Laravel vs Wordpress - Which System to Choose for E-Commerce?

Published December 21, 2019 • 18 mins read


Complexity, Speed, Security and E-Commerce — How to Choose Between a Framework and CMS

Written Oct. 30th, by Erik Bonsaksen


Imagine this: Petra is a potential client wondering if you could build her a new website. She is an aspiring self-made entrepreneur having already gained traction selling her own line of retro flip flops made out of reused, organic hemp. Now she wants to expand to new markets, increase traffic and expand her collection. She also want to manage her growing community of hemp lovers and create a user system where they can track their carbon footprint and upload insta-moments.


She've heard about Wordpress from friends, how easy it is to set up get started, but her entrepreneur-ego whisper into her ear that it would be more cool to build something from scratch. Now she's at your doorstep and demanding your opinion.


Like any project, it boils down to project size, time and not the least budget. Based on this, you have the choice to build a website from scratch, semi-scratch through development frameworks or use a Content Management System (CMS). Realistically, if she wants a website before the south pole melt, a framework or CMS (I will not even consider a website builder, yuck) would be most sensible to consider.


So what is the options here? Many, but I would consider:

  • Laravel
  • Wordpress


Petra is intrigued, but why on earth would she consider a framework when a CMS can get up and running in no time? To answer this it would be fruitful to compare the systems, but is it doable to lump together "frameworks" under one umbrella and compare them to all CMS for a fair analysis? Let me give the short answer to this: nein. It's a horrible idea and futile, therefore the perfect foundation to continue this article.


Framework vs CMS

Before you read on, are you even sure what a framework or CMS is? If not then read the definition about development frameworks here and about CMS there. Furthermore, also make sure you know the difference between a back-end and front-end frameworks.



Need some examples? See a list of common frameworks here:

  • Laravel | Back-end
  • Ruby on rails | Back-end
  • Django | Back-end
  • React.js | Front-end
  • Angular | Front-end
  • vue.js | Front-end


See some examples of common CMS platforms used for e-commerce:

  • Wordpress
  • Magento
  • Shopify
  • Wix
  • Episerver


In short, a framework is a programming structure to develop a web application using pre-written code, and usually require programming skills. CMS is just that, a web application for managing digital content, built on top of an underlying framework. It enables users to install pre-built themes, plugins, etc. without effecting the essential functionality of the site. CMS typically doesn’t require any coding knowledge since it is based on installable modules that don’t touch the original code.


In essence, these two systems are fundamentally different and it would be like comparing a frozen pizza with a cookbook - one gives you the tools to build it from scratch, preferably to enhance the gastronomic experience, but require more time to make. Both appease your hunger.


With a framework you can basically create every functionality exisiting in all CMS, but it's complex and require more coding knowledge. A CMS on the other hand is relatively easy to set up and publish, and with a pre-made backend and plugin archive you can hand it over to a client pretty fast, and it's plug n play to get some products live and ready for exposure. The downside is that if you want a feature outside the box with no existing plugins, you would need developer help anyway. If one also require a complex e-commerce setup, one would need to consider a CMS platform or plugin that is not necessarly open source, or cost money to unlock premium functionality. For reference, I've made a simplified list of common CMS solutions for e-commerce:


Platform Learning curve Pricing
Wordpress Medium Free (few plugins cost money)
Magento Medium Priced (most plugins cost money)
Shopify Low Priced (few plugins cost money)
Wix Low Priced (few plugins cost money)
Episerver Medium Priced (few plugins cost money)



However, if Petra came to you and you started to elaborate on the nyanses of the different systems, you'll probably lose her interest faster than lightning. It would therefore be better if you presented them as different solutions with all ins and outs contemplated. To the client, which solution would be best suited for e-commerce?


I, the author, is a PHP developer, and while there's an abundance of great frameworks built on languages such as python, ruby and java, my great fictional friend Petra fortunately came to me. For this reason, I've chosen two PHP systems: Laravel and Wordpress. Laravel framework for it's flexibility, scalability and smooth code base, and since it's adoption in development projects has escalated most among all PHP frameworks from it's interception.


For CMS, I'll go for Wordpress since it's by far the largest platform for websites on the internet. Actually, it has 58% of the CMS marketshare, and power approximately 34% of all websites in the world. Not bad, and if search trends are compared to Laravel it's definitely miles ahead as of 2019, but the latter is still gaining positioning as the time pass by.


Moving on, I will split the analysis into Complexity, Speed, Security, which is among the core pilars for any web application, and finally look into how they fare as an e-commerce platform.


Laravel vs Wordpress

Let's first look at the core technical differences:

Platform Laravel Wordpress
Category Web application framework Content Management System (CMS)
Development principles Convention over configuration, Test-driven development, Don't repeat yourself Configuration over convention
Design pattern Active-Record, Model-View-Controller, Dependency injection, Observer, Singleton, Event-Driven, MTV, Factory, RESTfull, Facade Procedural, Hooking, Event-Driven
Database cassandra, MySQL, PostgreSQL, Redis, MongoDB MySQL, MariaDB
Tag MVC, Dependency Injection, Namespaces Blog, Software, CMS
Difficulty level Master, Advanced, Intermediate Beginner



Complexity


Wordpress is pre-built, but offers customizable themes you can use and adjust to your own needs. A large library of 50.000+ plugins serve the purpose to help make a richer user experience and better content management. Anyone can write any content and publish it for free and quickly, but complex adjustments still require developer resources, and you need to understand and adhere to the Wordpress structure, such as The Loop.


Laravel provides various features and reusable code, mainly to automatically solve complex tasks that arise during the website development process, such as authentication, verification and data management. It has a steep learning curve, but is thereby flexible to build most applications you require. By comparison to Wordpress, it's way, way better for database and API management, and it's super compatible with front-end frameworks such as vue.js. The latter is key if you want to build complex user interfaces, want all changes to happen in front-end so users don't need reload a page after every interaction or build Single Page Applications (SPA). This makes all types of design features possible in Laravel. If you also combine it with a CSS frameworks such as Tailwind together with Blade – Laravel's powerful and fully featured template engine, one can easily replicate any website or Wordpress theme.


Wordpress could be a go-to platform for your next project if you are:

  • Creating a content-based website – blog, media portal, online portfolio, etc.
  • Developing a quality website within a short time period
  • Building a custom-made website if you or your client does not possess strong technical skills
  • Making an e-commerce shop for a small to medium sized product portfolio



Laravel might be your first choice if you are:

  • Building a data-based website – booking service, project management app, payment gateway, etc.
  • Developing a custom-made web application with complex features, perhaps not available through plugins
  • Creating a large-scale e-commerce solution
  • Wanting to have full control and avoid bloated code base


Be aware: going for Laravel you would as a developer need to understand object-oriented PHP, SQL and the finesse of Laravel frameworld itself. For cool features, you probably would do good to understand JavaScript libraries such as vue.js and CSS SaaS. However, if you already are a seasoned Wordpress developer you're probably already familiar with PHP, and the transition into Laravel would be less challenging. 


Speaking of transition, the reason Laravel often show up as an alternative to Wordpress is due to projects reaching a certain level of complexity. Here's some nice quotes from a developer perspective, reflecting the typical reasoning for why one would migrate from Wordpress to Laravel:


Gravy: «I am moving my website from Wordpress to Laravel as the website has moved away from being a blog and requires more enterprise and custom functionality. The website has outgrown Wordpress».


Masiorama: «After months developing and using Wordpress-based solutions for my clients I noticed that the start of every single project was very fast (easy to install, lots of materials available for free or cheap) and satisfactory enough, but the hell arrived each time there were some more-than-little modifications (logic and design). Using a framework with a pattern like MVC may be more difficult at the beginning, but to write, debug, and organize your code is far more fluid and satisfactory, on the long run. Even a module (CMS) can be easily extended or rewritten with lesser effort than packed CMS solutions like Wordpress».


Wordpress is open source, so you can’t just contact customer service and get help - nobody owns it! You therefore need to Google your way out of issues through the community or get help from a developer. A common obstacle is when you want to customize your website's design. Say you want to change header image location, then you need to change the actual code of the theme you’re using. There's no escaping some knowledge of HTML/CSS/PHP. On the other hand, you'll cope if you're satisfied with how the theme already look. And of course it's great to have a ready-made back-end from the get-go.


To a certain agree, research seems to favour Wordpress for smaller projects, but when the time is right to scale it into a website with 50K+ users a month, it can become a mess. It was originally designed to be a system to manage content such as newspapers and blogs, not to sustain complex applications. It tends to lock developers into opinionated MYSQL schema for the majority of the most important tables. Once you need to do some heavy lifting, such as user-based actions such as registrations, upload content, payment history etc, a framework is more flexible. It is possible to attain in Wordpress as well, but it might be harder to maintain; you're attached to the plugins and their structure and updates.


Conclusion: In the end, the choice between Wordpress or Laravel for Petra boils down to project size and service complexity she wants her website to offer. If she have few products, want it fast and is only going to update content, Wordpress would be an ideal option. Does she expect a large amount of users, wants to have full control of design and have user-based features or functionality never seen before, Laravel is her friend.


Speed


Speed is key, especially for e-commerce. It has direct influence on user behavior and conversion rates, and is even a factor on how your page is ranking well in search engines. A golden rule fronted by Google is that pages should not require more than 3 seconds to load, as abandonment rate among site visits increase dramatically above this limit. For organic traffic, it can also make Google look unfavourably on your website in terms of indexing.


To measure how fast a website is, one need to consider everything - from server to user, and this is what we call Browser page load time. It's what a user perceives when browsing a page, and can be cut down to four sequential time phases: 

  • Web application: The time spent by the server building the page we are requesting
  • Network: The Network layer includes time spent in redirects as well as in requesting and receiving the requested web page
  • DOM processing: The time it takes to parse the HTML into a DOM and retrieve and execute synchronous scripts
  • Page rendering: This phase measures browser-side processing of the page content, and often includes time for scripts and static assets to load


Network, ping and hosting quality are probably among the most important factors for site speed, but it falls outside the scope of structural comparison between CMS and frameworks since it depends on location and how powerful your hosting service and server is. (Although both Wordpress and Laravel has multiple plugins and packages which mediate setup of CDN services).


Looking instead on code quality: bad code takes longer to process. If unoptimised, it may be a lot more memory-intensive. A wall of code can take more time to download, be hard-to-maintain and generally make your project into a textual hell-scape. Packages and plugins may insert code in different styles and methodologies that may eventually stockpile. Each resource — an image, a video or a script, will increase the amount of website requests which combined will increase loading time.


Laravel framework itself is written in clean and efficient code, making the vary foundation quicker and faster. On top of that, using cache services such as Redis and proper use of Eloquent database queries can make your project into a real speedy gonzales. So while Laravel handles large databases and complex SQL queries efficiently, Wordpress easily ends up with too many queries on a product page template that to even start optimising can be a nightmare.


Criticism of Laravel is that it's rich variety of features and dependencies makes the core structure heavy, and then again slower than other PHP frameworks:


Source: Coders Eye


It is indeed a comprehensive framework, but that's also what makes it attractive. Each framework from the list above can also be argued to be divided independent libraries, full-fledged PHP frameworks for web application and micro frameworks suitable for building RESTful APIs or basic web-apps. Laravel comes with tons of features such as Blade templating engine, unit testing, ORM, hassle-free routing, optimised database query system and last but not least - great documentation. Assets perhaps vital in all web development projects. 


PHP itself has also experienced some improvements lately. Version 7 has in term of performance been benchmarked to be insanly faster than it's predecessor PHP 5.6:


Source: Kinsta


Wordpress, sitting on the other side of the fence, already has a bad reputation of begin slow, though many power users vouch it only boils down to adjusting the right dials. One troublesome benefactor to speed it plugins. Or rather, the amount of plugins, how they affect each other or how one poorly written badboy can make throw the browser into a mud.


If strongly coded plugins is utilised the performance of Wordpress can become quite fast. Some plugins are even considered mandatory for every project. One of these are all-in-one caching solutions WP Super Cache, or an image optimiser such as reSmush.it for product heavy sites. Unfortunately, these and many other quality plugins require a paid subscription to access premium functionality or increase the limit of tasks.


A quick Google search reveal common annoyances among Wordpress developers, despite the possibilities for speed optimisation:

  • With each functionality rework, the website will run slower and slower.
  • The CMS provides a lot of functionality that may not be required, but it needs to be taken into account in the future so that the site does not break. After a while, adding new functions can require more time because you need to think about how to provide functionality within the rules of this system.
  • There are always limits of customisation to any CMS, and it has plenty of JS code and styles which are not required or utilised. Unused code, or the loading order of it, can slow down your website.
  • Most CMSs are not optimised for high loads.


On a specific note, an encapsulation of common Wordpress speed performance struggles can be summarised as thus:


Milan Lesichkov: «I have moved several slow WordPress sites to Laravel. Speed improvement is about 700%. 10s (WordPress) - 1.5 s. (Laravel)».


Loading speed of any website greatly affects the user experience and SEO. Looking beside hosting, the structural core of Laravel and Wordpress can both facilitate speed optimisation. A common hurdle in Wordpress is that many custom styles and themes contain features that remain unused, making the code bloated so the processing is slowed down. Another stumbling block is that a project easily ends up with heaps of plugins. Combined, a few poorly written or perhaps two plugins don't talk together at all, the effect can lead to a sluggish experience. 


A scenario where you have a competent developer at hand (in this case, that would be me), this would be avoided. You would end up with clean plugins, proper cache setup, compressed images, adapted CSS load-order etc, and your speed performance would be first-class. If you only have a novice developer with little experience, Wordpress is easier to maintain and tweak.


If you anyway would hire a seasoned developer (again, that would be me), this dude/dudette could also optimise the Laravel project and lean on its smart functionality to ensure FTL loading time.


Conclusion: I think Petra would like a fast website. Both Laravel and Wordpress can be optimised for speed. Their differences would probably be evident when her platform would scale. Again it depends on how massive her plans is.


Security


Your website is the heart of your business brand, and letting numerical intruders into your establishment can compromise every speck of it. Threats come in many forms – malware to spread malware to site visitors, stealing personal customer information, credit card and other transaction information, adding the website to a botnet of infected sites or even hijacking or crashing the site.


Wordpress has been accused of being insecure due to the high amount of vulnerabilities continuously discovered, and Wordpress itself is even warning security issues may arise if "basic security precautions aren’t taken". This force site managers and developers to implement and keep plugins up to date to avoid exploits. Though all the libraries are developed by recognised development companies, at times hackers can hide suspicious code in plugins and themes. Another common way is to brute force your way into a FTP account by using combinations of different usernames and password.


Straight from the box, Laravel ships with features that make your project secure from default - a very handy place to start from. Security can be divided into two levels: application security and server security. Being a framework, Laravel only deals with application security as servers is another man's poison. It gives protection against common vulnerabilities such as SQL injection, cookie hijacking, CSRF attack, Mass Assignment attack and Cross-Site Scripting restricting unauthorised users, hash passwords for storage in database.Other security features are:

  • SQL injection
  • Cookie hijacking
  • CSRF attack
  • Mass Assignment attack
  • XSS Cross-Site Scripting


It also makes it easy to set up basic authentication and user authorisation, password storage through hashing, secure routing and API calls, features beneficial to keep that sensitive information for yourself. That being said, Laravel do have few known vulnerabilities, but with each new framework versions these are progressively addressed. So to keep a secure application, Laravel or not, one still need to write clean code and avoid certain mistakes, but the foundation and default setup is helping a lot.


In a new Wordpress project you would manually need to implement plugins and hacks to protect against malicious threats. This would include an evaluation of vulnerabilities of the theme and plugins that you would like in your application. Just get a quick search on Google show that some forgot this:


Vulnerabilities comes in many forms, but plugins seems to be a popular way to smugle a dirty piece of code inside Wordpress projects:


Source: The Stanfield Agency


For the sake of building an e-commerce site, let's have a look on two common plugins: Yoast and WooCommerce. Yoast with it's 5+ million userbase is not only the most popular SEO plugin, but the most popular plugin all-time on Wordpress. It's to be expected that some new vulnerabilities are discovered, but being so popular a breach could affect millions of sites.


There exists 10 known vulnerability warnings for Yoast SEO, with additional five affecting the Yoast team’s Google Analytics plugin. And new flaws occur regularly. Examples are new XSS discoveries from the end of 2017 and an authenticated race condition flaw from late 2018. Race condition vulnerability has the potential of allowing remote code execution based on the plugin’s setup. An issue fixed in Yoast SEO version 9.2, but as of October 2019 over 50% of the plugin’s userbase were still using old versions, from 9.1 or earlier.


Next plugin is WooCommerce, the leading e-commerce plugin on Wordpress with 4+ million active installations, bragging about powering 30% of all online stores on the netz. This fact also makes it a tempting target for hackers to find personal and payment data on their customers.


There's currently 19 vulnerability warnings dating back from 2014 on the WooCommerce plugin, in addition to multiple vulnerabilities from plugin extensions. Last year saw seven new vulnerabilities in the core WooCommerce plugin including XSS, deserialisation, injection and privilege escalation flaws. One issue, discovered in 2018, would allow anyone with ‘shop manager’ privilege to take complete control of a WooCommerce-powered site.


Conclusion: Petra would probably prefer not sharing payment information or who has spread most carbon emission, and Laravel is easy to set up for enhanced security. Same could be achieved for Wordpress with few security hacks, but a proper Laravel project is easier to get more secure without the need constant updates. It has built-in functions for encryption and protecting against common vulnerabilities, making life much easier.


E-commerce


Finally, how is each system qualified for e-commerce? In Wordpress, there are six to ten major e-commerce plugins that will convert your site into a platform where you can upload and list products, manage inventory and shipping, implement secure payments and sort taxes automatically.


One of the most popular e-commerce plugins for Wordpress are WooCommerce. With few clicks you can integrate it into any project without touching code. It helps you to customize store location, add categories and attributes to products and to enable sorting and filterings. The default look is also neat, pulsating this clean, stock-photo-ish vibe.


I've personally have a lot of experience with WooCommerce, it's valuable for websites small product portfolios With WordPress.com, you can change things in the body of your page (the middle part), but you don’t have direct access to the HTML source and sections of your page. You also don’t have access to the PHP files (the files that WordPress itself is made from) you would normally have access to on a self-hosted WordPress.org installation. What this also means is that you can’t add CSS or JavaScript links to your webpage as you normally would. It’s less customisable and you have less control, is what I’m trying to say.


One roadblock in comparing Laravel with any CMS is that the former can add any functionality present in the latter. Laravel is a framework, and in this one can create any feature one can wish for. While this is also true for CMS to some extent, one usually rely on open source and ready-made plugins to ensure proper SEO setup.


Wordpress has an easy SEO setup with plugins such as Yoast, helping with sitemap, friendly URLs and a system that help editing all SEO content elements. Laravel has the tools for similar SEO management and beyond, but it's not like Wordpress in installing a site-wide SEO plugin. However, if you develop well in Laravel all SEO aspects will be easy to update and maintain, and it's better when you have a technical implementation not available from out of the box in SEO plugins on Wordpress.


In Laravel, SEO needs to define its own routes and also it takes a lot of work to develop a website which relies mainly on content. While In WordPress, SEO can be done more efficiently by using plugins which help to reduce lots of effort and time to perform SEO for any websites.


It’s pretty irrelevant. Google does not care what technology you use in the background, they just look at the HTML you present them, and that is what is used to determine you on-site SEO quality.


The only thing I would say is that with Laravel, while it takes longer time to develop a site, you will have more control over it and with less overhead code, which means that it will be easier to optimise the site so that it loads faster, which is a big deal in SEO.


Conclusion


Laravel is a good future bet. It's not just a fully featured framework, but it's a comprehensive ecosystem with some of the best learning resources available. When you are familiar with the basic setup the development and deployment can go smooth as silk.


WordPress is a system for managing content. So if the project falls under the category of content-based portals such as a blog, newspaper, course or portfolio, Wordpress is a great choice. It doesn’t make sense to re-create with Laravel all great features of content management – there’s a whole lot of them under the hood: draft auto-saving, images gallery, tags/categories, etc.


On the other hand, if your project is full of user-based actions like registration, internal messages, upload content, voting, matching profiles, payment history and similar stuff – a custom framework-based code is much better. To be fair, all of that is POSSIBLE to achieve with WordPress and plugins, but for long-term projects it might be harder to maintain due to being attached to the plugins, their structure and update cycle (to avoid for instance security flaws).


Web development these days are not only about writing code, but also to re-using existing libraries without reinventing the wheel. If you get job done quicker with a help of plugin, then it’s profit for Petra and you as a developer.


 I would tell Petra to research for available plugins and packages on the market that would solve her problem and ask her to evaluate how much of the functionality can be done with them. If it turns out that Wordpress with plugins is she needs, then great, same goes for Laravel packages – they might save time.