ITB 2024 Special Reporting
The Perils of Using an Open-Source Content Management System (CMS) to Power the Hotel Website.
By Mariana Safer and Max Starkov
Thursday, 19th November 2015

Hoteliers are managing multi-million dollar properties, they have fiduciary responsibility to maximize the property's direct online channel presence, boost direct revenues, and lower the costs of online distribution.

Utilizing an open source content management system (CMS) like WordPress is in stark breach of a hotelier’s fiduciary duties and exposes them to great security and vulnerability risks hotel managers and owners cannot afford.

When making any decisions regarding the property’s most important digital asset, the website, there are many factors to consider which could make or break your online distribution strategy. The website’s look and feel, while extremely important, is only one piece of the revenue-generating puzzle.

Whether or not you choose to invest in the right technology that allows for a robust merchandizing strategy - specifically the Content Management System (CMS) - plays a huge role in whether or not you will be able to maximize revenues from the direct online channel, convert your website visitors and meet your revenue goals.

Choosing an open source CMS to power a hotel website is extremely risky and limiting in terms of what you are going to be able to achieve. Here are some reasons why:

1. Open source CMS’ are very vulnerable to security issues.

It’s all in the name. Free, open source systems are used by many small blogs and content websites making them an “appetizing” target to the army of hackers out there.

Why do hackers target WordPress and other open source CMS platforms? WordPress is one of the most popular blogging and CMS platforms for private blogs and small content websites out there. Though some “junior” hackers may do this for “the kicks of it,” serious hackers can make a ton of money by hacking eCommerce (e.g. hotel websites) or bigger websites by actively altering content and marketing messages, re-directing website visitors to outside commercial websites (e.g. affiliate websites, gaming and porno sites, etc.), or uploading malicious codes and viruses that turn your website into a “virus spamming machine.”

Here are just a few recent headlines concerning WordPress security issues:

  • “Actively exploited WordPress bug puts millions of sites at risk”
  • “73% of WordPress sites vulnerable to attack”
  • “WordPress has fallen victim to a number of serious security exploits…” 
  • “Major Security Vulnerability in WordPress, Drupal Could Take Down Websites”

A service powered by CVEDetails monitors and lists vulnerabilities and security issues of WordPress and other open source CMS platforms. Currently it lists 205 WordPress vulnerabilities and security breaches!

One of the biggest vulnerabilities of the WordPress platform is its reliance on a myriad of plug-ins created by third-parties and developers. While important for the mere existence of WordPress as a CMS, these plug-ins become “appetizing” entry points for thousands upon thousands of hackers, viruses and spam bots created specifically to scan the Internet for vulnerable WordPress-related “entry points” and weak spots. For every security plug-in or update installed to secure your WordPress-powered website, ten more malicious viruses are created.

Once your site’s security is breached, your website becomes a spam- and virus- spewing entity, which will prompt Google to quickly shut down your website, resulting in a monumental loss of revenue (this happened to several clients with WordPress websites inherited from previous vendors).

Another example is the use of WordPress-powered websites to launch massive distributed denial of service attacks (DDoS). Broadly, a DDoS attack is an attempt to make a network resource unavailable to its intended users in an attempt to disrupt service. Earlier today, we discovered yet another example of how malicious hackers used a WordPress-powered hotel website as a “work horse” for their distributed denial of service attack (DDoS).

2. Open Source CMS does not equal Portable CMS

A common misconception among some hoteliers is the notion that you can port your open source (e.g. WordPress) website easily from one vendor to another, and that having this type of CMS will make you less “vendor dependent.”

Moving a website from your old vendor to a new one is not like moving a book from one library shelf to another.

This is only the case if you choose a pre-designed (read: cheap) WordPress Theme, as any custom website design requires custom HTML code, Javascript and CSS coding by an experienced web developer.

Each WordPress development shop has its own proprietary coding style not easily translatable by other web developers who have to spend a considerable amount of time “deciphering” the HTML code, Javascript, CSS coding and CMS hooks developed by the previous vendor.

In our nearly 20-year old website development practice, we have found it is faster and less-expensive to re-develop the entire code of an existing WordPress website and attach it to our smartCMS platform (or any other CMS technology), than to simply port the existing website.

3. Open Source CMS DOES NOT Mean Free

Another common misconception is that an open source CMS is a free CMS. Hoteliers are extremely busy and wear multiple hats at the property and operate with a lean staff. Making critical updates to the property website, including changing out the specials and packages, adding new pages for SEO purposes, personalizing website content for different audiences, updating photography, events, etc. needs to be simple and easy to do quickly.

WordPress’ clunky interface makes these property website updates difficult, if not impossible, to make without a qualified developer on staff and often require outsourcing to a vendor.

Having to depend on a 3rd party to make these website updates, or hiring a developer to make these changes to the hotel website is very costly and not a good use of the property staff’s limited resources.

Most open source CMS’ are clunky and require quite a bit of customization. Have you ever tried adding a new section to a website using WordPress as the CMS? Or changing the website’s design theme? If you are a multi-property company, have you tried adding a new property with this type of CMS? It is almost impossible to accomplish these types of changes without being extremely comfortable with updating the core HTML/CSS.

4. An Open Source CMS DOES NOT Support Merchandising Capabilities in Hospitality

A strong merchandising strategy engages users, encourages bookings, and generates leads via the website. The hotel website requires a merchandising strategy centered on communicating the unique features of the property (hotel services, meeting & event space, latest promotions and special offers, local attractions, and more) and focuses less on the rate alone. This next generation of merchandising allows the hotel to "sell on value" as opposed to "sell on rate" and to maximize revenues on the hotel website like never before.

The direct online channel offers limitless opportunities for the hotelier to present the hotel product and value proposition directly to the online travel consumer. The hotel should be able to create, schedule and share special offers, feature promo tiles for the latest specials, include marketing messages on every page, list local events on a calendar of events, and more.

Open source CMS systems designed as blogging platforms or for simple content updates are ill-prepared to handle e-Commerce websites, especially revenue-centric hotel websites.

For example, HeBS Digital’s proprietary CMS, the SmartCMS, provides hoteliers with the technology to manage their merchandising website strategy on their own and on the fly, showcase content on the prime real estate of the website " front and center of the visitors’ attention, and personalize relevant content based on the user.

A hotel website needs a CMS that can offer the following functionalities and capabilities:

5. An Open source CMS is NOT Hospitality-Centric

A blogging tool? Yes. A hotel website? No. Using an open source CMS works well for blogging purposes and for smaller content non-eCommerce types of websites. However, this type of CMS is limited in its ability to help a hotel scale and merchandize.

In this industry, in order to succeed online " an increasingly competitive space " it’s important to use a CMS that was built for the unique needs of the hotelier. A CMS that was developed for the hospitality industry, by hospitality technology and digital marketing experts. When choosing a CMS to power a hotel website, ask yourself if the CMS offers the following:

  • Support of both Full Responsive and Adaptive Design for the three screens (desktop, mobile, tablet)
  • Complete Content Control (visual, promotional, textual, and ability to add sections to the website)
  • Dynamic Content Personalization Module (Smart Personalization Engine)
  • One-to-one marketing capabilities
  • Advanced Merchandising Platform to convert lookers into bookers 
  • Full compliance with the latest SEO best practices
  • Reservation Recovery Module to win back abandoned bookings
  • Custom Design Themes to change the look-and-feel design of the hotel website with a click of a button
  • Multi-language capabilities to feature foreign language content across the entire site

If the CMS you are considering using does not offer all of the above your revenues and ROIs from the direct online channel will suffer.

6. Using an open source CMS means you will have virtually no customer support.

Unless you are willing and able to hire a developer on staff, full-time, you will not receive the customer support you will inevitably need by going with an open source CMS. Automatic CMS upgrades and a website powered by the latest technology will not be possible. If your website is hacked, you will have no support system. While there are thousands of plug-ins that have been developed for an open source CMS, many of them free to use, these plug-ins are the doorway in for bugs and viruses.

A closed source CMS or proprietary CMS is secure as well as continuously updated and improved. Partnering with a hospitality digital technology and marketing firm that conceptualized and built their own CMS, along with round the clock access to their staff if something goes wrong, can mean the difference between having a website that is your property’s main revenue driver or having a website that features content continuously out of date " that is if the website is not down in the first place.


Investing in your property website to maximize revenue from the three screens (desktop, mobile, tablet) is paramount to the very existence of your property. Coupled with a robust, well-funded digital marketing strategy, this will allow you to improve your property’s bottom line and leave the comp set in the dust.

A property website must incorporate the right balance of excellent design, state-of-the-art digital technology, a merchandising strategy, and engaging visual and textual content, all while providing an optimum user experience from top to bottom on every device (desktop, mobile and tablet). This type of website will result in a boost in conversions and revenues from the direct online channel.

How can you know your website is due for an upgrade? If your property website is two or more years old, does not offer responsive or adaptive design, does not support dynamic content personalization or dynamic rate marketing, or does not have state-of-the-art merchandising and reservation abandonment prevention capabilities.

Today, hoteliers have 3 choices when choosing a CMS:

1) Go with an off-the-shelf enterprise CMS like Adobe CMS (CQ5), Trillium, Ektron, etc. where the license alone would set the hotel back hundreds of thousands of dollars and require 12-18 months of highly-specialized (read: expensive) work by outside vendors.

2) Choose an open source CMS that is susceptible to bugs and security hacks, thereby compromising their most important revenue channel.

3) Choose a hospitality-specific CMS (like the smartCMS) to maximize revenue from the direct online channel, support the property’s multi-channel campaigns, and keep the property website asset secure.

About the Authors and HeBS Digital

Max Starkov is President & CEO and Mariana Safer is SVP, Marketing at HeBS Digital, the hospitality industry’s leading digital technology + website design, full-service digital marketing and website revenue optimization consulting firm, based in New York City (www.HeBSdigital.com).

HeBS Digital has pioneered many of the best practices in hospitality digital technology and full-service digital marketing, social and mobile marketing, and direct online channel distribution. The firm has won over 280 prestigious industry awards for its digital marketing and website design services, including numerous Adrian Awards, Stevie Awards, Davey Awards, W3 Awards, WebAwards, Magellan Awards, Summit International Awards, Interactive Media Awards, IAC Awards, etc.
A diverse client portfolio of top-tier major hotel brands, luxury and boutique hotel brands, resorts and casinos, hotel management companies, franchisees and independents, and CVBs are benefiting from HeBS Digital’s direct online channel strategy and digital marketing expertise. Contact HeBS Digital’s consultants at (212) 752-8186 or success@hebsdigital.com.

Global Brand Awareness & Marketing Tools at 4Hoteliers.com ...[Click for More]
 Latest News  (Click title to read article)

 Latest Articles  (Click title to read)

 Most Read Articles  (Click title to read)

~ Important Notice ~
Articles appearing on 4Hoteliers contain copyright material. They are meant for your personal use and may not be reproduced or redistributed. While 4Hoteliers makes every effort to ensure accuracy, we can not be held responsible for the content nor the views expressed, which may not necessarily be those of either the original author or 4Hoteliers or its agents.
© Copyright 4Hoteliers 2001-2024 ~ unless stated otherwise, all rights reserved.
You can read more about 4Hoteliers and our company here
Use of this web site is subject to our
terms & conditions of service and privacy policy