Skip to main content

Technical Debt in WordPress: The Hidden Cost of Cheap Development

Insight

Technical debt in WordPress — the hidden cost

The website nobody dares to touch

It cost NOK 15,000. The agency delivered in three weeks. Everyone was happy.

Six months later the contact form works intermittently. The site takes four seconds to load. Marketing wants to change a headline, but the developer says it'll take two days because "Elementor makes it difficult." And nobody remembers the password to the hosting account.

Sound familiar? Then you're sitting on technical debt.

What is technical debt?

Technical debt is shortcuts taken during development that create future costs. In WordPress, that means:

  • Off-the-shelf themes with code you'll never understand
  • Plugins that do half of what you need while loading 200 KB of JavaScript you don't
  • No version control — changes are made directly in production via FTP
  • No staging environment — you test in prod and hope for the best
  • No automated tests — you discover bugs when customers complain

The debt is invisible at first. The site works fine. But with every shortcut taken, the cost of making changes later increases. Eventually nobody dares update anything, because the risk of something breaking is too high.

The usual culprits

We've seen hundreds of WordPress sites with technical debt. The pattern is almost always the same.

Elementor and WPBakery

Page builders like Elementor and WPBakery solve a real problem: they let people without coding skills build websites. The problem is what they do under the hood.

A typical Elementor page loads 300-500 KB of extra JavaScript and CSS. Even on pages that don't use Elementor functionality. Every widget element generates nested HTML that's hard to style, hard to maintain and impossible to migrate. You're locked into Elementor forever.

Gutenberg (WordPress's built-in editor) is a better choice. With custom blocks, editors get a flexible experience without the performance penalty.

20+ plugins

Every plugin is a dependency. A new attack surface. A potential conflict with the next WordPress update. And yet another thing that needs maintaining.

We regularly see sites with 25-40 plugins. Three of them do the same thing. Five haven't been updated in over a year. Two have known security vulnerabilities.

Our rule: if it can be solved with 50 lines of clean code, that's better than a plugin. Custom plugins built on WPFluent do exactly what you need, without the baggage.

FTP and no version control

If the only way to deploy code is to FTP files to the server, you have a problem. No history of who changed what. No way to roll back. No code review. No automated tests.

Modern WordPress development uses Git, CI/CD pipelines and staging environments. Code is tested before it reaches production. Deployments happen automatically on merge to main. No FTP, no surprises.

PHP 7.x on shared hosting

PHP 7.4 reached end-of-life in November 2022. Yet many WordPress sites still run on PHP 7.x. The hosting provider offers it, and nobody has asked for anything else.

PHP 8.4 is significantly faster, more secure and has better error handling. FrankenPHP Worker Mode delivers response times under 200 ms. Shared hosting with PHP 7.4 gives you 3-5 seconds.

What technical debt actually costs

The cheap website is a calculation that never adds up. Here are the real costs.

Security incidents

WordPress accounts for 90% of all hacked CMS sites. Not because WordPress is insecure, but because people run outdated plugins on shared hosting without a firewall.

A security incident typically costs NOK 20,000-50,000 in cleanup. Plus lost revenue. Plus reputational damage. Plus the time it takes Google to trust your domain again after blacklisting it.

With a maintenance agreement with SLA, proactive security costs from NOK 3,000 per month. The maths is simple.

Lost SEO visibility

Google has confirmed that Core Web Vitals affect rankings. A site that takes 4 seconds to load loses traffic to competitors with sub-second load times. Every extra second increases bounce rate by 32%.

Technical debt makes your site slower over time. More plugins, more JavaScript, heavier database queries. Without active performance optimisation, performance degrades gradually.

Developer lock-in

The agency that built the site is the only agency that understands the code. Because there isn't any code to understand — it's an Elementor configuration with 40 plugins that only works on that exact server with that exact PHP version.

Want to switch agencies? Then you'll almost have to rebuild. That's not maintenance — that's a hostage situation.

Hours that burn

The developer spends two hours on a change that should take ten minutes. Because there's no documentation. Because the theme is a labyrinth of nested shortcodes. Because updating plugin A breaks plugin B which depends on plugin C.

Over three years, these hours add up. A site with high technical debt typically costs 2-4x more to maintain than one with clean architecture.

How to spot technical debt

Some signs are obvious:

  • The site takes over 3 seconds to load
  • You have more than 15 active plugins
  • There's no staging environment
  • The last plugin update was more than three months ago
  • The deployment method is FTP
  • The page builder is Elementor, WPBakery or Divi
  • The PHP version is below 8.0
  • Nobody uses version control (Git)
  • Nobody knows exactly who has access to wp-admin
  • You're afraid to update anything

Recognise three or more? Then you likely have a problem.

Two ways out

1. Modernise your existing WordPress

If the site has valuable content, good SEO rankings and an editorial team that knows WordPress, modernisation is often the right call.

We replace Elementor with Gutenberg and custom blocks. Remove unnecessary plugins and build lightweight alternatives with WPFluent MVC. Set up Git, CI/CD, staging and automated tests. Upgrade to FrankenPHP with managed infrastructure.

The result: same content, same URLs, same SEO visibility. But faster, more secure and cheaper to maintain.

2. Migrate to Sanity + Next.js

If the site is a pure content site without an online store or heavy WordPress-specific integrations, it's often cheaper to start fresh with Sanity CMS and Next.js.

No plugins. No PHP. No security vulnerabilities from third-party code. Response times under 100 ms. And maintenance costs that are a fraction of WordPress.

We build Sanity sites from NOK 15,000 with maintenance from NOK 2,500/month. For many businesses, this is cheaper than cleaning up a WordPress site with heavy debt.

How to avoid technical debt from the start

Three principles:

Choose the right platform. For new projects without specific WordPress requirements, we recommend Sanity + Next.js. No plugin dependencies means no technical debt from third-party code.

Demand version control and CI/CD. Regardless of platform. If the agency doesn't use Git, doesn't have a staging environment, or deploys via FTP — find another agency.

Plan for maintenance. A website without a maintenance agreement is like a car without servicing. It runs fine at first. And then suddenly it doesn't.

Not sure whether your site has technical debt? Get in touch for a no-obligation review. We'll tell you honestly what needs fixing and what can wait.

Frequently asked questions

SB
CG
JB
About us

Wondering if your website has technical debt?

We'll do a no-obligation review and tell you what needs fixing and what can wait.