Your credit union website Content Management System (CMS) and hosting provider can empower or hamstring your marketing team, depending on which route you choose. The decision is more than just a technical one. It encompasses a wide range of considerations, from the quality of your online user experience, to your ability to evolve your website over time, to your website security and data protection. 

Choosing a CMS platform

A CMS is the backbone of your website. It allows you to create, manage, and modify content without advanced technical skills. That means you can add new product pages, expand existing product pages, post alerts and announcements, revise your homepage hero messaging, and make other updates as needed. When choosing a CMS, we recommend asking the following questions:

Is the CMS proprietary or open-source?

While we understand the appeal in a proprietary CMS designed specifically for financial service companies, you may find that the technology is slow to evolve, security measures aren’t always up to par, and support options are limited. We’ve even heard horror stories about credit unions being forced into a redesign before they were ready, or before they had budgeted for it, because their current provider was sunsetting their proprietary CMS.

Bigger doesn’t always mean better, but a more widely-used, open-source CMS system offers credit unions multiple benefits. At PixelSpoke, we build all our client sites on WordPress, which is backed by the largest community of developers and users in the world. From The New York Times to small nonprofits, WordPress powers sites across industries and geographies. 

Tens of thousands of developers contribute to WordPress, and that ubiquity translates to a constantly improving platform, shared security insights, documentation for every feature imaginable, and faster innovation than most proprietary vendors can match. It’s almost like having the world’s largest team of developers working on your CMS—for free.

Is the CMS easy to use?

If you take a CMS for a test drive and struggle to figure out how to use it or where to start, that’s probably not a great sign. Your CMS interface should be intuitive, empowering your team to update content easily without ongoing technical support. Look for clearly labeled page components, drag-and-drop functionality, preview capabilities, flexible page templates, and strategically placed instructional copy. 

Does the CMS support integrations?

WordPress and other open-source CMS systems are designed for integrations. Whether you have a chatbot, appointment scheduler, ATM finder, or financial calculator, it’s important to verify that you can include these tools and others on your website while offering your visitors a seamless user experience.

Does the CMS adhere to security best practices?

You’ll want to make sure that your CMS includes strong security measures and that your team and/or marketing agency follow security best practices on an ongoing basis. Your CMS should offer regular updates, data encryption, strong password enforcement, and two-factor authentication (2FA). We install a plugin on all our client sites, which offers malware scanning, brute-force protection, and more.

We don't use pre-built WordPress themes, which limits vulnerability to attacks in this area. We also monitor all our client sites to disable unused features, limit login attempts, update plugins, and ensure proper user permissions. 

Can the CMS be customized to our needs?

One oft-touted advantage of the proprietary CMS platforms some credit unions use is that they are designed specifically for financial service organizations. This certainly can work to your advantage, but it’s important to keep in mind that many open-source CMS platforms offer robust customization capabilities as well. For instance, at PixelSpoke, we’ve built a customized version of WordPress specifically for credit unions that enables our clients to easily:

• Create and update responsive rates tables in one place and populate these updates wherever they are used throughout the site
• Create ADA compliant speed bumps when linking out to external sites
• Create responsive product comparison tables
• Conduct automated compliance tracking

What are the ongoing costs?

Proprietary CMS platforms often include high fees, ongoing costs, and fixed multi-year contracts. WordPress and other open-source CMS platforms can not only offer flexibility but also long-term savings. That means more budget for the things that matter—like great content, SEO, or marketing campaigns.

Choosing a Hosting Provider

Once you've selected a CMS, the next step is to choose a hosting provider. Your hosting provider impacts your website's performance, reliability, and security—all critical elements for maintaining member trust and satisfaction. 

Much like a proprietary CMS, an agency that offers an in-house hosting solution may seem like an appealing option, but it can come with many downsides. Would you rather trust your hosting to a company with a small support team that offers hosting as a side service—or a company whose entire mission is optimizing your website performance? Plus, if you transition to another agency down the road, you want to be able to take your hosting provider with you. 

Of course, there are many third-party hosting providers to choose from and it’s important to do your due diligence. Here are some key questions you should consider:

Does the hosting provider run regular malware scans?

This technology has the ability to detect and remove malware from infected files on your website. Ideally, you want malware scans run on a nightly basis.

Does the hosting provider perform regular penetration testing?

This process involves enlisting ethical hackers to attempt penetration testing on an ongoing basis. Many hosting providers offer bug bounties and rewards for detected vulnerabilities reported through the appropriate channels.

Who oversees the data center?

You’ll want to make sure that all computing equipment is located in a physically secure facility, which employs electronic access controls to prevent unauthorized access. The data center should also be independently audited at least once a year, ideally through an SOC 2 examination. This is the most rigorous form of professional evaluation, which reviews and tests internal controls over business processes and information technology. 

What is the uptime service-level agreement (SLA)? 

A reliable hosting provider ensures your website is always accessible, with minimal downtime. We recommend an uptime SLA of no less than 99.99%.

Does my hosting provider partner with a global edge network to provide DDoS protection?

A DDoS (Distributed Denial of Service) attack is a malicious attempt to flood a server, service, or network with traffic, thus preventing visitors from accessing connected online services and sites. Why do you need a trusted global edge network to prevent these attacks? Some DDoS attack techniques — including DDoS amplification, SYN flood, and ICMP flood — will likely overwhelm a unicast, or even multicast, based network, but can be mitigated by an anycast based network, like Cloudflare, in under 10 milliseconds. 

Will our website be equipped to accommodate increased traffic?

As your credit union grows, your website needs to accommodate increased traffic. Your hosting provider should offer scalable solutions to handle future growth.

Ideally, your site should also be equipped to handle a surge in traffic. When credit unions began offering PPP loans during Covid, for instance, the sizable and sudden influx in visitors caused many websites to crash. Hosting providers that partner with a global edge network like Cloudflare can also handle traffic spikes by serving cached versions of your site directly to users—bypassing the origin server entirely. 

How will our website data remain private and secure? 

A hosting provider that offers container-based architecture encapsulates each website it hosts in its own “container,” which contains a full virtualized filesystem and database that is entirely segregated from other systems. That way, the data is never exposed directly to the internet, ensuring that your site and its data is secure and private.

Does the hosting provider offer robust customer support?

You never know when something on your website might go awry, so it’s critical to opt for a provider with reliable and prompt 24/7 customer support. If online reviewers consistently complain about a hosting provider’s customer service, proceed with caution!

Conclusion

Your CMS platform and hosting provider can empower your marketing team, give you peace of mind, and help you better serve and protect your members. But you should never be forced to keep using a solution that isn’t working for you. 

We have a saying here at PixelSpoke: “You create loyalty by making it easy for people to leave.” It might sound a bit counter-intuitive, but we’ve always found it to be true. Some vendors with proprietary platforms lock their clients into multiyear contracts, and their clients can end up feeling frustrated and trapped, as though their marketing or web development agency is holding the keys to their digital house. With a third-party CMS and hosting provider, you stay in control. If you ever need to change partners, you can take your credit union website with you. You don’t have to start from scratch or negotiate a handoff. 

All that said, not all hosting providers and open-source CMS platforms are created equal. Use this guide to vet them so you can proceed with the assurance that you’re making the best choice for your credit union and your team.