Someone asked me to summarize how MODX compares against the most popular open-source Content Management System (CMS) Wordpress. A general comparison of these two platforms is difficult to make, because really they are apples and oranges. Wordpress was built as, and still is, a blogging platform that requires hacks in order to fully customize it. MODX is a full-fledged framework capable of doing anything you ask of it, and it does so more easily than Joomla, Drupal or Concrete5. However MODX is not an “out-of-the-box” solution - you have to know what you’re doing.
There’s never any guarantees when it comes to website security, but for the following reasons, MODX is “believed” to be “more” secure than WP:
- There are way more WP sites in production, by such an order of magnitude that it’s unlikely MODX will ever become more widely deployed than WP. This has an important side benefit, because the overwhelming number of hackers and malicious bots targeting CMS-driven websites are focussed on harvesting WP vulns, and MODX flies under the radar somewhat. This isn’t security by design, but it does have an effect, PLUS…
- The entire architecture of MODX Revolution was created with security in mind. Every input is filtered, and every database query using the API occurs via prepared statements which eliminates the possibility of SQL injection compromises.
- MODX core files can be moved above web root, and/or obfuscated using other methods. The vast, vast majority of Wordpress sites in the wild can be logged into at example.com/wp-admin. Simply doing a Google search for “Powered by Wordpress” returns pages and pages of sites ready to be Brute Forced at /wp-admin/.
For the casual user who wants to spin up a blog with a generic theme, WP is hands-down the winner. WP has countless themes available for one-click install by even the greenest of novices.
However for anyone with skills, even front-end-only skills, MODX is much easier to customize because it’s agnostic to front-end code. Simply drop in your own HTML/CSS/JS. Extending MODX’s PHP framework is equally easy, with powerful tools such as xPDO and the MODX API available to make database interactions a breeze.
By default, MODX employs powerful caching mechanisms to reduce server load and database lookups. Additional layers of advanced caching can be implemented and customized easily, even by those without PHP abilities.
Wordpress conducts database queries on every request by default. There are caching plugins available, but customization is limited and a pain to execute. Furthermore, basic required functions such as caching arguably should not be left to third party plugins, due to potential compatibility, security and maintenance issues.
Snippets from around the web:
If having a specific HTML/CSS layout for your site is more than a “nice-to-have”, then MODx will save you many hours; the time to rework layouts in WordPress can be considerable and some of the PHP hacks are not trivial, whereas MODx templates are easy to create, modify, and maintain. MODx is by far the more mature option here if you anticipate building a large site.
Well the biggest diffrence [sic] in my opinion is that Wordpress is an excellent blog tool but very restricted on anything else. Too many hacks and tricks to implement if you want something else than blog or very basic site.
MODx on the other hand is truly a content management system. It manages any kind of content in any form without any restrictions. It’s not out of the box solution for anything but it’s still solution for everything.
If you want to upgrade your skills or are perfectionist by nature choose MODx to have full control of everything. If you are in a hurry or just lazy and want something half-baked…
You should use MODX if:
You should not use it if:
- You are planning a large website with integrated blog and varied features.
- You like absolute control over your CMS.
- You have developer skills that need to be fed.
- Your project is small and you do not really have much tweaking to do.
- You are unsure of your developer skills.
- You are happy with your current CMS (if it ain’t broken, don’t fix it).