Why We Hand-Code Every Website Instead of Using WordPress
WordPress powers 40% of the web, but that doesn't make it the right choice for your business. Here's why we write every line of code from scratch.
WordPress powers roughly 40% of the web. That's an impressive number. It's also the reason half the sites you visit take four seconds to load, get hacked regularly, and cost their owners $30-100/month in hosting fees for what amounts to a digital brochure.
At dearborn.dev, we don't use WordPress. We don't use page builders. We hand-code every site from scratch using Astro, and we host them for free on Cloudflare. Here's why.
The WordPress tax
A typical WordPress site for a small business loads between 20 and 80 HTTP requests on the homepage alone. That's the theme, the plugins, jQuery (which WordPress still ships by default), Google Fonts loaded three different ways, and whatever analytics scripts your last developer bolted on.
Each of those requests costs time. On a 4G connection — which is what most of your customers are browsing on — a WordPress site routinely takes 3-5 seconds to become interactive. Google's own data shows that 53% of mobile users abandon a site that takes longer than 3 seconds to load.
Then there's the plugin problem. The average WordPress site runs 20-30 plugins. Each one is a dependency you don't control, written by a developer you've never met, and updated on a schedule you can't predict. Every plugin is a potential security hole, a potential performance bottleneck, and a potential breaking change waiting to happen after an update.
What "hand-coded" actually means
When we build a site, we write HTML, CSS, and minimal JavaScript. We use Astro as our framework, which compiles everything down to static HTML at build time. No server-side rendering on every request. No database queries. No PHP execution. Just pre-built HTML files served directly from a CDN.
The result: our sites typically load in under 500 milliseconds. Not because we're doing anything clever — because we're not doing anything unnecessary.
A typical dearborn.dev site sends 3-5 HTTP requests on first load. The HTML, one CSS file, maybe a small JavaScript bundle for interactivity, and a font file or two. That's it. Compare that to the 40-80 requests from a WordPress install.
Security isn't an afterthought
WordPress is the most targeted CMS on the internet. Sucuri's annual reports consistently show WordPress accounting for over 90% of hacked CMS sites. That's not because WordPress is inherently insecure — it's because the attack surface is enormous. Every plugin, every theme, and the core itself need regular security patches.
A static site has no database to inject into. No admin panel to brute-force. No PHP to exploit. There's literally nothing to hack. The files sitting on Cloudflare's CDN are the same files we wrote — no dynamic execution, no user input processing, no attack vectors worth pursuing.
We've never had a client's site compromised. Not because we're security geniuses, but because there's nothing to compromise.
The hosting math
Let's talk money. A basic managed WordPress host — SiteGround, WP Engine, Flywheel — runs $15-50/month. Need staging environments, daily backups, and decent support? You're looking at $30-100/month. Over three years, that's $1,080-$3,600 just to keep the lights on.
Our sites are hosted on Cloudflare Pages. The cost: $0/month. Zero. Cloudflare's free tier includes unlimited bandwidth, unlimited requests, global CDN distribution across 300+ cities, automatic SSL, and DDoS protection. We're not eating the cost — there literally is no cost. Static files are cheap to serve, and Cloudflare uses that as a funnel for their paid enterprise products.
That's real money back in your pocket every single month.
Performance is a business metric
Page speed isn't a vanity metric. Google uses Core Web Vitals as a ranking factor. A site that loads in 400ms versus 4 seconds will rank higher, convert better, and bounce less. For a local business, that's the difference between showing up on page one and getting buried.
Our sites consistently score 95-100 on Google Lighthouse across all four categories: Performance, Accessibility, Best Practices, and SEO. We don't optimize for these scores — they're a natural byproduct of writing clean, minimal code.
When WordPress actually makes sense
We're opinionated, not dogmatic. WordPress is the right choice when:
- You have a large content team that needs a visual editor and workflow management. If ten people are publishing daily, a CMS with roles and revision history makes sense.
- You need e-commerce at scale. WooCommerce with thousands of products, complex inventory management, and heavy integrations is a legitimate use case.
- You need to hand off everything. If you want to manage every aspect of your site yourself and you're not technical, WordPress's admin panel is hard to beat.
For a small business that needs a fast, professional website that ranks well and doesn't cost a fortune to maintain? WordPress is overkill. You're paying for complexity you don't need.
The bottom line
We write code because it produces better websites. Faster load times. Zero hosting costs. No security vulnerabilities. No plugin updates breaking your site at 2 AM. No monthly fees for features you'll never use.
It's not the trendy approach. It's not the easy approach. But it's the right one.
No fluff. Just code.