Drag-and-Drop Website Builder vs. a Custom Site

web design

It has been a weird week for websites. I have been meaning to write about using a drag-and-drop website builder vs. a custom site for some time, and my experiences this week made now the time.

I have a number of clients that encountered website troubles recently, including one that was hacked.

Although I didn’t build the hacked site, it’s important to note that getting hacked doesn’t mean the web designer did something wrong. Hackers have a huge financial incentive to find vulnerabilities to exploit, and evidently, unlimited time on their hands. However, a poorly designed site or sloppy security practices do make it easier for these bad actors to exploit your site. So with that in mind, here are two areas I recommend focusing on to keep your site safe and secure.

Hackers Working Overtime

The web is a scary place right now. Starting last December, there was an uptick in the number of malicious attacks on small website sites. Commonly, hackers are exploiting vulnerabilities, adding themselves as a site admin, and writing malicious code that can cause problems or even lock you out of your site.

If you have an updated site with the latest security protocols enacted, you don’t need to worry. If your site infrastructure is old, or you have a vulnerable theme or plugin loaded on your site, you are basically leaving your door wide open and turning on a neon sign that says “Hackers Welcome.”

I could write 20 blogs on hardening your site against these kinds of attacks, but for now I want to focus on two areas: your web host and using.

#1 – Your Web Host

You may already know that when you build a website, you’re going to have to establish 3 main components:

  • The platform you choose to build on;
  • The domain host who supplies the URL you choose as an address; and
  • The web host who stores your database online.

So as an example, your platform could be (should be, in my opinion) WordPress, you might buy your URL from GoDaddy, and you may choose Site Ground as your web host. You would then have a login for each of these three companies. KEEP THESE LOGINS HANDY. I’ll get to why in a sec.

The Shopping Centre Metaphor

When explaining what these components do, I like to use the example of a shopping centre. If your website is your “store,” your domain is the store’s address, and your web host is the commercial landlord who leases you a space in their shopping centre.

Just like a landlord, your web host owns the physical server where the files that make up your website are stored. Just to make it all extra confusing, a web host and a domain host provide two different services, but you may occasionally get those services from the same company.

Make Sure You Have Access

You’re probably already familiar with how to log into your web platform, because that is how you make changes to your site. However, you would be surprised to learn just how many small business owners do not keep track of how to log in to their web host and their domain provider, or even who those companies are.

You need to keep track of all three, especially your host information.  If something goes wrong with your site, you (or someone on your team) will need to access your host account to sort it out. For this reason, it’s important to choose a web host that gives you control panel access and FTP access. These types of access allow you get into your site if something goes wrong, such as a hacker locking you out. So you can see why it’s a problem if you don’t hang onto your web host information, such as your user name and password. Without a backdoor into your website, security problems can be very hard to fix.

#2 – Drag-and-Drop Website Builder vs. a Custom Site

Even better than fixing a broken or hacked site is preventing a broken or hacked site. This is one reason I avoid drag-and-drop website builders like Beaver Builder, Elementor and WP Bakery if I can.

You will find many articles online (often from affiliates who get kickbacks from these companies) telling you web builders are great. Builders do allow anyone to create a nicely designed WordPress website without knowing any code. However, in my experience, drag-and-drop web builder tools cause more problems than they solve.

The drag-and-drop format puts extra code on your site that inevitably slows it down. The builder tools are more likely to conflict with other apps and plugins, which can break your entire site. They have to be updated regularly in order to remain secure, creating another layer of work and maintenance for your website, and sometimes the creators of these tools stop updating them, which leaves you wide open to hackers.

In articles about using a drag-and-drop website builders vs. custom sites, the pro-builder group likes to claim they’re the only way for non-developers to easily make changes, but this isn’t true. Our custom designed sites work with WordPress’s native editor, so anyone with the tech-savviness to post an update on Instagram or perform a Google search can also make basic changes to their site.

Before you commit to a drag-and-drop web builder, answer the following questions:

  1. Does the builder allow selective asset loading? A custom coded website will allow the site to load “the important stuff” first, which improves speed and bounce rate.
  2. Does the builder allow JavaScript and CSS customization? Many builders do not allow much control over how the site looks and operates, which impacts speed and security.
  3. How much code does the builder add? Most builders fold in what’s called “wrapper elements” which is the code needed to create a drag-and-drop experience. By eliminating these, your site is more secure and performs better.
  4. Does the builder use updated image formats? Best practice is for websites to use WebP or another updated format rather than .jpg, etc. Problem is, most of our photos are still in .jpg format. Websites should automatically update the format of images, and builders do not usually do this.
  5. Can a layperson update the site? The benefit of a web builder is that anyone can update the website. If this isn’t the case, why use a builder? It’s a myth that custom coded sites require a developer for updates. Your site can be custom build and still be set up for layperson updates, which is how we design them at Create That.

To recap, there is an increasing number of scumbags out there targeting weak spots in WordPress sites. Make sure you know how to access your web host just in case your site is targeted. And when considering a drag-and-drop builder vs. a custom site, avoid the builders. If you go with a custom site that you can make small updates to yourself, you get the best of both worlds: top-notch design and security, and cost-effective day-to-day management.

picture of author bridget brown