

Saam’s right. WordPress for so many reasons has become of the software of record for publishing. Whether it’s a law firm website, a blog, or good portions of the New York Times, WordPress is the right fit. Commentary that WordPress is only for blogs and is inherently insecure come from the unknowing.

But I don’t agree with Saam in his comment that those software and development companies charging law firms ongoing subscription fees for WordPress sites are reaping pure profit after they’ve recouped their initial costs. At least not in the case of the good companies.

Any law firm using WordPress for publishing, whether for a website, blog, micro-site, magazine, or whatever, needs to be paying for upgrades and feature enhancements. Ideally they’d be working with a company doing research and development so that the law firm is receiving never ending improvements to their publishing platform.

Think about it this way, says Mike Duncan, CEO of the marketing agency, Sage Island, in a story in Wilmington Business Insights:

You buy an awesome new car, one with a killer paint job, leather seats and a state-of-the-art sound system. That car is your baby and because you want it to last a long time, you take care of it with regular oil changes, repairs and weekends spent waxing it until it shines. Well, your website is the same way. No matter how good it looks, there’s a back end, much like the engine of a car, that needs to be serviced regularly. If you fail to take care of your website, you’ll quickly run it into the ground.

You need to on the latest version of WordPress for any number of reasons, per Duncan.

  • Security. WordPress is immensely popular, which makes it a target for hackers and data thieves. By updating to the latest version, you’re able to reconcile known security vulnerabilities. If you ignore the updates, you’re putting your website – and your business – at risk.
  • New Features. Each WordPress release comes with new features and improvements. Taking advantage of these features is an easy way to improve the users’ experience and keep your site looking and feeling modern and relevant. It sends the right message to your clients, and shows them that you care enough to offer them the best experience possible.
  • Speed. Faster is better, especially online. Each WordPress update improves the speed of your website, which is a huge factor in SEO. If you don’t update WordPress, it could take minutes for a simple page to load, and today’s online user doesn’t have the patience to wait that long, nor should they.
  • Bug Fixes. Nobody’s perfect, not even WordPress. The platform is, however, constantly improving. In fact, any issues you experience on your website can usually be solved by updating WordPress, as each new release fixes bugs that managed to slip in. If you don’t update your site, these fixes won’t be available.

Beyond these reasons, you have feature enhancements that ought to be regularly added. There are constant and never ending improvements that can and should be made to a publishing platform that go beyond core WordPress upgrades.

There are unique publishing, education and support features sought by law firms. This requires ongoing research, development, testing and regular upgrades to those features.

A law firm would never use software that is not regularly updated. Unfortunately, law firms often only look for upgrades to websites and blogs when they are looking for an updated design.

But design is only the surface. Launching a nice looking design on an outdated version of WordPress with outdated plugins, which version and plugins are only getting more outdated over time is fraught with peril and something that can easily be avoided.

Moving from an agency model to a publishing software business model has enabled us to focus on our underlying publishing platform built on WordPress. Like other SaaS providers, it’s enabled us to provide law firms and other professional services firms with a publishing platform that’s better, faster and cheaper.

So, yes, do pay for regular upgrades and feature enhancements. But me smart in the way you do so. It need not cost a lot and probably ought to be paid on a monthly or annual subscription.

Image courtesy of Flickr by Cristian Labarca 


For law firms and other professional services firms concerned about security issues with WordPress, check out the post WordPress co-founder, Matt Mullenweg (@photomatt) shared last week about banks using WordPress for their websites.

…[T]here’s probably not a ton of benefit to having the online banking / billpay / etc portion of a bank’s website on WordPress, however there is no reason you couldn’t run the front-end and marketing side of the site on WordPress, and in fact you’d be leveraging WordPress’ strength as a content management platform that is flexible, customizable, and easy to update and maintain.

For an example of a beautiful, responsive banking website built on WordPress, Mullenweg says to check out Gateway Bank of Mesa.

Commentators to Mullenweg’s post shared that Southern Bancorp, Vantage West Credit Union, Tucson Federal Credit Union, Cornerstone Financial Credit Union, Lake City Bank , Middelfart Sparekasse in Denmark, and Oaken Financial in Canada are all running WordPress.

It’s not only banks running WordPress. Facebook, SAP, Glenn Greenwald’s The Intercept, eBay, McAfee, Sophos, GNOME, Mozilla, MIT, Reuters, CNN, Google Ventures and NASA are all running WordPress.

Security concerns? From Mullenweg:

  1. Make sure you’re on the latest version of WordPress and the plugins you run. Update each as soon as new versions become available.
  2. Use strong passwords for all user accounts or restrict logged-in users to a certain IP range (as if behind a VPN).
  3. Make sure you or your web host stay up-to-date for everything in your stack as well from the OS on up. Most modern WordPress hosts handle this (and updates) for you.

Mullenweg adds you could always run your site on WordPress.com VIP which runs some of the top websites in the world, a service of Automatic of which Mullenweg is the CEO and founder. In the law, you can run your blog and media sites with WordPress based, LexBlog, offering solid development, support and hosting for law firms, large and small, world-wide.

No doubt that organizations (including law firms – large and small) get into problems running WordPress when they set it up and maintain it in a suboptimal fashion. From Mullenweg:

…[But the same could be said of Linux, Apache, MySQL, Node, Rails, Java, or any widely-used software. It is possible and actually not that hard to run WordPress in a way that is secure enough for a bank, government site, media site, or anything.

I share word of WordPress running secure sites for larger organizations with you for a number reasons.

  • WordPress is a powerful effective CMS systems for law firm websites and blogs that can be very extensible.
  • The cost of using WordPress is likely to be far less then sophisticated CMS solutions, both in original development and support over the long haul.
  • WordPress is open source. With hundreds of thousands of developers, innovation will far surpass that with proprietary CMS. Integration with other solutions and systems you will want to integrate into your site will be much easier.
  • With more companies offering WordPress development, hosting and support than proprietary CMS solutions it will be much less costly to move to a new site at a later date.

Here’s a few more comments on the power of WordPress for sophisticated sites from commentators on Mullenweg’s post.

  • From Spain, we have developed WordPress sites for a national bank, a very important clothing brand and also a big Business School. Large organizations have historically signed expensive IT contracts to get a website using a custom and complex CMS so they are mow slow to use WordPress.
  • The issue isn’t whether WordPress is a appropriate platform for building a banking site — it is — but whether or not the person asking the question can muster the expertise and resources to do it successfully.
  • From Sweden, we have built a bank site on WordPress and would build a new web solution for a bank today on WordPress without blinking. It is hugely affordable solution. Customers’ money should not be wasted on CMS solutions that cost huge sums. On WordPress you can build a more modern and future proof solution for a tenth of the total of other CMS systems.
  • Many banks are using custom content management systems that are full of security bugs. An obvious advantage that WordPress has over a custom CMS is that it is probed, prodded and tested by thousands of developers and security professionals. There are bugs in WordPress core and plugins but they are found and fixed quickly.

The LexBlog Network doubled down on WordPress over the last year with a significant investment in our WordPress install and hosting solution serving law firms and other professional services firms. We know that using WordPress — correctly – offers our members an optimal experience at a reasonable price.

Matt Mullenweg (@photomatt), co-founder of WordPress, used to say WordPress is democratizing publishing. Mullenweg now describes WordPress as democratizing publishing and development.

Rather than WordPress serving as just a powerful content management system, WordPress is becoming an application development framework. WordPress will serve as a platform enabling developers to build whatever they need in order to deliver media.

A perfect example is StoryCorps, an organization that aims “to provide people of all backgrounds and beliefs with the opportunity to record, share and preserve the stories of our lives.” Featured stories will be broadcast nationally on NPR.

Per a recent post by WordPress developer and writer, Brian Krogsgard (@Krogsgard) on how StoryCorps uses WordPress:

The latest initiative for creating ways for people to share their story is via StoryCorps.me, a website and companion apps that make it easy for anyone with a smartphone to record an interview and publish it.

StoryCorps.me is built on WordPress, and utilizes the WordPress REST API to enable access to a customized content architecture. The StoryCorps app utilizes the API to consume data and publish stories from the app back to the website.

Jared Sulzdorf (@j_sulz), LexBlog’s Product Manager, shared word of Krogsgard’s post with me because of LexBlog’s current use of WordPress as a publishing platform and impending use of WordPress as a development platform.

Jared explained he’s excited about WordPress’ serving as development platform for any number of reasons, including the following examples.

  • WordPress is developing a very interesting API that turns what has historically been “just” a content management system into a framework for developing on any platform – be it a browser or phone. Moving it well beyond a blogging platform.
  • The API opens things up for deep integration with other bits of software (think about sending blog data back into Salesforce for example) and some really interesting opportunities for plugin development (a true aggregation engine for LXBN comes to mind – one that could power network sites).
  • Building a mobile app on WordPress is an amazing concept. Imagine a podcasting app that lets you interview someone, jot down a few notes, and publish a post on your blog all in one interface, without having to log in and out of twenty different services. The same goes for shooting a video. That’s the sort of world that we could be moving into with WordPress as it matures.

For you as a law firm, other professional services firm, citizen journalist or publisher this progression of WordPress is an exciting development. Companies such as a LexBlog can develop and put in your hands easy to use and effective publishing and media solutions enabling you to publish or cover events like never before.

Rather than relying on traditional media and legacy publishers to get your insight or story out, WordPress has democratized the opportunity for you to do so directly. You’ll be able to do so because WordPress has democratized the ability of companies like LexBlog to develop applications and solutions.

Image courtesy of Flickr by Tom Woodward

Don’t tell my lawyers how to develop a strategy for blogging or how to blog, can’t you take one of our pdf newsletters and get it on blog software? Right now there are 600 loyal subscribers to the newsletter published by a renowned niche focused lawyer. This from a CMO with a large law firm over lunch last week.

The CMO believed there were far more people interested in the content than just the subscribers. The content could not be found on a Google search. The content was not sharable on social media. There was no RSS feed for news aggregators.

All of this and the email newsletter took a month to get out and took time to edit and format. Plus it did not look very good.

The CMO just wanted to know if the content could be regularly published to a blog. The answer is yes, and at a lower cost when factoring emoployee time in formating and sending pdf’s each month.

Eleven years ago when I founded LexBlog, I scoured law firm websites looking for firms who used their intellectual capital for marketing. I ranked the firms from one to five based on the amount of alerts, email newsletters, articles and white-papers they published and distributed by email.

The fours and fives, the ones with the most content being shared, I contacted and asked if they’d like to see a better way to publish and distribute content and save money in the process.

It was a blog I was proposing, though it was a rare legal professional who ever heard of a blog. Frankly, I didn’t care.

It was easier from an ethics and liability standpoint to say this was a powerful content management solution than to describe it as a blog. If general counsel at the firm heard the firm was going to blog, the answer would be no way.

Fast forward eleven years and blog software, especially WordPress, arguably remains the most effective content management solution for law firm content.

  • Eloquent custom designed mobile enabled website for each topic branded to complement the firm website.
  • Content published when ready to go, especially important when there are breaking legal developments.
  • Content easily published by law firm administrators with no graphics nor publishing experience.
  • Content distributed by custom designed email complementing the site and law firm website.
  • All content archived in one website reached via a browser and fully searchable.
  • All content search engine optimized so readily found on a Google search.
  • Content syndicated via RSS to Feedly, Flipboard and other news aggregators.
  • Content shareable to social networks including Twitter, LinkedIn and Facebook.
  • Content publishing solution regularly updated by developer and host – not the law firm.
  • If desired, content titles could be displayed on lawyer bio pages and practice area pages on law firm website with links back to the content.

That’s a big time advantage over newsletters, alerts and articles distributed by email. Further reach. Cost savings. Ready publishing and delivery.

All on a blog software.

Call or email me if you want to learn more. I’ll share with you what I shared with law firms in 2004.

Image courtesy of Flickr by Dennis Skley

Anyone running a large scale blog publishing platform with thousands of authors will tell you that it is no trivial matter.

Especially so when the authors include lawyers from leading law firms, large and small, from around the world. Stability, security, and performance are a must.

For the last three or four months, LexBlog’s product and technology teams have been working on a major upgrade to our platform. An upgrade that will enable iterative upgrades and regular feature additions.

Sitting in a products’ meeting today I was happy to hear that we’ll be rolling out the upgrades on or before schedule in early February.

Improvements and upgrades include:

  • Much improved speed for better user experience for authors and readers.
  • Responsive and flexible publishing dashboard which will enable authors to publish from any mobile device, in addition to their desktops. I love that as I publish on my iPad and edit on my iPhone.
  • Much improved search so that authors and readers can easily find what they are looking for on individual blogs.
  • Increased stability and security, brought about through a number of items, including developing our own plugins and using an optimum hosting environment.
  • Various features requested by our law firm network members.

LexBlog’s publishing platform is a custom developed platform designed to meet the needs of professionals. We use WordPress as our “core” software, but from that base everything is customized for stability, security, and performance — as well as the features lawyers and other professionals require.

Working with lawyers on blogging longer than anyone in the industry (ten plus years) has enabled our products’ team to have as much knowledge as anyone in knowing what it takes to deliver an optimum blog publishing platform. It requires a happy medium of what law firms want while knowing what works best.

Law firms could decide to run a WordPress blog platform on their own or have website developers who have not been working with WordPress for professionals for years. We’re finding, as I have blogged before, here and here, that law firms do not want to assume the risks.

Keeping a self operated WordPress blog platform has proven to be a real challenge for everyone, including law firms. Less than 20% of WordPress sites are up to date. Nearly 86 percent of all WordPress installations are vulnerable to a recently discovered security flaw. Both leave blogs susceptible to being hacked and raise other security concerns.

I’m excited about rolling out these upgrades to our network members. I’m also excited about the continuing commitment we’re making to technology and development. It’s going to give LexBlog an edge in the market place and deliver our clients the best professional blog publishing platform in the business.

Image courtesy of Flickr by daily sunny

That’s the word from long time tech expert and contributing ZDNet editor, Larry Seltzer (@lseltzer), writing that unmanaged WordPress is not worth the risk or trouble.

For some time WordPress, the popular blogging platform, has been one of the major attack target platforms on the web. A compromised site can deliver malware to users and be used to sell illicit goods, among other nefarious uses. Some users are better-protected against these attacks than others and I would argue that managed WordPress hosting is the only way to go, unless you plan to keep a close eye on the WordPress security scene and actively manage your own site.

This is yet another example of a general truism of security: You’re better off, to the extent possible, to hire an expert to do your security work for you. Doing security is a major part of what managed WordPress hosting services do.

Organizations, law firms included, wishing to lead with thought leadership for business development, are regular users of WordPress. The larger organizations and law firms with good tech teams are very capable of setting up WordPress sites and blogs.

Ironically, the thing that attracts them to WordPress is what can get them and their organization in trouble – ease of use and flexibility through countless plugins.

The end result of this situation is that if you get careless or promiscuous with your WordPress plugins, it’s not unlikely that a vulnerability will emerge in one of them. You may not know, but attackers will.

A managed service will be far more on top of these things than you are likely to. A really strict managed service like WordPress.com will prevent many, and probably close to all, such attacks by limiting the plugins and themes you can use and rapidly updating what they support.

Even guys like Larry Seltzer, a widely recognized technology analyst and consultant, are no longer setting up and managing WordPress in hosting environments they manage.

I used to run my own web servers and host them manage every stupid little detail of them. I gave that up long ago just because I thought I was wasting my time, but security is an even bigger imperative. Many WordPress sites belong to people who don’t know jack about computers, let along web site administration. These users are much better off with a WordPress environment in which their options are limited, but their safety protected.

LexBlog’s single biggest investment now is ongoing development of a expert-managed WordPress hosting environment where we can update WordPress and select plugins on a proactive basis for law firms and professional service firms blogging and publishing to demonstrate their expertise.

We believe it will be of significant value to law firms and other professional firms who do not wish to assume the risk of a self managed WordPress hosting environment on their servers or on servers operated by a third party without dedicated WordPress expertise.

Pundits have made it sound easy to set up and operate WordPress blogs. So much so that law firm technology professionals are now assuming known and unknown risks by running multiple blogs with tens or hundreds of lawyer authors being read by a sophisticated audience.

But operating WordPress sites does have risks. Jeffrey Roman (@gen_sec), writing for Bank Info Security, reports on the latest WordPress security issue which can enable anonymous users to compromise a WordPress site.

We’re not talking a few sites. Nearly 86 percent of all WordPress installations, or about 75 million, are vulnerable to this security flaw.

Nor are security issues effecting only sites dealing with unsophisticated matters. This latest flaw comes just weeks after attackers targeted WordPress sites to install malicious code to intercept up to 800,000 banking credentials.

Jouko Pynnonen of the Finnish IT company Klikki Oy, who discovered this latest flaw, explains how sites are attacked.

Program code injected in comments would be inadvertently executed in the blog administrator’s Web browser when they view the comment. The rogue code could then perform administrative operations by covertly taking over the administrator account.

Those operations include creating a new administrator account, changing the current administrator password and executing attacker-supplied PHP code on the server. This grants the attacker operating system level access on the server hosting WordPress.

JD Sherry (@jdsherry), vice president of technology and solutions at Trend Micro, told Roman why remote code injection vulnerabilities are “extremely concerning.”

…[T]hey can immediately elevate permissions for the attacker to not only gain control of the WordPress application and content, but possibly the entire server.

Of course WordPress is an excellent content management system. WordPress is powering almost 25% of websites in the world. Law firms running WordPress just assume the risk of addressing security flaws.

For example, the latest flaw does not affect sites running WordPress 4.0. But most firms are not yet running 4.0 and cannot easily upgrade to 4.0 because of the numerous plug-ins the firm has incorporated for lawyers over the years.

Another way to avoid the risk from the current flaw includes deactivating, or never having used, the part of WordPress with the vulnerability. In this case, WordPress comments, and going to a comment such as Disqus. Not a trivial correction in the case of multiple blogs on separate installs.

My point is not to discuss technology, security vulnerabilities, and corrective action. I am not a technologist.

My point is that law firms assume known and unknown risks in developing and running their own WordPress operations. Risks in damage to their own blogs, and possibly worse yet, being a host spreading malware to third party sites.

Unfortunately, risks will only increase with more complex sites and the popularity of WordPress for attackers.