— vs wordpress
WordPress runs more of the public web than any other CMS. For non-regulated outlets it remains a defensible choice. The wedge against WordPress for our buyer profile isn't the editor experience — it's everything outside it: jurisdiction, compliance, security model, maintenance burden, and the architectural choice between monolithic PHP and a typed headless API.
| Criterion | WordPress | Estøkad |
|---|---|---|
| Architecture | Monolithic PHP application; theme + admin coupled. | Headless — content API, separate front-end (Next.js / Nuxt / SvelteKit). |
| Hosting | Self-hosted or WordPress.com (US-headquartered). | Managed by Samarkand Industries OÜ, EU jurisdiction, per-country residency. |
| DORA evidence pack | Manual / via consulting | Auto-generated, downloadable |
| Audit trail | Activity logs in WP plugins like Stream or WP Activity Log are application-level — not cryptographically chained or supervisor-verifiable.; not chained | Hash-chained with daily Merkle roots |
| Schema as code | Custom Post Types + Advanced Custom Fields. Configurable in PHP, but not strongly typed end-to-end. | TypeScript-first defineType() |
| Visual editing | Block editor (Gutenberg) — strong for content authoring | Equivalent overlay protocol; structured fields stay the source of truth |
| Plugin ecosystem | 59,000+ free plugins on the .org repository | Smaller, EU-curated. SDK is the extension point |
| Security model | Plugin attack surface — known major source of WP breaches | Module-gated by paid catalog; no third-party PHP in the path |
| Maintenance burden | Customer or hosting partner manages WP core + theme + plugin updates | Managed service — updates ship through the same release pipeline |
| Pricing model | Free WP core + hosting + plugins + maintenance | €499/mo Studio preset; €1,699/mo Regulated |
Plugin ecosystem depth — every integration you can imagine has been built. Editor familiarity for content teams who've grown up on Gutenberg. Two decades of theme libraries, hosting partners, and consultants. If your buyer profile is a non-regulated content site and your team already runs WordPress at scale, there's no reason to migrate.
EU-domiciled vendor with per-country residency Wordpress.com cannot offer at any tier. DORA evidence pack as a product feature; on WordPress the pack is a quarterly consulting engagement. Cryptographic audit chain that satisfies a supervisor end-to-end. Headless architecture means your front-end stack can iterate independently — your Next.js team isn't blocked on a PHP theme refactor.
For the regulated content surface where provenance matters.
See pricing →