But for a few recent months it seems I've seen some news on HN as about once per month that someone's Wordpress site was hacked.
Which web framework may be better for a small agency (or in a general business case): Wordpress or Django/Flask?
Can you describe a typical workflow and which other tools/frameworks/keywords/etc (like REST) I need to use for this?
As I am a bit nervous that I am self-taught in this field, though have tons of materials on that, but this job may provide some resources for my main projects.
The description isn't enough to know if it's something wordpress could handle out of the box.
There are places that host and manage WordPress. If you don't install any plugins, WP is secure enough.
The difference in a Django hello world and a fresh WordPress install is like a million lines of code.
Below is a comparison between Wagtail and Wordpress.
But you need to choose based on what your objectives are. WP is quick and give you decent bang for buck especially if you don't need to create something from scratch and needs to be used by non developers. It is not really comparable to Django/Flask which are actual frameworks to build web applications. WordPress is more of a Content Management System (CMS) that has been extended over the years to technically create flexible Applications but mostly for non tech users.
Use WordPRess if you want to build websites with some dynamic functionality like contact forms etc (plenty of well vetted plugins for those). Use Django/Flask if you are building a full web application with tons of user interactions.
WordPress = Web Site
Django/Flask = Web App
Sounds like you trying to learn to many things at once. And you for sure do not need to learn C++ for web development. PHP is and JS/TS is missing from your list. That would be the languages to learn for WordPress. But there there are already plugins for invoicing and things you need out there, sounds like there is nothing too obscure that can not be solved with already existing plugins. So do you really need to be a programmer? Probably not.
There is a reason WordPress is used to much, I am biased because I am a self taught WP dev but WP and PHP and evolving constantly, there is a plugin for everything ...
You supposed to build a website, remote desktop, invoicing for an agency and their hired you for what exactly? What skills did you tell them you have?
Sorry but you sound very naive and I could not find what your actually skilled in. You look for "keywords"??? And you read one article about someone WP site getting hacked that makes you think WP is insecure?
Even if I try to be unbiased this sounds like a clear case for WordPress to me.
Minimize customization, and keep it updated.
Then someone else can always work on it.
*or Theme, or other 3rd-party code
Flask: Deceivingly simple at first, but you'll spend full-time debugging it soon. It is NOT a framework for beginner.
Django: A bit more learning curve than WP, but will take you far, if you read its docs properly.
Django for any functionality-focused site or web application.
Flask for quick APIs of limited functionality that just need to "get done now".
WP will be easy to set up, but adding custom functionality can be a real pain, and lots of plugins are of ... questionable quality, especially regarding security. I personally strongly dislike WP, but it does the job so long as you keep things simple and lock down your plugins.
Django will give you a good structure and some core functionality like login out of the box, and the built-in admin site is great, but you'll need to code your functionality. It looks like you're doing some custom code so this approach could work. You could also use something like django-cms or wagtail if want some of the WP functionality.
2) If you need what is called a CRUD (Create-Read-Update-Delete) website, doing something more like a spreadsheet, but with more complexity than a spreadsheet can handle, then Django makes this as easy as it is possible to be. However, you will have to do a lot more programming than with WP, where really you shouldn't have to do much programming at all.
3) If you need even more customized functionality than CRUD, then Flask is easier to customize. For example, you need to make a real-time auction site, or connect to a machine learning library to train up new models every week, or some other really non-standard thing. There, Django's features that make CRUD easier, will just get in your way. Flask is more lightweight, meaning it provides less but is also much more flexible to do non-CRUD websites.
If you are doing what a typical small company needs, then you should go with Wordpress. It can do everything you need, there is an abundant ecosystem of companies to host and maintain it for you, and all of the extra power that Django or Flask would give you, are not going to be utilized. Wordpress is fine security-wise, if you keep it up to date.
My workplace has multiple WP sites and Shopify stores, and I'm thinking of trying to consolidate all of these under a single presentation layer, probably with Gatsby.
But easy availability of plugins leads to high probability of hacking. Put another way, a WP site needs constant monitoring/upgrades of the plugins to avoid being hacked. This means $$ out of pocket for website owners but money for developers.
2) Personally, I don’t recommend WP. I prefer Python/Flask (I’m more familiar with it) or Django. You can build the site and essentially forget about it.
In addition, I prefer separating front end code from back end code (for WP, you use PHP which combines both html and server side code in same file)
I can't imagine ever choosing it over Django with Wagtail. It's a little bit more work to implement and maybe maintain, but the payoffs are well worth the investment.
Consider what is commercially available. Selecting, configuring, integrating, and supporting software services is still something you can charge for. Small companies pay for efficient results, they don't typically care how much code you personally write.
You could build their marketing site on a fully hosted solution like Squarespace, Wix, Weblow, etc. Or if you want to use Wordpress, stick to something like Wordpress.com or WP Engine with a commercial template and all auto-updating turned on. Make it easy on yourself and outsource security to folks who know what they are doing.
Remote desktop and invoicing also sound like needs that can be met more efficiently and securely by available commercial solutions.
Using Django or Flask might be overkill for what you're trying to do. I suggest you to stick with WordPress, but check out the Sage/root style over at https://roots.io/sage.
It's not the classic WordPress; it's a modern, more secure version (not more secure but less prone to some common automatic attacs).
Also only use plugins when you absolutely have to, and if you do, stick with the pros (i.e. Gravityforms).
I've used WP alot (more than 1000s of websites) and I'm also using Python with Flask and FastAPI (but never used Django).
It takes care of 99% of the things a marketing website needs to have. For the 0.999% other stuff it doesn't include, the plugins can take care of it.
"But what I'm building falls under those 0.0001% cases not covered :/"
Oh, then use Django.
The core is fine but the attraction of WP is not so much the core but the huge number plugins and many plugins are not fine (but they dont say so on the label).
You cannot go wrong with Wagtail, but its learning curve is steeper. It doesnt come much out of the box.
You can use the one hosted in wordpress and change the domain, so you don't have to worry about hackers or anything. This one is a plug a play, so unless you want to do a custom template/plugin you don't need to learn to code.
* Django is like a wordpress but less popular and less SEO friendly (or less popular for them).
* Flask will require you to learn a lot of html, python, etc.. it will consume you a lot of time to get to the same point to the other 2. Flask can get better results than the previous two but for your use case I don't think it really matters.
> build a website for them plus a bit of marketing stuff, and maybe a remote desktop and a platform for invoicing for their personnel.
This is a shoe-in for Django, especially the invoicing part.
Wordpress is a blog engine. It's great for letting a bunch of people log in and submit news but every feature you implement beyond that is going to be through plugins, and those are routinely compromised. All sites I've deployed that used only the major plugins (Yoast, Jetpack, WooCommerce, etc.) are still running. All third-party ones have since been compromised, which is embarrassing for me. I wouldn't deploy Wordpress for a business again unless the alternative was Magento.
Django isn't bulletproof, but it will stop you from making amateur mistakes as you build it out. There is no convenient plugin architecture with a friendly UI, which makes it harder for yourself (and the client) to change themes/plugins every week and introduce code that can be exploited.